Merge branch 'main' into patch-1

Signed-off-by: gurpalw <[email protected]>

.github/workflows/lint-test.yaml

@@ -25,7 +25,7 @@ jobs:
         uses: azure/setup-helm@v4
         with:
           # renovate: datasource=github-tags depName=helm packageName=helm/helm
-          version: v3.16.2
+          version: v3.16.3
 
       - uses: actions/setup-python@v5
         with:

.github/workflows/release.yaml

@@ -29,7 +29,7 @@ jobs:
         uses: azure/setup-helm@v4
         with:
           # renovate: datasource=github-tags depName=helm packageName=helm/helm
-          version: v3.16.2
+          version: v3.16.3
 
       - name: Run chart-releaser
         uses: helm/[email protected]

charts/atlantis/Chart.yaml

@@ -1,9 +1,9 @@
 apiVersion: v1
 # renovate: datasource=docker depName=ghcr.io/runatlantis/atlantis
-appVersion: v0.30.0
+appVersion: v0.31.0
 description: A Helm chart for Atlantis https://www.runatlantis.io
 name: atlantis
-version: 5.8.1
+version: 5.11.1
 keywords:
   - terraform
 home: https://www.runatlantis.io

charts/atlantis/README.md

@@ -43,6 +43,7 @@ In order for Atlantis to start and run successfully:
 
 1. At least one of the following sets of credentials must be defined:
     - `github`
+    - `gitea`
     - `gitlab`
     - `bitbucket`
     - `azuredevops`
@@ -113,6 +114,7 @@ extraManifests:
 | gitconfig | string | `""` | When referencing Terraform modules in private repositories, it may be helpful (necessary?) to use redirection in a .gitconfig. Check values.yaml for examples. |
 | gitconfigReadOnly | bool | `true` | When true gitconfig file is mounted as read only. When false, the gitconfig value will be copied to '/home/atlantis/.gitconfig' before starting the atlantis process, instead of being mounted as a file. |
 | gitconfigSecretName | string | `""` | If managing secrets outside the chart for the gitconfig, use this variable to reference the secret name |
+| gitea | object | `{}` | If using Gitea, please enter your values as follows. The 'baseUrl' key is exclusive to self-hosted Gitea installations. The chart will perform the base64 encoding for you for values that are stored in secrets. Check values.yaml for examples. |
 | github | object | `{}` | If using GitHub, please enter your values as follows. The chart will perform the base64 encoding for values that are stored in secrets. The 'hostname' key is exclusive to GitHub Enterprise installations. Check values.yaml for examples. |
 | githubApp | object | `{}` | If using a GitHub App, please enter your values as follows. The chart will perform the base64 encoding for you for values that are stored in secrets. installationId is necessary when there are multiple installs of the Github App. Check values.yaml for examples. |
 | gitlab | object | `{}` | If using GitLab, please enter your values as follows. The 'hostname' key is exclusive to GitLab Enterprise installations. The chart will perform the base64 encoding for you for values that are stored in secrets. Check values.yaml for examples. |
@@ -176,6 +178,7 @@ extraManifests:
 | readinessProbe.timeoutSeconds | int | `5` |  |
 | redis | object | `{}` | Configure Redis Locking DB. lockingDbType value must be redis for the config to take effect. Check values.yaml for examples. |
 | redisSecretName | string | `""` | When managing secrets outside the chart for the Redis secret, use this variable to reference the secret name. |
+| redisSecretPasswordKey | string | `"password"` | Key within the existing Redis secret that contains the password value. |
 | replicaCount | int | `1` | Replica count for Atlantis pods. |
 | repoConfig | string | `""` | Use Server Side Repo Config, ref: https://www.runatlantis.io/docs/server-side-repo-config.html. Check values.yaml for examples. |
 | resources | object | `{}` | Resources for Atlantis. Check values.yaml for examples. |

charts/atlantis/README.md.gotmpl

@@ -36,6 +36,7 @@ In order for Atlantis to start and run successfully:
 
