157 lines
5.5 KiB
YAML
157 lines
5.5 KiB
YAML
# Default values for helm.
|
|
# This is a YAML-formatted file.
|
|
# Declare variables to be passed into your templates.
|
|
|
|
replicaCount: 1
|
|
|
|
image:
|
|
repository: justusbunsi/gitea-sonarqube-bot
|
|
pullPolicy: IfNotPresent
|
|
# Overrides the image tag whose default is the chart appVersion.
|
|
tag: ""
|
|
|
|
app:
|
|
# This object represents the config.yaml provided to the application
|
|
configuration:
|
|
# Gitea related configuration. Necessary for adding/updating comments on repository pull requests
|
|
gitea:
|
|
# Endpoint of your Gitea instance. Must be expandable by '/api/v1' to form the API base path as shown in Swagger UI.
|
|
url: ""
|
|
|
|
# Created access token for the user that shall be used as bot account.
|
|
# User needs "Read project" permissions with access to "Pull Requests"
|
|
token:
|
|
value: ""
|
|
# # or path to file containing the plain text secret
|
|
# file: /bot/secrets/gitea/user-token
|
|
|
|
# If the sent webhook has a signature header, the bot validates the request payload. If the value does not match, the
|
|
# request will be ignored.
|
|
# The bot looks for `X-Gitea-Signature` header containing the sha256 hmac hash of the plain text secret. If the header
|
|
# exists and no webhookSecret is defined here, the bot will ignore the request, because it cannot be validated.
|
|
webhook:
|
|
secret: ""
|
|
# # or path to file containing the plain text secret
|
|
# secretFile: /bot/secrets/gitea/webhook-secret
|
|
|
|
# SonarQube related configuration. Necessary for requesting data from the API and processing the webhook.
|
|
sonarqube:
|
|
# Endpoint of your SonarQube instance. Must be expandable by '/api' to form the API base path.
|
|
url: ""
|
|
|
|
# Created access token for the user that shall be used as bot account.
|
|
# User needs "Browse on project" permissions
|
|
token:
|
|
value: ""
|
|
# # or path to file containing the plain text secret
|
|
# file: /bot/secrets/sonarqube/user-token
|
|
|
|
# If the sent webhook has a signature header, the bot validates the request payload. If the value does not match, the
|
|
# request will be ignored.
|
|
# The bot looks for `X-Sonar-Webhook-HMAC-SHA256` header containing the sha256 hmac hash of the plain text secret.
|
|
# If the header exists and no webhookSecret is defined here, the bot will ignore the request, because it cannot be
|
|
# validated.
|
|
webhook:
|
|
secret: ""
|
|
# # or path to file containing the plain text secret
|
|
# secretFile: /bot/secrets/sonarqube/webhook-secret
|
|
|
|
# Some useful metrics depend on the edition in use. There are various ones like code_smells, vulnerabilities, bugs, etc.
|
|
# By default the bot will extract "bugs,vulnerabilities,code_smells"
|
|
# Setting this option you can extend that default list by your own metrics.
|
|
additionalMetrics: []
|
|
# - "new_security_hotspots"
|
|
|
|
# List of project mappings to take care of. Webhooks for other projects will be ignored.
|
|
# At least one must be configured. Otherwise all webhooks (no matter which source) because the bot cannot map on its own.
|
|
projects:
|
|
- sonarqube:
|
|
key: ""
|
|
# A repository specification contains the owner name and the repository name itself. The owner can be the name of a
|
|
# real account or an organization in which the repository is located.
|
|
gitea:
|
|
owner: ""
|
|
name: ""
|
|
|
|
# If token and webhook secrets shall be provided via file, volumes and volume mounts can be configured to setup the environment accordingly
|
|
volumes: []
|
|
# - name: gitea-connection
|
|
# secret:
|
|
# secretName: gitea-secret-with-token-and-maybe-webhook-secret
|
|
# - name: sonarqube-connection
|
|
# secret:
|
|
# secretName: sonarqube-secret-with-token-and-maybe-webhook-secret
|
|
|
|
# If token and webhook secrets shall be provided via file, volumes and volume mounts can be configured to setup the environment accordingly
|
|
volumeMounts: []
|
|
# - name: gitea-connection
|
|
# readOnly: true
|
|
# mountPath: "/bot/secrets/gitea/"
|
|
# - name: sonarqube-connection
|
|
# readOnly: true
|
|
# mountPath: "/bot/secrets/sonarqube/"
|
|
|
|
imagePullSecrets: []
|
|
nameOverride: ""
|
|
fullnameOverride: ""
|
|
|
|
serviceAccount:
|
|
# Specifies whether a service account should be created
|
|
create: true
|
|
# Annotations to add to the service account
|
|
annotations: {}
|
|
# The name of the service account to use.
|
|
# If not set and create is true, a name is generated using the fullname template
|
|
name: ""
|
|
|
|
podAnnotations: {}
|
|
|
|
podSecurityContext:
|
|
fsGroup: 1000
|
|
|
|
securityContext:
|
|
# capabilities:
|
|
# drop:
|
|
# - ALL
|
|
readOnlyRootFilesystem: true
|
|
runAsNonRoot: true
|
|
runAsUser: 1000
|
|
|
|
service:
|
|
type: ClusterIP
|
|
port: 80
|
|
|
|
ingress:
|
|
enabled: false
|
|
className: ""
|
|
annotations: {}
|
|
# kubernetes.io/ingress.class: nginx
|
|
# kubernetes.io/tls-acme: "true"
|
|
hosts:
|
|
- host: sqbot.example.com
|
|
paths:
|
|
- path: /
|
|
pathType: ImplementationSpecific
|
|
tls: []
|
|
# - secretName: chart-example-tls
|
|
# hosts:
|
|
# - sqbot.example.com
|
|
|
|
resources: {}
|
|
# We usually recommend not to specify default resources and to leave this as a conscious
|
|
# choice for the user. This also increases chances charts run on environments with little
|
|
# resources, such as Minikube. If you do want to specify resources, uncomment the following
|
|
# lines, adjust them as necessary, and remove the curly braces after 'resources:'.
|
|
# limits:
|
|
# cpu: 100m
|
|
# memory: 128Mi
|
|
# requests:
|
|
# cpu: 100m
|
|
# memory: 128Mi
|
|
|
|
nodeSelector: {}
|
|
|
|
tolerations: []
|
|
|
|
affinity: {}
|