# Gitea Helm values configuration for Bakery-IA CI/CD
# This configuration sets up Gitea with registry support and appropriate storage
#
# Installation:
#   helm repo add gitea https://dl.gitea.io/charts
#   kubectl create namespace gitea
#   helm install gitea gitea/gitea -n gitea -f infrastructure/cicd/gitea/values.yaml
#
# NOTE: The namespace is determined by the -n flag during helm install, not in this file.

# Use regular Gitea image instead of rootless to ensure registry functionality
# Rootless images don't support container registry due to security restrictions
image:
  rootless: false

service:
  http:
    type: ClusterIP
    port: 3000
  ssh:
    type: ClusterIP
    port: 2222
  # NOTE: Gitea's container registry is served on port 3000 (same as HTTP) under /v2/
  # The registry.PORT in gitea config is NOT used for external access
  # Registry authentication and API is handled by the main HTTP service

ingress:
  enabled: false  # Disable Gitea's built-in ingress - use common ingress instead

persistence:
  enabled: true
  size: 10Gi
  # Use standard storage class (works with Kind's default provisioner)
  # For microk8s: storageClass: "microk8s-hostpath"
  # For Kind: leave empty or use "standard"
  storageClass: ""

gitea:
  admin:
    username: bakery-admin
    # IMPORTANT: Override this with --set gitea.admin.password=<secure-password>
    # or use existingSecret
    password: ""
    email: admin@bakery-ia.local
    existingSecret: gitea-admin-secret
  config:
    server:
      DOMAIN: gitea.bakery-ia.local
      SSH_DOMAIN: gitea.bakery-ia.local
      # Use HTTPS for external access; TLS termination happens at ingress
      ROOT_URL: https://gitea.bakery-ia.local
      HTTP_PORT: 3000
      # Enable package registry
      PACKAGES_ENABLED: true
      # Disable built-in HTTPS since ingress handles TLS
      PROTOCOL: http
    repository:
      ENABLE_PUSH_CREATE_USER: true
      ENABLE_PUSH_CREATE_ORG: true
    packages:
      ENABLED: true
    registry:
      ENABLE: true
      ROOT: /var/lib/gitea-registry
      STORAGE_TYPE: local
      # NOTE: PORT config here is internal - registry is accessed via HTTP port on /v2/ path
    # Additional registry configuration for proper external access
    docker:
      ENABLE: true
      REGISTRY_SSL_REDIRECT: false  # SSL termination happens at ingress
    webhook:
      ALLOWED_HOST_LIST: "*"
      # Allow internal cluster URLs for Tekton EventListener
      SKIP_TLS_VERIFY: true
    service:
      DISABLE_REGISTRATION: false
      REQUIRE_SIGNIN_VIEW: false

# Use embedded SQLite for simpler local development
# For production, enable postgresql
postgresql:
  enabled: false

# Use embedded in-memory cache for local dev
redis-cluster:
  enabled: false

# Resource configuration for local development
resources:
  limits:
    cpu: 500m
    memory: 512Mi
  requests:
    cpu: 100m
    memory: 256Mi

# Init containers timeout
initContainers:
  resources:
    limits:
      cpu: 100m
      memory: 128Mi
    requests:
      cpu: 50m
      memory: 64Mi