chore(deployment): fix permissions

chore(k8s): adjust files for yamllint rules
chore(ci): add yamllint
2025-03-13 19:09:21 +01:00 · 2025-03-13 18:51:32 +01:00 · 2025-03-13 18:51:29 +01:00 · 2025-03-13 18:39:32 +01:00
7 changed files with 52 additions and 14 deletions
--- a/.woodpecker.yaml
+++ b/.woodpecker.yaml
@ -0,0 +1,13 @@
+---
+labels:
+  backend: kubernetes
+steps:
+  - name: linting
+    image: cytopia/yamllint:latest
+    commands:
+      - yamllint -f colored -s .
+when:
+  - event:
+      - push
+      - manual
+      - pull_request
--- a/.yamllint
+++ b/.yamllint
@ -0,0 +1,12 @@
+---
+yaml-files:
+  - '*.yaml'
+  - '*.yml'
+  - '.yamllint'
+
+extends: default
+
+rules:
+  line-length: disable
+  indentation:
+    indent-sequences: consistent
--- a/k8s/deployment.yaml
+++ b/k8s/deployment.yaml
@ -1,3 +1,4 @@
+---
 apiVersion: apps/v1
 kind: Deployment
 metadata:
@ -21,8 +22,8 @@ spec:
        app: forgejo-pod
    spec:
      containers:
-      - image: codeberg.org/forgejo/forgejo:10.0.1
-        imagePullPolicy: Always
+      - image: codeberg.org/forgejo/forgejo:10.0.1-rootless
+        imagePullPolicy: IfNotPresent
        env:
        - name: USER_UID
          value: "1000"
@ -30,15 +31,23 @@ spec:
          value: "1000"
        name: forgejo
        ports:
-          - containerPort: 3000
-            name: web
-            protocol: TCP
-          - containerPort: 22
-            name: ssh
-            protocol: TCP
+        - containerPort: 3000
+          name: web
+          protocol: TCP
+        - containerPort: 22
+          name: ssh
+          protocol: TCP
        volumeMounts:
        - mountPath: "/data"
          name: forgejo-pv-storage
+      initContainers:
+      - name: fix-permissions
+        image: busybox
+        imagePullPolicy: IfNotPresent
+        command: ["sh", "-c", "chown -R 1000:1000 /mnt"]
+        volumeMounts:
+        - mountPath: "/mnt"
+          name: forgejo-pv-storage
      volumes:
      - name: forgejo-pv-storage
        persistentVolumeClaim:
--- a/k8s/ingress.yaml
+++ b/k8s/ingress.yaml
@ -1,3 +1,4 @@
+---
 apiVersion: networking.k8s.io/v1
 kind: Ingress
 metadata:
@ -22,6 +23,6 @@ spec:
        path: /
        pathType: Prefix
  tls:
-    - hosts:
-        - git.svc.neuber.io
-      secretName: forgejo-tls-key
+  - hosts:
+    - git.svc.neuber.io
+    secretName: forgejo-tls-key
--- a/k8s/namespace.yaml
+++ b/k8s/namespace.yaml
@ -1,6 +1,7 @@
+---
 apiVersion: v1
 kind: Namespace
 metadata:
  labels:
    app.kubernetes.io/instance: forgejo
-  name: forgejo
+  name: forgejo
--- a/k8s/persistentvolumeclaim.yaml
+++ b/k8s/persistentvolumeclaim.yaml
@ -1,3 +1,4 @@
+---
 apiVersion: v1
 kind: PersistentVolumeClaim
 metadata:
@ -9,7 +10,7 @@ metadata:
  namespace: forgejo
 spec:
  accessModes:
-    - ReadWriteOnce
+  - ReadWriteOnce
  volumeMode: Filesystem
  volumeName: pvc-64e344d5-9dbe-4de4-9e6f-a1bad1da300e
  resources:
--- a/k8s/service.yaml
+++ b/k8s/service.yaml
@ -1,3 +1,4 @@
+---
 apiVersion: v1
 kind: Service
 metadata:
@ -17,4 +18,4 @@ spec:
    targetPort: 22
  selector:
    app: forgejo-pod
-  type: ClusterIP
+  type: ClusterIP
Author	SHA1	Message	Date
Tom Neuber	1c3ebe5d81	chore(deployment): fix permissions All checks were successful ci/woodpecker/push/woodpecker Pipeline was successful Details	2025-03-13 19:09:21 +01:00
Tom Neuber	c16f9aa534	chore(k8s): adjust files for yamllint rules All checks were successful ci/woodpecker/push/woodpecker Pipeline was successful Details	2025-03-13 18:51:32 +01:00
Tom Neuber	1068609bbe	chore(ci): add yamllint	2025-03-13 18:51:29 +01:00
Tom Neuber	503a857e2c	chore(deployment): switch to rootless container	2025-03-13 18:39:32 +01:00