# Default values for helm. # This is a YAML-formatted file. # Declare variables to be passed into your templates. replicaCount: 1 image: repository: justusbunsi/gitea-sonarqube-bot pullPolicy: IfNotPresent # Overrides the image tag whose default is the chart appVersion. tag: "" app: # This object represents the config.yaml provided to the application configuration: # Gitea related configuration. Necessary for adding/updating comments on repository pull requests gitea: # Endpoint of your Gitea instance. Must be expandable by '/api/v1' to form the API base path as shown in Swagger UI. url: "" # Created access token for the user that shall be used as bot account. # User needs "Read project" permissions with access to "Pull Requests" token: value: "" # # or path to file containing the plain text secret # file: /bot/secrets/gitea/user-token # If the sent webhook has a signature header, the bot validates the request payload. If the value does not match, the # request will be ignored. # The bot looks for `X-Gitea-Signature` header containing the sha256 hmac hash of the plain text secret. If the header # exists and no webhookSecret is defined here, the bot will ignore the request, because it cannot be validated. webhook: secret: "" # # or path to file containing the plain text secret # secretFile: /bot/secrets/gitea/webhook-secret # SonarQube related configuration. Necessary for requesting data from the API and processing the webhook. sonarqube: # Endpoint of your SonarQube instance. Must be expandable by '/api' to form the API base path. url: "" # Created access token for the user that shall be used as bot account. # User needs "Browse on project" permissions token: value: "" # # or path to file containing the plain text secret # file: /bot/secrets/sonarqube/user-token # If the sent webhook has a signature header, the bot validates the request payload. If the value does not match, the # request will be ignored. # The bot looks for `X-Sonar-Webhook-HMAC-SHA256` header containing the sha256 hmac hash of the plain text secret. # If the header exists and no webhookSecret is defined here, the bot will ignore the request, because it cannot be # validated. webhook: secret: "" # # or path to file containing the plain text secret # secretFile: /bot/secrets/sonarqube/webhook-secret # Some useful metrics depend on the edition in use. There are various ones like code_smells, vulnerabilities, bugs, etc. # By default the bot will extract "bugs,vulnerabilities,code_smells" # Setting this option you can extend that default list by your own metrics. additionalMetrics: [] # - "new_security_hotspots" # List of project mappings to take care of. Webhooks for other projects will be ignored. # At least one must be configured. Otherwise all webhooks (no matter which source) because the bot cannot map on its own. projects: - sonarqube: key: "" # A repository specification contains the owner name and the repository name itself. The owner can be the name of a # real account or an organization in which the repository is located. gitea: owner: "" name: "" # If token and webhook secrets shall be provided via file, volumes and volume mounts can be configured to setup the environment accordingly volumes: [] # - name: gitea-connection # secret: # secretName: gitea-secret-with-token-and-maybe-webhook-secret # - name: sonarqube-connection # secret: # secretName: sonarqube-secret-with-token-and-maybe-webhook-secret # If token and webhook secrets shall be provided via file, volumes and volume mounts can be configured to setup the environment accordingly volumeMounts: [] # - name: gitea-connection # readOnly: true # mountPath: "/bot/secrets/gitea/" # - name: sonarqube-connection # readOnly: true # mountPath: "/bot/secrets/sonarqube/" imagePullSecrets: [] nameOverride: "" fullnameOverride: "" serviceAccount: # Specifies whether a service account should be created create: true # Annotations to add to the service account annotations: {} # The name of the service account to use. # If not set and create is true, a name is generated using the fullname template name: "" podAnnotations: {} podSecurityContext: fsGroup: 1000 securityContext: # capabilities: # drop: # - ALL readOnlyRootFilesystem: true runAsNonRoot: true runAsUser: 1000 service: type: ClusterIP port: 80 ingress: enabled: false className: "" annotations: {} # kubernetes.io/ingress.class: nginx # kubernetes.io/tls-acme: "true" hosts: - host: sqbot.example.com paths: - path: / pathType: ImplementationSpecific tls: [] # - secretName: chart-example-tls # hosts: # - sqbot.example.com resources: {} # We usually recommend not to specify default resources and to leave this as a conscious # choice for the user. This also increases chances charts run on environments with little # resources, such as Minikube. If you do want to specify resources, uncomment the following # lines, adjust them as necessary, and remove the curly braces after 'resources:'. # limits: # cpu: 100m # memory: 128Mi # requests: # cpu: 100m # memory: 128Mi nodeSelector: {} tolerations: [] affinity: {}