# @section Common parameters # @param replicaCount Number of replicas for the bot replicaCount: 1 # ref: https://hub.docker.com/r/justusbunsi/gitea-sonarqube-bot/tags/ # @param image.repository Image repository # @param image.pullPolicy Image pull policy # @param image.tag Image tag (Overrides the image tag whose default is the chart `appVersion`) image: repository: justusbunsi/gitea-sonarqube-bot pullPolicy: IfNotPresent tag: "" # @param imagePullSecrets Specify docker-registry secret names as an array imagePullSecrets: [] # @param nameOverride String to partially override common.names.fullname template (will maintain the release name) nameOverride: "" # @param fullnameOverride String to fully override common.names.fullname template fullnameOverride: "" # We usually recommend not to specify default resources and to leave this as a conscious # choice for the user. This also increases chances charts run on environments with little # resources, such as Minikube. If you do want to specify resources, uncomment the following # lines, adjust them as necessary, and remove the curly braces after 'resources:'. # @param resources.limits The resources limits for the container # @param resources.requests The requested resources for the container resources: limits: {} # cpu: 100m # memory: 128Mi requests: {} # cpu: 100m # memory: 128Mi # @param nodeSelector Node labels for pod assignment. Evaluated as a template. # ref: https://kubernetes.io/docs/user-guide/node-selection/ nodeSelector: {} # @param tolerations Tolerations for pod assignment. Evaluated as a template. # ref: https://kubernetes.io/docs/concepts/configuration/taint-and-toleration/ tolerations: [] # @param affinity Affinity for pod assignment. Evaluated as a template. # ref: https://kubernetes.io/docs/concepts/configuration/assign-pod-node/#affinity-and-anti-affinity affinity: {} # @param podAnnotations Pod annotations. podAnnotations: {} # @section App parameters app: # @param app.configLocationOverride Override the default location of the configuration file (`/home/bot/config/config.yaml`). **Available since Chart version `0.2.0`. Requires at least image tag `v0.2.0`**. (See values file for details) # Setting this will also change the mount point for `.Values.app.configuration` to the directory part of the override value. configLocationOverride: "" # @param app.listeningPort Port the application will listening on inside the pod container. **Available since Chart version `0.2.1`. Requires at least image tag `v0.2.1`**. listeningPort: 3000 # This object represents the [config.yaml](https://codeberg.org/justusbunsi/gitea-sonarqube-bot/src/branch/main/config/config.example.yaml) provided to the application. configuration: # Gitea related configuration. Necessary for adding/updating comments on repository pull requests gitea: # @param app.configuration.gitea.url Endpoint of your Gitea instance. Must be expandable by '/api/v1' to form the API base path as shown in Swagger UI. url: "" # Created access token for the user that shall be used as bot account. # User needs "Read project" permissions with access to "Pull Requests" # @param app.configuration.gitea.token.value Gitea token as plain text. Can be replaced with `file` key containing path to file. token: value: "" # # or path to file containing the plain text secret # file: /bot/secrets/gitea/user-token # If the sent webhook has a signature header, the bot validates the request payload. If the value does not match, the # request will be ignored. # The bot looks for `X-Gitea-Signature` header containing the sha256 hmac hash of the plain text secret. If the header # exists and no webhookSecret is defined here, the bot will ignore the request, because it cannot be validated. # @skip app.configuration.gitea.webhook webhook: secret: "" # # or path to file containing the plain text secret # secretFile: /bot/secrets/gitea/webhook-secret # SonarQube related configuration. Necessary for requesting data from the API and processing the webhook. sonarqube: # @param app.configuration.sonarqube.url Endpoint of your SonarQube instance. Must be expandable by '/api' to form the API base path. url: "" # Created access token for the user that shall be used as bot account. # User needs "Browse on project" permissions # @param app.configuration.sonarqube.token.value SonarQube token as plain text. Can be replaced with `file` key containing path to file. token: value: "" # # or path to file containing the plain text secret # file: /bot/secrets/sonarqube/user-token # If the sent webhook has a signature header, the bot validates the request payload. If the value does not match, the # request will be ignored. # The bot looks for `X-Sonar-Webhook-HMAC-SHA256` header containing the sha256 hmac hash of the plain text secret. # If the header exists and no webhookSecret is defined here, the bot will ignore the request, because it cannot be # validated. # @skip