deblan/gitea-sonarqube-bot
1
0
Fork 0
Code Issues Pull requests Packages Projects Releases Wiki Activity

Prepare v0.2.1 release

Browse source 
With PR #17 the Helm Chart parameters for webhook secrets were missing
in the README parameters. This is now fixed.

A checksum for bot configuration secret resource ensures replacement of
the pod when there is a configuration change.

Additional:

- Bump Chart default image version
- Add bug fix notes to changelog

Signed-off-by: Steven Kriegler <sk.bunsenbrenner@gmail.com>
This commit is contained in:
justusbunsi 2022-06-18 14:46:33 +02:00
parent 685c834b61
commit 385252cd72
No known key found for this signature in database
GPG key ID: 82B29BF2507F9F8B
5 changed files with 28 additions and 20 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

1
CHANGELOG.md
View file

@ -6,6 +6,7 @@
- Allow configuring listening port
- Allow changing naming pattern for Pull Requests
- Improve error handling for SonarQube communication
### 🐳 Docker image

2
helm/Chart.yaml
View file

@ -3,7 +3,7 @@ name: gitea-sonarqube-bot
description: A Helm Chart for running a bot to communicate between both Gitea and SonarQube
type: application
version: 0.2.1
appVersion: "v0.2.0"
appVersion: "v0.2.1"
home: https://codeberg.org/justusbunsi/gitea-sonarqube-bot/
maintainers:
- name: Steven Kriegler

36
helm/README.md
View file

@ -53,22 +53,26 @@ You can find a full changelog in the [main repository](https://codeberg.org/just
### App parameters
| Name | Description | Value |
| ----------------------------------------------- | -------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- | ------------ |
| `app.configLocationOverride` | Override the default location of the configuration file (`/home/bot/config/config.yaml`). **Available since Chart version `0.2.0`. Requires at least image tag `v0.2.0`**. (See values file for details) | `""` |
| `app.listeningPort` | Port the application will listening on inside the pod container. **Available since Chart version `0.2.1`. Requires at least image tag `v0.2.1`**. | `3000` |
| `app.configuration.gitea.url` | Endpoint of your Gitea instance. Must be expandable by '/api/v1' to form the API base path as shown in Swagger UI. | `""` |
| `app.configuration.gitea.token.value` | Gitea token as plain text. Can be replaced with `file` key containing path to file. | `""` |
| `app.configuration.sonarqube.url` | Endpoint of your SonarQube instance. Must be expandable by '/api' to form the API base path. | `""` |
| `app.configuration.sonarqube.token.value` | SonarQube token as plain text. Can be replaced with `file` key containing path to file. | `""` |
| `app.configuration.sonarqube.additionalMetrics` | Setting this option you can extend that default list by your own metrics. | `[]` |
| `app.configuration.projects[0].sonarqube.key` | Project key inside SonarQube | `""` |
| `app.configuration.projects[0].gitea.owner` | Repository owner inside Gitea | `""` |
| `app.configuration.projects[0].gitea.name` | Repository name inside Gitea | `""` |
| `app.configuration.namingPattern.regex` | Regular expression that MUST HAVE exactly ONE GROUP that matches the integer part of the PR. That integer part is identical to the pull request ID in Gitea. | `^PR-(\d+)$` |
| `app.configuration.namingPattern.template` | Valid Go format string. It MUST have one integer placeholder which will be replaced by the pull request ID. See: https://pkg.go.dev/fmt#hdr-Printing | `PR-%d` |
| `volumes` | If token and webhook secrets shall be provided via file, volumes and volume mounts can be configured to setup the environment accordingly | `[]` |
| `volumeMounts` | If token and webhook secrets shall be provided via file, volumes and volume mounts can be configured to setup the environment accordingly | `[]` |
| Name | Description | Value |
| ------------------------------------------------ | -------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- | ------------ |
| `app.configLocationOverride` | Override the default location of the configuration file (`/home/bot/config/config.yaml`). **Available since Chart version `0.2.0`. Requires at least image tag `v0.2.0`**. (See values file for details) | `""` |
| `app.listeningPort` | Port the application will listening on inside the pod container. **Available since Chart version `0.2.1`. Requires at least image tag `v0.2.1`**. | `3000` |
| `app.configuration.gitea.url` | Endpoint of your Gitea instance. Must be expandable by '/api/v1' to form the API base path as shown in Swagger UI. | `""` |
| `app.configuration.gitea.token.value` | Gitea token as plain text. Can be replaced with `file` key containing path to file. | `""` |
| `app.configuration.gitea.webhook.secret` | Secret for signature header (in plaintext) | `""` |
| `app.configuration.gitea.webhook.secretFile` | Path to file containing the plain text secret. Alternative to inline `app.configuration.gitea.webhook.secret` | |
| `app.configuration.sonarqube.url` | Endpoint of your SonarQube instance. Must be expandable by '/api' to form the API base path. | `""` |
| `app.configuration.sonarqube.token.value` | SonarQube token as plain text. Can be replaced with `file` key containing path to file. | `""` |
| `app.configuration.sonarqube.webhook.secret` | Secret for signature header (in plaintext) | `""` |
| `app.configuration.sonarqube.webhook.secretFile` | Path to file containing the plain text secret. Alternative to inline `app.configuration.sonarqube.webhook.secret` | |
| `app.configuration.sonarqube.additionalMetrics` | Setting this option you can extend that default list by your own metrics. | `[]` |
| `app.configuration.projects[0].sonarqube.key` | Project key inside SonarQube | `""` |
| `app.configuration.projects[0].gitea.owner` | Repository owner inside Gitea | `""` |
| `app.configuration.projects[0].gitea.name` | Repository name inside Gitea | `""` |
| `app.configuration.namingPattern.regex` | Regular expression that MUST HAVE exactly ONE GROUP that matches the integer part of the PR. That integer part is identical to the pull request ID in Gitea. | `^PR-(\d+)$` |
| `app.configuration.namingPattern.template` | Valid Go format string. It MUST have one integer placeholder which will be replaced by the pull request ID. See: https://pkg.go.dev/fmt#hdr-Printing | `PR-%d` |
| `volumes` | If token and webhook secrets shall be provided via file, volumes and volume mounts can be configured to setup the environment accordingly | `[]` |
| `volumeMounts` | If token and webhook secrets shall be provided via file, volumes and volume mounts can be configured to setup the environment accordingly | `[]` |
### Security parameters