 1. At least one of the following sets of credentials must be defined:
     - `github`
+    - `gitea`
     - `gitlab`
     - `bitbucket`
     - `azuredevops`

charts/atlantis/templates/NOTES.txt

@@ -20,5 +20,6 @@
 2. Atlantis will not start successfully unless at least one of the following sets of credentials are specified (see values.yaml for detailed usage):
   - github
   - githubApp
+  - gitea
   - gitlab
   - bitbucket

charts/atlantis/templates/configmap-config.yaml

@@ -3,6 +3,7 @@ apiVersion: v1
 kind: ConfigMap
 metadata:
   name: {{ template "atlantis.fullname" . }}
+  namespace: {{ .Release.Namespace }}
   labels:
   {{- include "atlantis.labels" . | nindent 4 }}
   {{- with .Values.extraAnnotations }}

charts/atlantis/templates/configmap-gitconfig-init.yaml

@@ -3,6 +3,7 @@ apiVersion: v1
 kind: ConfigMap
 metadata:
   name: {{ template "atlantis.fullname" . }}-gitconfig-init
+  namespace: {{ .Release.Namespace }}
   labels:
     {{- include "atlantis.labels" . | nindent 4 }}
   {{- with .Values.extraAnnotations }}

charts/atlantis/templates/configmap-init-config.yaml

@@ -3,6 +3,7 @@ apiVersion: v1
 kind: ConfigMap
 metadata:
   name: {{ template "atlantis.fullname" . }}-init-config
+  namespace: {{ .Release.Namespace }}
   labels:
     {{- include "atlantis.labels" . | nindent 4 }}
   {{- with .Values.extraAnnotations }}

charts/atlantis/templates/configmap-repo-config.yaml

@@ -3,6 +3,7 @@ apiVersion: v1
 kind: ConfigMap
 metadata:
   name: {{ template "atlantis.fullname" . }}-repo-config
+  namespace: {{ .Release.Namespace }}
   labels:
     {{- include "atlantis.labels" . | nindent 4 }}
   {{- with .Values.extraAnnotations }}

charts/atlantis/templates/ingress.yaml

@@ -18,6 +18,7 @@ apiVersion: {{ $apiVersion }}
 kind: Ingress
 metadata:
   name: {{ $fullName }}
+  namespace: {{ .Release.Namespace }}
   labels:
     {{- include "atlantis.labels" . | nindent 4 }}
     {{- if .Values.ingress.labels }}

charts/atlantis/templates/podmonitor.yaml

@@ -3,6 +3,7 @@ apiVersion: monitoring.googleapis.com/v1
 kind: PodMonitoring
 metadata:
   name: {{ template "atlantis.fullname" . }}
+  namespace: {{ .Release.Namespace }}
   labels:
     {{- include "atlantis.labels" . | nindent 4 }}
   {{- if or .Values.service.annotations .Values.extraAnnotations }}

charts/atlantis/templates/pvc.yaml

@@ -3,6 +3,7 @@ apiVersion: v1
 kind: PersistentVolumeClaim
 metadata:
   name: {{ template "atlantis.fullname" . }}-data
+  namespace: {{ .Release.Namespace }}
   labels:
     {{- include "atlantis.labels" . | nindent 4 }}
   {{- with .Values.extraAnnotations }}

charts/atlantis/templates/role.yaml

@@ -3,6 +3,7 @@ apiVersion: rbac.authorization.k8s.io/v1
 kind: Role
 metadata:
   name: {{ template "atlantis.fullname" . }}
+  namespace: {{ .Release.Namespace }}
   labels:
     {{- include "atlantis.labels" . | nindent 4 }}
   {{- with .Values.extraAnnotations }}

charts/atlantis/templates/rolebinding.yaml

@@ -3,6 +3,7 @@ apiVersion: rbac.authorization.k8s.io/v1
 kind: RoleBinding
 metadata:
   name: {{ template "atlantis.fullname" . }}
+  namespace: {{ .Release.Namespace }}
   labels:
     {{- include "atlantis.labels" . | nindent 4 }}
   {{- with .Values.extraAnnotations }}

charts/atlantis/templates/secret-api.yaml

@@ -3,6 +3,7 @@ apiVersion: v1
 kind: Secret
 metadata:
   name: {{ template "atlantis.apiSecretName" . }}
+  namespace: {{ .Release.Namespace }}
   labels:
     {{- include "atlantis.labels" . | nindent 4 }}
   {{- with .Values.extraAnnotations }}

charts/atlantis/templates/secret-aws.yaml

@@ -3,6 +3,7 @@ apiVersion: v1
 kind: Secret
 metadata:
   name: {{ template "atlantis.fullname" . }}-aws
+  namespace: {{ .Release.Namespace }}
   labels:
     {{- include "atlantis.labels" . | nindent 4 }}
   {{- with .Values.extraAnnotations }}

charts/atlantis/templates/secret-basic-auth.yaml

@@ -3,6 +3,7 @@ apiVersion: v1
 kind: Secret
 metadata:
   name: {{ template "atlantis.fullname" . }}-basic-auth
+  namespace: {{ .Release.Namespace }}
   labels:
     {{- include "atlantis.labels" . | nindent 4 }}
   {{- with .Values.extraAnnotations }}

