feat(gitea): replace Bitnami PostgreSQL and Redis with CNPG and Valkey (#102)

* feat(gitea): replace Bitnami PostgreSQL and Redis with CNPG and Valkey

Remove all four Bitnami subchart dependencies (postgresql, postgresql-ha,
redis-cluster, redis) from the Gitea Helm chart and replace them with:

- PostgreSQL via CloudNativePG operator with an embedded Cluster CR
- Valkey (Redis-compatible) via the official valkey-io/valkey-helm subchart

Additional changes:
- Add CNPG operator and cert-manager as Embedded Cluster extensions
- Update EC version to 2.13.3+k8s-1.33, ingress-nginx to 4.14.1
- Replace bitnami/kubectl with registry.k8s.io/kubectl:v1.33.0
- Add KOTS config for Valkey cache settings
- Default internal_postgres_enabled to true
- Fix deprecated helm.sh/hook: test-success annotation to test
- Fix Makefile .SHELLFLAGS for GNU make compatibility
- Fix Makefile repo URL quoting for CI environments
- Add CI workflow with lint-and-template and helm-install-test jobs
- Add Python smoke tests for Gitea HTTP, PostgreSQL, and Valkey
- Add Makefile test targets (test-lint, test-install, test-smoke, etc.)
- Bump chart version to 11.0.0

Resolves #97

* fix(gitea): use single-quoted YAML for Valkey connection strings in KOTS chart

KOTS processes files as Go templates before YAML parsing. The
backslash-escaped quotes inside double-quoted YAML strings
(\"valkey_password\") are invalid Go template syntax, causing
"unexpected \\ in operand" errors that prevent Admin Console from
rendering. Switch to single-quoted YAML strings so the inner
double quotes pass through the Go template parser cleanly.