3
helm/templates/deployment.yaml
View file

@ -11,8 +11,9 @@ spec:
{{- include "helm.selectorLabels" . | nindent 6 }}
template:
metadata:
{{- with .Values.podAnnotations }}
annotations:
checksum/config: {{ include (print $.Template.BasePath "/config.yaml") . | sha256sum }}
{{- with .Values.podAnnotations }}
{{- toYaml . | nindent 8 }}
{{- end }}
labels:

6
helm/values.yaml
View file

@ -79,7 +79,8 @@ app:
# request will be ignored.
# The bot looks for `X-Gitea-Signature` header containing the sha256 hmac hash of the plain text secret. If the header
# exists and no webhookSecret is defined here, the bot will ignore the request, because it cannot be validated.
# @skip app.configuration.gitea.webhook
# @param app.configuration.gitea.webhook.secret Secret for signature header (in plaintext)
# @extra app.configuration.gitea.webhook.secretFile Path to file containing the plain text secret. Alternative to inline `app.configuration.gitea.webhook.secret`
webhook:
secret: ""
# # or path to file containing the plain text secret
@ -103,7 +104,8 @@ app:
# The bot looks for `X-Sonar-Webhook-HMAC-SHA256` header containing the sha256 hmac hash of the plain text secret.
# If the header exists and no webhookSecret is defined here, the bot will ignore the request, because it cannot be
# validated.
# @skip app.configuration.sonarqube.webhook
# @param app.configuration.sonarqube.webhook.secret Secret for signature header (in plaintext)
# @extra app.configuration.sonarqube.webhook.secretFile Path to file containing the plain text secret. Alternative to inline `app.configuration.sonarqube.webhook.secret`
webhook:
secret: ""
# # or path to file containing the plain text secret