charts/atlantis/templates/secret-gitconfig.yaml

@@ -3,6 +3,7 @@ apiVersion: v1
 kind: Secret
 metadata:
   name: {{ template "atlantis.fullname" . }}-gitconfig
+  namespace: {{ .Release.Namespace }}
   labels:
     {{- include "atlantis.labels" . | nindent 4 }}
   {{- with .Values.extraAnnotations }}

charts/atlantis/templates/secret-netrc.yaml

@@ -3,6 +3,7 @@ apiVersion: v1
 kind: Secret
 metadata:
   name: {{ template "atlantis.fullname" . }}-netrc
+  namespace: {{ .Release.Namespace }}
   labels:
     {{- include "atlantis.labels" . | nindent 4 }}
   {{- with .Values.extraAnnotations }}

charts/atlantis/templates/secret-redis.yaml

@@ -3,6 +3,7 @@ apiVersion: v1
 kind: Secret
 metadata:
   name: {{ template "atlantis.fullname" . }}-redis
+  namespace: {{ .Release.Namespace }}
   labels:
     {{- include "atlantis.labels" . | nindent 4 }}
   {{- with .Values.extraAnnotations }}

charts/atlantis/templates/secret-service-account.yaml

@@ -4,6 +4,7 @@ apiVersion: v1
 kind: Secret
 metadata:
   name: {{ $name }}
+  namespace: {{ $.Release.Namespace }}
   labels:
     component: service-account-secret
     {{- include "atlantis.labels" $ | nindent 4 }}

charts/atlantis/templates/secret-webhook.yaml

@@ -3,6 +3,7 @@ apiVersion: v1
 kind: Secret
 metadata:
   name: {{ template "atlantis.fullname" . }}-webhook
+  namespace: {{ .Release.Namespace }}
   labels:
     {{- include "atlantis.labels" . | nindent 4 }}
   {{- with .Values.extraAnnotations }}
@@ -18,6 +19,10 @@ data:
   github_token: {{ required "github.token is required if github configuration is specified." .Values.github.token | b64enc }}
   github_secret: {{ required "github.secret is required if github configuration is specified." .Values.github.secret | b64enc }}
   {{- end }}
+  {{- if .Values.gitea }}
+  gitea_token: {{ required "gitea.token is required if gitea configuration is specified." .Values.gitea.token | b64enc }}
+  gitea_secret: {{ required "gitea.secret is required if gitea configuration is specified." .Values.gitea.secret | b64enc }}
+  {{- end }}
   {{- if .Values.gitlab }}
   gitlab_token: {{ required "gitlab.token is required if gitlab configuration is specified." .Values.gitlab.token | b64enc }}
   gitlab_secret: {{ required "gitlab.secret is required if gitlab configuration is specified." .Values.gitlab.secret | b64enc }}

charts/atlantis/templates/service.yaml

@@ -2,6 +2,7 @@ apiVersion: v1
 kind: Service
 metadata:
   name: {{ template "atlantis.fullname" . }}
+  namespace: {{ .Release.Namespace }}
   labels:
     {{- include "atlantis.labels" . | nindent 4 }}
   {{- if or .Values.service.annotations .Values.extraAnnotations }}

charts/atlantis/templates/serviceaccount.yaml

@@ -3,6 +3,7 @@ apiVersion: v1
 kind: ServiceAccount
 metadata:
   name: {{ template "atlantis.serviceAccountName" . }}
+  namespace: {{ .Release.Namespace }}
   labels:
     {{- include "atlantis.labels" . | nindent 4 }}
   {{- if or .Values.serviceAccount.annotations .Values.extraAnnotations }}

charts/atlantis/templates/servicemonitor.yaml

@@ -3,6 +3,7 @@ apiVersion: monitoring.coreos.com/v1
 kind: ServiceMonitor
 metadata:
   name: {{ template "atlantis.fullname" . }}
+  namespace: {{ .Release.Namespace }}
   labels:
     {{- include "atlantis.labels" . | nindent 4 }}
     {{- with .Values.servicemonitor.additionalLabels }}