app.configuration.sonarqube.webhook webhook: secret: "" # # or path to file containing the plain text secret # secretFile: /bot/secrets/sonarqube/webhook-secret # Some useful metrics depend on the edition in use. There are various ones like code_smells, vulnerabilities, bugs, etc. # By default the bot will extract "bugs,vulnerabilities,code_smells" # @param app.configuration.sonarqube.additionalMetrics Setting this option you can extend that default list by your own metrics. additionalMetrics: [] # - "new_security_hotspots" # List of project mappings to take care of. Webhooks for other projects will be ignored. # At least one must be configured. Otherwise all webhooks (no matter which source) because the bot cannot map on its own. # @param app.configuration.projects[0].sonarqube.key Project key inside SonarQube # @param app.configuration.projects[0].gitea.owner Repository owner inside Gitea # @param app.configuration.projects[0].gitea.name Repository name inside Gitea projects: - sonarqube: key: "" # A repository specification contains the owner name and the repository name itself. The owner can be the name of a # real account or an organization in which the repository is located. gitea: owner: "" name: "" # Define pull request names from SonarScanner analysis. Default pattern matches the Jenkins Gitea plugin schema. # @param app.configuration.namingPattern.regex Regular expression that MUST HAVE exactly ONE GROUP that matches the integer part of the PR. That integer part is identical to the pull request ID in Gitea. # @param app.configuration.namingPattern.template Valid Go format string. It MUST have one integer placeholder which will be replaced by the pull request ID. See: https://pkg.go.dev/fmt#hdr-Printing namingPattern: regex: "^PR-(\\d+)$" template: "PR-%d" # @param volumes If token and webhook secrets shall be provided via file, volumes and volume mounts can be configured to setup the environment accordingly volumes: [] # - name: gitea-connection # secret: # secretName: gitea-secret-with-token-and-maybe-webhook-secret # - name: sonarqube-connection # secret: # secretName: sonarqube-secret-with-token-and-maybe-webhook-secret # @param volumeMounts If token and webhook secrets shall be provided via file, volumes and volume mounts can be configured to setup the environment accordingly volumeMounts: [] # - name: gitea-connection # readOnly: true # mountPath: "/bot/secrets/gitea/" # - name: sonarqube-connection # readOnly: true # mountPath: "/bot/secrets/sonarqube/" # @section Security parameters serviceAccount: # @param serviceAccount.create Specifies whether a service account should be created create: true # @param serviceAccount.annotations Annotations to add to the service account annotations: {} # @param serviceAccount.name The name of the service account to use. If not set and create is true, a name is generated using the fullname template name: "" # ref: https://kubernetes.io/docs/tasks/configure-pod-container/security-context/#set-the-security-context-for-a-pod # @param podSecurityContext.fsGroup Group ID for the container podSecurityContext: fsGroup: 1000 # ref: https://kubernetes.io/docs/tasks/configure-pod-container/security-context/#set-the-security-context-for-a-container # @param securityContext.readOnlyRootFilesystem Mounts the container's root filesystem as read-only # @param securityContext.runAsNonRoot Avoid running as root user # @param securityContext.runAsUser User ID for the container securityContext: # capabilities: # drop: # - ALL readOnlyRootFilesystem: true runAsNonRoot: true runAsUser: 1000 # @section Traffic exposure parameters # @param service.type Service type # @param service.port Service port service: type: ClusterIP port: 80 # ref: https://kubernetes.io/docs/user-guide/ingress/ ingress: # @param ingress.enabled Enable ingress controller resource enabled: false # @param ingress.className IngressClass that will be be used to implement the Ingress (Kubernetes 1.18+) # This is supported in Kubernetes 1.18+ and required if you have more than one IngressClass marked as the default for your cluster. # ref: https://kubernetes.io/blog/2020/04/02/improvements-to-the-ingress-api-in-kubernetes-1.18/ className: "" # @param ingress.annotations Additional annotations for the Ingress resource. annotations: {} # kubernetes.io/ingress.class: nginx # kubernetes.io/tls-acme: "true" # @param ingress.hosts[0].host Host for the ingress resource # @param ingress.hosts[0].paths[0].path The path to the bot endpoint # @param ingress.hosts[0].paths[0].pathType Ingress path type hosts: - host: sqbot.example.com paths: - path: / pathType: ImplementationSpecific # @param ingress.tls The tls configuration for additional hostnames to be covered with configured ingress. # see: https://kubernetes.io/docs/concepts/services-networking/ingress/#tls tls: [] # - hosts: # - sqbot.example.com # secretName: chart-example-tls