Author: adamancini

.github/workflows/gitea-ci.yml

@@ -0,0 +1,185 @@
+name: Gitea CI
+
+on:
+  pull_request:
+    paths:
+      - 'applications/gitea/charts/**'
+      - 'applications/gitea/tests/**'
+      - 'applications/gitea/Makefile'
+      - '.github/workflows/gitea-ci.yml'
+  push:
+    branches:
+      - main
+    paths:
+      - 'applications/gitea/charts/**'
+      - 'applications/gitea/tests/**'
+      - 'applications/gitea/Makefile'
+      - '.github/workflows/gitea-ci.yml'
+
+jobs:
+  lint-and-template:
+    runs-on: ubuntu-22.04
+    defaults:
+      run:
+        working-directory: applications/gitea
+    steps:
+      - name: Checkout
+        uses: actions/checkout@v4
+
+      - name: Set up Helm
+        uses: azure/setup-helm@v4.3.0
+        with:
+          version: v3.13.3
+
+      - name: Add Helm repositories
+        run: make add-helm-repositories
+
+      - name: Update dependencies
+        run: make update-dependencies
+
+      - name: Helm lint
+        run: helm lint ./charts/gitea
+
+      - name: Helm template (default values)
+        run: helm template gitea ./charts/gitea > /dev/null
+
+      - name: Helm template (CI test values)
+        run: helm template gitea ./charts/gitea -f tests/helm/ci-values.yaml > /dev/null
+
+  helm-install-test:
+    runs-on: ubuntu-22.04
+    needs: [lint-and-template]
+    defaults:
+      run:
+        working-directory: applications/gitea
+    steps:
+      - name: Checkout
+        uses: actions/checkout@v4
+
+      - name: Set up Helm
+        uses: azure/setup-helm@v4.3.0
+        with:
+          version: v3.13.3
+
+      - name: Set up Python
+        uses: actions/setup-python@v5
+        with:
+          python-version: "3.12"
+
+      - name: Create cluster
+        id: create-cluster
+        uses: replicatedhq/replicated-actions/create-cluster@v1.17.0
+        with:
+          api-token: ${{ secrets.REPLICATED_PLATFORM_EXAMPLES_TOKEN }}
+          kubernetes-distribution: k3s
+          kubernetes-version: "1.32"
+          cluster-name: gitea-ci-${{ github.run_id }}
+          disk: 50
+          nodes: 1
+          ttl: 1h
+          export-kubeconfig: true
+
+      - name: Install cert-manager
+        run: |
+          KUBECONFIG_FILE="/tmp/kubeconfig-${{ github.run_id }}"
+          echo "$KUBECONFIG" > "$KUBECONFIG_FILE"
+          export KUBECONFIG="$KUBECONFIG_FILE"
+
+          helm repo add jetstack https://charts.jetstack.io
+          helm repo update jetstack
+          helm install cert-manager jetstack/cert-manager \
+            --namespace cert-manager --create-namespace \
+            --set crds.enabled=true \
+            --wait --timeout 5m
+        env:
+          KUBECONFIG: ${{ steps.create-cluster.outputs.cluster-kubeconfig }}
+
+      - name: Install CloudNativePG operator
+        run: |
+          KUBECONFIG_FILE="/tmp/kubeconfig-${{ github.run_id }}"
+          echo "$KUBECONFIG" > "$KUBECONFIG_FILE"
+          export KUBECONFIG="$KUBECONFIG_FILE"
+
+          helm repo add cnpg https://cloudnative-pg.github.io/charts
+          helm repo update cnpg
+          helm install cnpg cnpg/cloudnative-pg \
+            --namespace cnpg-system --create-namespace \
+            --wait --timeout 5m
+        env:
+          KUBECONFIG: ${{ steps.create-cluster.outputs.cluster-kubeconfig }}
+
+      - name: Install Gitea chart
+        run: |
+          KUBECONFIG_FILE="/tmp/kubeconfig-${{ github.run_id }}"
+          echo "$KUBECONFIG" > "$KUBECONFIG_FILE"
+          export KUBECONFIG="$KUBECONFIG_FILE"
+
+          make add-helm-repositories
+          make update-dependencies
+          helm install gitea ./charts/gitea \
+            -f tests/helm/ci-values.yaml \
+            --wait --timeout 10m
+        env:
+          KUBECONFIG: ${{ steps.create-cluster.outputs.cluster-kubeconfig }}
+
+      - name: Wait for pods
+        run: |
+          KUBECONFIG_FILE="/tmp/kubeconfig-${{ github.run_id }}"
+          echo "$KUBECONFIG" > "$KUBECONFIG_FILE"
+          export KUBECONFIG="$KUBECONFIG_FILE"
+
+          echo "Waiting for Gitea deployment..."
+          kubectl wait --for=condition=Available deployment -l app.kubernetes.io/name=gitea \
+            --timeout=300s
+
+          echo "Waiting for CNPG postgres cluster..."
+          kubectl wait --for=condition=Ready pod -l cnpg.io/cluster=gitea-postgres \
+            --timeout=300s
+
+          echo "Waiting for Valkey..."
+          kubectl wait --for=condition=Ready pod -l app.kubernetes.io/name=valkey \
+            --timeout=120s
+        env:
+          KUBECONFIG: ${{ steps.create-cluster.outputs.cluster-kubeconfig }}
+
+      - name: Run smoke tests
+        run: |
+          KUBECONFIG_FILE="/tmp/kubeconfig-${{ github.run_id }}"
+          echo "$KUBECONFIG" > "$KUBECONFIG_FILE"
+          export KUBECONFIG="$KUBECONFIG_FILE"
+
+          python -m venv ./venv
+          source ./venv/bin/activate
+          pip install -r tests/requirements.txt
+          python tests/smoke_test.py --release gitea --namespace default
+        env:
+          KUBECONFIG: ${{ steps.create-cluster.outputs.cluster-kubeconfig }}
+
+      - name: Debug output
+        if: failure()
+        run: |
+          KUBECONFIG_FILE="/tmp/kubeconfig-${{ github.run_id }}"
+          echo "$KUBECONFIG" > "$KUBECONFIG_FILE"
+          export KUBECONFIG="$KUBECONFIG_FILE"
+
+          echo "=== Pods ==="
+          kubectl get pods -A
+          echo "=== Services ==="
+          kubectl get svc
+          echo "=== Events ==="
+          kubectl get events --sort-by='.lastTimestamp' | tail -40
+          echo "=== Gitea pod logs ==="
+          kubectl logs -l app.kubernetes.io/name=gitea --tail=50 || true
+          echo "=== CNPG cluster status ==="
+          kubectl get clusters.postgresql.cnpg.io -o yaml || true
+          echo "=== Postgres pod logs ==="
+          kubectl logs -l cnpg.io/cluster=gitea-postgres --tail=30 || true
+        env:
+          KUBECONFIG: ${{ steps.create-cluster.outputs.cluster-kubeconfig }}
+
+      - name: Remove cluster
+        uses: replicatedhq/replicated-actions/remove-cluster@v1.17.0
+        if: ${{ always() && steps.create-cluster.outputs.cluster-id != '' }}
+        with:
+          api-token: ${{ secrets.REPLICATED_PLATFORM_EXAMPLES_TOKEN }}
+          cluster-id: ${{ steps.create-cluster.outputs.cluster-id }}