charts/atlantis/templates/statefulset.yaml

@@ -2,6 +2,7 @@ apiVersion: apps/v1
 kind: StatefulSet
 metadata:
   name: {{ template "atlantis.fullname" . }}
+  namespace: {{ .Release.Namespace }}
   labels:
     {{- include "atlantis.labels" . | nindent 4 }}
     {{- with .Values.statefulSet.labels }}
@@ -391,6 +392,24 @@ spec:
             value: "/var/github-app/key.pem"
           {{- end }}
           {{- end }}
+          {{- if .Values.gitea }}
+          - name: ATLANTIS_GITEA_USER
+            value: {{ required "gitea.user is required if gitea configuration is specified." .Values.gitea.user }}
+          - name: ATLANTIS_GITEA_TOKEN
+            valueFrom:
+              secretKeyRef:
+                name: {{ template "atlantis.vcsSecretName" . }}
+                key: gitea_token
+          - name: ATLANTIS_GITEA_WEBHOOK_SECRET
+            valueFrom:
+              secretKeyRef:
+                name: {{ template "atlantis.vcsSecretName" . }}
+                key: gitea_secret
+          {{- if .Values.gitea.baseUrl }}
+          - name: ATLANTIS_GITEA_BASE_URL
+            value: {{ .Values.gitea.baseUrl }}
+          {{- end }}
+          {{- end }}
           {{- if .Values.gitlab }}
           - name: ATLANTIS_GITLAB_USER
             value: {{ required "gitlab.user is required if gitlab configuration is specified." .Values.gitlab.user }}
@@ -477,7 +496,7 @@ spec:
             valueFrom:
               secretKeyRef:
                 name: {{ template "atlantis.redisSecretName" . }}
-                key: password
+                key: {{ .Values.redisSecretPasswordKey | quote }}
           {{- end }}
           {{- if .Values.redis.port }}
           - name: ATLANTIS_REDIS_PORT

charts/atlantis/templates/tests/test-atlantis-configmap.yaml

@@ -3,6 +3,7 @@ apiVersion: v1
 kind: ConfigMap
 metadata:
   name: {{ template "atlantis.fullname" . }}-tests
+  namespace: {{ .Release.Namespace }}
 data:
   tests.bats: |-
     setup() {

charts/atlantis/templates/tests/test-atlantis-pod.yaml

@@ -3,6 +3,7 @@ apiVersion: v1
 kind: Pod
 metadata:
   name: "{{ .Release.Name }}-ui-test"
+  namespace: {{ .Release.Namespace }}
   annotations:
     helm.sh/hook: test
     {{- with .Values.test.annotations }}

charts/atlantis/templates/webhook-ingress.yaml

@@ -18,6 +18,7 @@ apiVersion: {{ $apiVersion }}
 kind: Ingress
 metadata:
   name: {{ $fullName }}-secondary
+  namespace: {{ .Release.Namespace }}
   labels:
     {{- include "atlantis.labels" . | nindent 4 }}
     {{- with .Values.webhook_ingress.labels }}

charts/atlantis/tests/misc_test.yaml

@@ -0,0 +1,47 @@
+suite: test miscellaneous cases
+templates:
+  - "*.yaml"
+chart:
+  appVersion: test-appVersion
+release:
+  name: my-release
+  namespace: my-namespace
+tests:
+  - it: ensure namespaces are specified in all resources
+    set:
+      config: "dummy"
+      gitconfigReadOnly: false
+      gitconfig: "dummy"
+      initConfig:
+        enabled: true
+      repoConfig: "dummy"
+      podMonitor:
+        enabled: true
+      servicemonitor:
+        enabled: true
+      enableKubernetesBackend: true
+      api:
+        secret: "dummy"
+      aws:
+        config: "dummy"
+      basicAuth:
+        username: "dummy"
+        password: "dummy"
+      netrc: "dummy"
+      redis:
+        password: "dummy"
+      serviceAccountSecrets:
+        credentials: "dummy"
+      webhook_ingress:
+        enabled: true
+      extraManifests:
+      - apiVersion: v1
+        kind: Pod
+        metadata:
+          name: dummy
+          namespace: "my-namespace"
+
+    asserts:
+      - equal:
+          path: metadata.namespace
+          value: my-namespace

charts/atlantis/tests/secret-webhook_test.yaml

@@ -82,6 +82,33 @@ tests:
           value:
             github_secret: YmF6
             github_token: YmFy
+  - it: gitea only user set
+    set:
+      gitea:
+        user: foo
+    asserts:
+      - failedTemplate:
+          errorMessage: gitea.token is required if gitea configuration is specified.
+  - it: gitea only user and token are set
+    set:
+      gitea:
+        user: foo
+        token: bar
+    asserts:
+      - failedTemplate:
+          errorMessage: gitea.secret is required if gitea configuration is specified.
+  - it: gitea
+    set:
+      gitea:
+        user: foo
+        token: bar
+        secret: baz
+    asserts:
+      - equal:
+          path: data
+          value:
+            gitea_secret: YmF6
+            gitea_token: YmFy
   - it: gitlab only user set
     set:
       gitlab: