e95cc1d678
This PR contains the following updates: | Package | Update | Change | |---|---|---| | [docker.io/gitea/gitea](https://redirect.github.com/go-gitea/gitea) | patch | `4c42564` → `c5c21a7` | --- > [!WARNING] > Some dependencies could not be looked up. Check the [Dependency Dashboard](../issues/18710) for more information. Add the preset `:preserveSemverRanges` to your config if you don't want to pin your dependencies. --- ### Release Notes <details> <summary>go-gitea/gitea (docker.io/gitea/gitea)</summary> ### [`v1.26.2`](https://redirect.github.com/go-gitea/gitea/blob/HEAD/CHANGELOG.md#1262---2026-05-20) [Compare Source](https://redirect.github.com/go-gitea/gitea/compare/v1.26.1...v1.26.2) - SECURITY - fix(permissions): Fix reading permission ([#​37769](https://redirect.github.com/go-gitea/gitea/issues/37769)) - fix(actions): make artifact signature payloads unambiguous ([#​37707](https://redirect.github.com/go-gitea/gitea/issues/37707)) - fix: Unify public-only token filtering in API queries and repo access checks ([#​37118](https://redirect.github.com/go-gitea/gitea/issues/37118)) - fix: Add missed token scope checking ([#​37735](https://redirect.github.com/go-gitea/gitea/issues/37735)) - fix(oauth): bind token exchanges to the original client request ([#​37704](https://redirect.github.com/go-gitea/gitea/issues/37704)) - fix(oauth): strengthen PKCE validation and refresh token replay protection ([#​37706](https://redirect.github.com/go-gitea/gitea/issues/37706)) - fix(web): enforce token scopes on raw, media, and attachment downloads ([#​37698](https://redirect.github.com/go-gitea/gitea/issues/37698)) - fix(security): enforce wiki git writes and LFS token access at request time ([#​37695](https://redirect.github.com/go-gitea/gitea/issues/37695)) - feat(api): encrypt AWS creds ([#​37679](https://redirect.github.com/go-gitea/gitea/issues/37679)) - fix(deps): update dependency mermaid to v11.15.0 \[security], add e2e test - fix(packages): Add label for private and internal package and fix composor package source permission check ([#​37610](https://redirect.github.com/go-gitea/gitea/issues/37610)) - fix(git): Fix smart http request scope bug ([#​37583](https://redirect.github.com/go-gitea/gitea/issues/37583)) - Fix basic auth bug ([#​37503](https://redirect.github.com/go-gitea/gitea/issues/37503)) - Fix allow maintainer edit permission check ([#​37479](https://redirect.github.com/go-gitea/gitea/issues/37479)) ([#​37484](https://redirect.github.com/go-gitea/gitea/issues/37484)) - Fix URL sanitization to handle schemeless credentials ([#​37440](https://redirect.github.com/go-gitea/gitea/issues/37440)) ([#​37471](https://redirect.github.com/go-gitea/gitea/issues/37471)) - Fix attachment Content-Security-Policy ([#​37455](https://redirect.github.com/go-gitea/gitea/issues/37455)) ([#​37464](https://redirect.github.com/go-gitea/gitea/issues/37464)) - chore(deps): bump go-git/go-git/v5 to 5.19.0 ([#​37608](https://redirect.github.com/go-gitea/gitea/issues/37608)) - BUGFIXES - fix(pull): handle empty pull request files view to allow reviews ([#​37783](https://redirect.github.com/go-gitea/gitea/issues/37783)) - fix(markup): make RenderString never fail ([#​37779](https://redirect.github.com/go-gitea/gitea/issues/37779)) - fix: add natural sort to sortTreeViewNodes ([#​37772](https://redirect.github.com/go-gitea/gitea/issues/37772)) - fix: package creation unique conflict ([#​37774](https://redirect.github.com/go-gitea/gitea/issues/37774)) - fix!: add DEFAULT\_TITLE\_SOURCE setting for pull request title default behavior ([#​37465](https://redirect.github.com/go-gitea/gitea/issues/37465)) - fix: Allow direct commits for unprotected files with push restrictions ([#​37657](https://redirect.github.com/go-gitea/gitea/issues/37657)) - fix(actions): wrong assumption that run id always >= job id ([#​37737](https://redirect.github.com/go-gitea/gitea/issues/37737)) - fix(auth): set User-Agent on avatar fetch and sync avatar on link-account register ([#​37564](https://redirect.github.com/go-gitea/gitea/issues/37564)) ([#​37588](https://redirect.github.com/go-gitea/gitea/issues/37588)) - fix(actions): deadlock between PrepareRunAndInsert and UpdateTaskByState ([#​37692](https://redirect.github.com/go-gitea/gitea/issues/37692)) - fix(repo): /generate must sync the branch table for the new repo ([#​37693](https://redirect.github.com/go-gitea/gitea/issues/37693)) - build: Fix snap build (1.26) - fix(actions): run TransferLogs on UpdateLog{Rows:\[], NoMore:true} ([#​37631](https://redirect.github.com/go-gitea/gitea/issues/37631)) - fix show correct mergebase - fix: make clone URL respect public URL detection setting ([#​37615](https://redirect.github.com/go-gitea/gitea/issues/37615)) - fix: "run as root" check ([#​37622](https://redirect.github.com/go-gitea/gitea/issues/37622)) - chore(deps): update dependency go to v1.26.3 ([#​37601](https://redirect.github.com/go-gitea/gitea/issues/37601)) - Compare dropdown fails when selecting branch with no common merge-base ([#​37470](https://redirect.github.com/go-gitea/gitea/issues/37470)) - fix: treat email addresses case-insensitively ([#​37600](https://redirect.github.com/go-gitea/gitea/issues/37600)) - fix(actions): fix blank lines after ::endgroup:: ([#​37597](https://redirect.github.com/go-gitea/gitea/issues/37597)) - fix(actions): report individual step status in workflow job API response ([#​37592](https://redirect.github.com/go-gitea/gitea/issues/37592)) - fix: Invalid UTF-8 commit messages in JSON API responses ([#​37542](https://redirect.github.com/go-gitea/gitea/issues/37542)) - fix: use consistent GetUser family functions ([#​37553](https://redirect.github.com/go-gitea/gitea/issues/37553)) - fix(api): return 409 message instead of empty JSON for wrong commit id ([#​37572](https://redirect.github.com/go-gitea/gitea/issues/37572)) - fix(actions): prevent panic when workflow contains null jobs ([#​37570](https://redirect.github.com/go-gitea/gitea/issues/37570)) - Make ServeSetHeaders default to download attachment if filename exists ([#​37552](https://redirect.github.com/go-gitea/gitea/issues/37552)) ([#​37555](https://redirect.github.com/go-gitea/gitea/issues/37555)) - Fix(actions): validate workflow param to prevent 500 error ([#​37546](https://redirect.github.com/go-gitea/gitea/issues/37546)) ([#​37554](https://redirect.github.com/go-gitea/gitea/issues/37554)) - Don't unblock run-level-concurrency-blocked runs in the resolver ([#​37461](https://redirect.github.com/go-gitea/gitea/issues/37461)) ([#​37538](https://redirect.github.com/go-gitea/gitea/issues/37538)) - Fix(packages): use file names for generic web downloads ([#​37514](https://redirect.github.com/go-gitea/gitea/issues/37514)) ([#​37520](https://redirect.github.com/go-gitea/gitea/issues/37520)) - Fix merge autodetect can't close other PRs but only the last one when multiple PRs are pushed at once ([#​37512](https://redirect.github.com/go-gitea/gitea/issues/37512)) ([#​37516](https://redirect.github.com/go-gitea/gitea/issues/37516)) - Fix update branch protection order ([#​37508](https://redirect.github.com/go-gitea/gitea/issues/37508)) ([#​37513](https://redirect.github.com/go-gitea/gitea/issues/37513)) - Fix mCaptcha broken after Vite migration ([#​37492](https://redirect.github.com/go-gitea/gitea/issues/37492)) ([#​37509](https://redirect.github.com/go-gitea/gitea/issues/37509)) - Fix review submission from single-commit PR view ([#​37475](https://redirect.github.com/go-gitea/gitea/issues/37475)) ([#​37485](https://redirect.github.com/go-gitea/gitea/issues/37485)) - Fix scheduled action panic with null event payload ([#​37459](https://redirect.github.com/go-gitea/gitea/issues/37459)) ([#​37466](https://redirect.github.com/go-gitea/gitea/issues/37466)) - Make GetPossibleUserByID can handle deleted user ([#​37430](https://redirect.github.com/go-gitea/gitea/issues/37430)) ([#​37431](https://redirect.github.com/go-gitea/gitea/issues/37431)) - Remove excessive quote from terraform instructions ([#​37424](https://redirect.github.com/go-gitea/gitea/issues/37424)) ([#​37426](https://redirect.github.com/go-gitea/gitea/issues/37426)) - Fix color regressions, add `priority` color ([#​37417](https://redirect.github.com/go-gitea/gitea/issues/37417)) ([#​37421](https://redirect.github.com/go-gitea/gitea/issues/37421)) - MISC - Add CurrentURL template variable back ([#​37444](https://redirect.github.com/go-gitea/gitea/issues/37444)) ([#​37449](https://redirect.github.com/go-gitea/gitea/issues/37449)) </details> --- ### Configuration 📅 **Schedule**: (UTC) - Branch creation - At any time (no schedule defined) - Automerge - At any time (no schedule defined) 🚦 **Automerge**: Enabled. ♻ **Rebasing**: Whenever PR becomes conflicted, or you tick the rebase/retry checkbox. 🔕 **Ignore**: Close this PR and you won't be reminded about this update again. --- - [ ] <!-- rebase-check -->If you want to rebase/retry this PR, check this box --- This PR has been generated by [Renovate Bot](https://redirect.github.com/renovatebot/renovate). <!--renovate-debug:eyJjcmVhdGVkSW5WZXIiOiI0My4xMzAuMSIsInVwZGF0ZWRJblZlciI6IjQzLjEzMC4xIiwidGFyZ2V0QnJhbmNoIjoibWFzdGVyIiwibGFiZWxzIjpbImFwcC9naXRlYSIsImF1dG9tZXJnZSIsInJlbm92YXRlL2NvbnRhaW5lciIsInR5cGUvcGF0Y2giXX0=-->
135 lines
2.7 KiB
YAML
135 lines
2.7 KiB
YAML
# yaml-language-server: $schema=./values.schema.json
|
|
image:
|
|
repository: docker.io/gitea/gitea
|
|
tag: 1.26.2-rootless@sha256:c5c21a7705a16f2b2369384a3b7d67c5ed761a818bbb0a55187b5cf98cdc2e68
|
|
pullPolicy: IfNotPresent
|
|
service:
|
|
main:
|
|
ports:
|
|
main:
|
|
port: 10037
|
|
targetPort: 3000
|
|
ssh:
|
|
enabled: true
|
|
ports:
|
|
ssh:
|
|
enabled: true
|
|
port: 2222
|
|
targetPort: 2222
|
|
persistence:
|
|
data:
|
|
enabled: true
|
|
mountPath: "/data"
|
|
targetSelectAll: true
|
|
varlib:
|
|
enabled: true
|
|
mountPath: "/var/lib/gitea"
|
|
type: emptyDir
|
|
# Configure commit/action signing prerequisites
|
|
signing:
|
|
enabled: true
|
|
gpgHome: /data/git/.gnupg
|
|
|
|
admin:
|
|
# existingSecret: gitea-admin-secret
|
|
username: giteaadmin
|
|
password: r8sA8CPHD9!bt6d
|
|
email: "gitea@local.domain"
|
|
passwordMode: keepUpdated # Options: initialOnlyNoReset, initialOnlyRequireReset, or keepUpdated
|
|
metrics:
|
|
main:
|
|
enabled: true
|
|
type: "servicemonitor"
|
|
endpoints:
|
|
- port: main
|
|
path: /metrics
|
|
ldap:
|
|
enabled: false
|
|
# name:
|
|
# securityProtocol:
|
|
# host:
|
|
# port:
|
|
# userSearchBase:
|
|
# userFilter:
|
|
# adminFilter:
|
|
# emailAttribute:
|
|
# bindDn:
|
|
# bindPassword:
|
|
# usernameAttribute:
|
|
# sshPublicKeyAttribute:
|
|
oauth:
|
|
enabled: false
|
|
# name:
|
|
# provider:
|
|
# key:
|
|
# secret:
|
|
# autoDiscoverUrl:
|
|
# useCustomUrls:
|
|
# customAuthUrl:
|
|
# customTokenUrl:
|
|
# customProfileUrl:
|
|
# customEmailUrl:
|
|
config:
|
|
APP_NAME: "Gitea: Git with a cup of tea"
|
|
RUN_MODE: dev
|
|
ALLOWED_HOST_LIST: "127.0.0.1"
|
|
nodeIP: 127.0.0.1
|
|
customConfig: []
|
|
# - name: test
|
|
# keys:
|
|
# - name: testkey
|
|
# value: testvalue
|
|
|
|
# Enabled postgres
|
|
cnpg:
|
|
main:
|
|
enabled: true
|
|
user: gitea
|
|
database: gitea
|
|
# -- memcached dependency settings
|
|
memcached:
|
|
enabled: true
|
|
|
|
securityContext:
|
|
container:
|
|
runAsUser: 1000
|
|
runAsGroup: 1000
|
|
fsGroup: 1000
|
|
workload:
|
|
main:
|
|
podSpec:
|
|
initContainers:
|
|
1-init-directories:
|
|
enabled: true
|
|
imageSelector: image
|
|
type: init
|
|
command:
|
|
- "/usr/sbin/init_directory_structure.sh"
|
|
securityContext:
|
|
runAsUser: 0
|
|
runAsNonRoot: false
|
|
envFrom:
|
|
- configMapRef:
|
|
name: gitea-env
|
|
2-configure-gitea:
|
|
enabled: true
|
|
imageSelector: image
|
|
type: init
|
|
command:
|
|
- "/usr/sbin/configure_gitea.sh"
|
|
envFrom:
|
|
- configMapRef:
|
|
name: gitea-env
|
|
containers:
|
|
main:
|
|
probes:
|
|
liveness:
|
|
type: tcp
|
|
readiness:
|
|
type: tcp
|
|
startup:
|
|
type: tcp
|
|
envFrom:
|
|
- configMapRef:
|
|
name: gitea-env
|