applications/gitea/Makefile

@@ -6,7 +6,7 @@ ARGS = $(filter-out $@,$(MAKECMDGOALS))
 	@:
 
 SHELL := /bin/bash
-.SHELLFLAGS = -x +u
+.SHELLFLAGS = -x +u -c
 
 # Define the base path to your Helm charts directory
 HELM_CHARTS_DIR = ./charts
@@ -70,7 +70,7 @@ add-helm-repositories:
 	@for chart_file in $(HELM_CHARTS_DIR)/*/Chart.yaml; do \
 	    echo "Processing $$chart_file"; \
 	    repo_name=$$(grep '^name:' $$chart_file | awk '{print $$2}'); \
-	    grep 'dependencies:' -A 10 $$chart_file | grep 'repository:' | awk '{print $$2}' | while read repo; do \
+	    grep 'dependencies:' -A 10 $$chart_file | grep 'repository:' | awk '{print $$2}' | tr -d '"' | while read repo; do \
 	        if ! helm repo list | grep -q "^$$repo_name[[:space:]]"; then \
 	            echo "Adding Helm repo $$repo_name from $$repo"; \
 	            helm repo add $$repo_name $$repo || true; \
@@ -85,3 +85,64 @@ release: package-and-update
 	@chart_version=$$(eval $(call get_gitea_chart_version)); \
 	echo "Creating a new release with Replicated using version $$chart_version"; \
 	replicated release create --yaml-dir $(KOTS_DIR) --promote Unstable --version "$$chart_version"
+
+
+# ---------------------------------------------------------------------------
+# Test targets
+# ---------------------------------------------------------------------------
+
+CI_VALUES = tests/helm/ci-values.yaml
+RELEASE_NAME = gitea
+NAMESPACE = default
+
+.PHONY: test-lint
+test-lint: add-helm-repositories update-dependencies
+	helm lint ./charts/gitea
+	helm template $(RELEASE_NAME) ./charts/gitea > /dev/null
+	helm template $(RELEASE_NAME) ./charts/gitea -f $(CI_VALUES) > /dev/null
+
+.PHONY: test-install-operators
+test-install-operators:
+	helm repo add jetstack https://charts.jetstack.io || true
+	helm repo add cnpg https://cloudnative-pg.github.io/charts || true
+	helm repo update jetstack cnpg
+	helm install cert-manager jetstack/cert-manager \
+		--namespace cert-manager --create-namespace \
+		--set crds.enabled=true \
+		--wait --timeout 5m
+	helm install cnpg cnpg/cloudnative-pg \
+		--namespace cnpg-system --create-namespace \
+		--wait --timeout 5m
+
+.PHONY: test-install
+test-install: add-helm-repositories update-dependencies
+	helm install $(RELEASE_NAME) ./charts/gitea \
+		-f $(CI_VALUES) \
+		--namespace $(NAMESPACE) \
+		--wait --timeout 10m
+
+.PHONY: test-smoke
+test-smoke:
+	python3 -m venv ./venv
+	./venv/bin/pip install -r tests/requirements.txt
+	./venv/bin/python tests/smoke_test.py \
+		--release $(RELEASE_NAME) --namespace $(NAMESPACE)
+
+.PHONY: test-all
+test-all: test-lint test-install-operators test-install test-smoke
+
+.PHONY: help
+help:
+	@echo "Build targets:"
+	@echo "  package-and-update   Package charts and update KOTS versions"
+	@echo "  clean                Remove build artifacts"
+	@echo "  update-dependencies  Update Helm chart dependencies"
+	@echo "  add-helm-repositories  Add required Helm repos"
+	@echo "  release              Package and create a Replicated release"
+	@echo ""
+	@echo "Test targets:"
+	@echo "  test-lint            Lint and template-render the chart"
+	@echo "  test-install-operators  Install cert-manager and CloudNativePG"
+	@echo "  test-install         Helm install Gitea with CI values"
+	@echo "  test-smoke           Run Python smoke tests"
+	@echo "  test-all             Full test sequence (lint -> operators -> install -> smoke)"

applications/gitea/charts/gitea/Chart.lock

@@ -1,15 +1,6 @@
 dependencies:
-- name: postgresql
-  repository: oci://registry-1.docker.io/bitnamicharts
-  version: 15.5.20
-- name: postgresql-ha
-  repository: oci://registry-1.docker.io/bitnamicharts
-  version: 14.2.16
-- name: redis-cluster
-  repository: oci://registry-1.docker.io/bitnamicharts
-  version: 10.3.0
-- name: redis
-  repository: oci://registry-1.docker.io/bitnamicharts
-  version: 19.6.4
-digest: sha256:a28c809273f313c482e3f803a0a002c3bb3a0d2090bf6b732d68ecc4710b4732
-generated: "2024-08-03T00:21:16.080925346Z"
+- name: valkey
+  repository: https://valkey.io/valkey-helm/
+  version: 0.9.3
+digest: sha256:7379cfb883db0b651cfdda1338ff7d2b20985c58152603784832478ed2449486
+generated: "2026-02-09T15:38:46.097337-05:00"

applications/gitea/charts/gitea/Chart.yaml

@@ -1,22 +1,10 @@
 apiVersion: v2
 appVersion: 1.22.3
 dependencies:
-- condition: postgresql.enabled
-  name: postgresql
-  repository: oci://registry-1.docker.io/bitnamicharts
-  version: 15.5.20
-- condition: postgresql-ha.enabled
-  name: postgresql-ha
-  repository: oci://registry-1.docker.io/bitnamicharts
-  version: 14.2.16
-- condition: redis-cluster.enabled
-  name: redis-cluster
-  repository: oci://registry-1.docker.io/bitnamicharts
-  version: 10.3.0
-- condition: redis.enabled
-  name: redis
-  repository: oci://registry-1.docker.io/bitnamicharts
-  version: 19.6.4
+- name: valkey
+  version: "0.9.3"
+  repository: "https://valkey.io/valkey-helm/"
+  condition: valkey.enabled
 description: Gitea Helm chart for Kubernetes
 icon: https://gitea.com/assets/img/logo.svg
 keywords:
@@ -45,4 +33,4 @@ sources:
 - https://github.com/go-gitea/gitea
 - https://hub.docker.com/r/gitea/gitea/
 type: application
-version: 10.6.0
+version: 11.0.0

applications/gitea/charts/gitea/templates/_helpers.tpl

@@ -311,14 +311,24 @@ https
   {{- if not (hasKey .Values.gitea.config.metrics "ENABLED") -}}
     {{- $_ := set .Values.gitea.config.metrics "ENABLED" .Values.gitea.metrics.enabled -}}
   {{- end -}}
-  {{- /* redis queue */ -}}
+  {{- /* redis/valkey queue */ -}}
   {{- if or ((index .Values "redis-cluster").enabled) ((index .Values "redis").enabled) -}}
     {{- $_ := set .Values.gitea.config.queue "TYPE" "redis" -}}
     {{- $_ := set .Values.gitea.config.queue "CONN_STR" (include "redis.dns" .) -}}
     {{- $_ := set .Values.gitea.config.session "PROVIDER" "redis" -}}
     {{- $_ := set .Values.gitea.config.session "PROVIDER_CONFIG" (include "redis.dns" .) -}}
     {{- $_ := set .Values.gitea.config.cache "ADAPTER" "redis" -}}
     {{- $_ := set .Values.gitea.config.cache "HOST" (include "redis.dns" .) -}}
+  {{- else if .Values.valkey.enabled -}}
+    {{- $defaultUser := index .Values.valkey.auth.aclUsers "default" -}}
+    {{- $valkeyHost := printf "%s-valkey" (include "gitea.fullname" .) -}}
+    {{- $valkeyConnStr := printf "redis://:%s@%s:%v/0?pool_size=100&idle_timeout=180s&" $defaultUser.password $valkeyHost (int .Values.valkey.service.port) -}}
+    {{- $_ := set .Values.gitea.config.queue "TYPE" "redis" -}}
+    {{- $_ := set .Values.gitea.config.queue "CONN_STR" $valkeyConnStr -}}
+    {{- $_ := set .Values.gitea.config.session "PROVIDER" "redis" -}}
+    {{- $_ := set .Values.gitea.config.session "PROVIDER_CONFIG" $valkeyConnStr -}}
+    {{- $_ := set .Values.gitea.config.cache "ADAPTER" "redis" -}}
+    {{- $_ := set .Values.gitea.config.cache "HOST" $valkeyConnStr -}}
   {{- else -}}
     {{- if not (get .Values.gitea.config.session "PROVIDER") -}}
       {{- $_ := set .Values.gitea.config.session "PROVIDER" "memory" -}}
@@ -412,6 +422,21 @@ https
     {{- $_ := set .Values.gitea.config.database "USER"      .Values.postgresql.global.postgresql.auth.username -}}
     {{- $_ := set .Values.gitea.config.database "PASSWD"    .Values.postgresql.global.postgresql.auth.password -}}
   {{- end -}}
+  {{- if .Values.postgres.embedded.enabled -}}
+    {{- $_ := set .Values.gitea.config.database "DB_TYPE"   "postgres" -}}
+    {{- if not (.Values.gitea.config.database.HOST) -}}
+      {{- $_ := set .Values.gitea.config.database "HOST" (printf "%s-postgres-rw:5432" (include "gitea.fullname" .)) -}}
+    {{- end -}}
+    {{- if not (.Values.gitea.config.database.NAME) -}}
+      {{- $_ := set .Values.gitea.config.database "NAME" .Values.postgres.embedded.initdb.database -}}
+    {{- end -}}
+    {{- if not (.Values.gitea.config.database.USER) -}}
+      {{- $_ := set .Values.gitea.config.database "USER" .Values.postgres.auth.username -}}
+    {{- end -}}
+    {{- if not (.Values.gitea.config.database.PASSWD) -}}
+      {{- $_ := set .Values.gitea.config.database "PASSWD" .Values.postgres.auth.password -}}
+    {{- end -}}
+  {{- end -}}
 {{- end -}}
 
 {{- define "gitea.init-additional-mounts" -}}