## @section Common parameters

## @param replicaCount Number of replicas for the bot
replicaCount: 2

## ref: https://hub.docker.com/r/justusbunsi/gitea-sonarqube-bot/tags/
## @param image.repository Image repository
## @param image.pullPolicy Image pull policy
## @param image.tag Image tag (Overrides the image tag whose default is the chart `appVersion`)
image:
  repository: harbor.avroid.tech/devops/gitea-sonarqube-bot
  tag: "avr-v0.3.4"

## @param imagePullSecrets Specify docker-registry secret names as an array
imagePullSecrets:
  - name: harbor-registry-secret

## We usually recommend not to specify default resources and to leave this as a conscious
## choice for the user. This also increases chances charts run on environments with little
## resources, such as Minikube. If you do want to specify resources, uncomment the following
## lines, adjust them as necessary, and remove the curly braces after 'resources:'.
## @param resources.limits The resources limits for the container
## @param resources.requests The requested resources for the container
resources:
  requests:
    cpu: 50m
    memory: 64Mi
  limits:
    cpu: 100m
    memory: 128Mi

## @param nodeSelector Node labels for pod assignment. Evaluated as a template.
## ref: https://kubernetes.io/docs/user-guide/node-selection/
nodeSelector:
  node-role.kubernetes.io/worker: ""

## @param podAnnotations Pod annotations.
podAnnotations:
  vault.security.banzaicloud.io/vault-addr: "https://vault.avroid.tech"
  vault.security.banzaicloud.io/vault-role: "avroid-prod"
  vault.security.banzaicloud.io/vault-skip-verify: "false"
  vault.security.banzaicloud.io/vault-path: "avroid-office"

## @section App parameters

app:
  ## @param app.configLocationOverride Override the default location of the configuration file (`/home/bot/config/config.yaml`). **Available since Chart version `0.2.0`. Requires at least image tag `v0.2.0`**. (See values file for details)
  ## Setting this will also change the mount point for `.Values.app.configuration` to the directory part of the override value.
  configLocationOverride: ""

  ## This object represents the [config.yaml](https://codeberg.org/justusbunsi/gitea-sonarqube-bot/src/branch/main/config/config.example.yaml) provided to the application.
  configuration:
    ## Gitea related configuration. Necessary for adding/updating comments on repository pull requests
    gitea:
      ## @param app.configuration.gitea.url Endpoint of your Gitea instance. Must be expandable by '/api/v1' to form the API base path as shown in Swagger UI.
      url: "https://git.avroid.tech"

      ## Created access token for the user that shall be used as bot account.
      ## User needs "Read project" permissions with access to "Pull Requests"
      ## @param app.configuration.gitea.token.value Gitea token as plain text. Can be replaced with `file` key containing path to file.
      token:
        value: ""

      ## If the sent webhook has a signature header, the bot validates the request payload. If the value does not match, the
      ## request will be ignored.
      ## The bot looks for `X-Gitea-Signature` header containing the sha256 hmac hash of the plain text secret. If the header
      ## exists and no webhookSecret is defined here, the bot will ignore the request, because it cannot be validated.
      ## @param app.configuration.gitea.webhook.secret Secret for signature header (in plaintext)
      ## @extra app.configuration.gitea.webhook.secretFile Path to file containing the plain text secret. Alternative to inline `app.configuration.gitea.webhook.secret`
      webhook:
        secret: ""

    ## SonarQube related configuration. Necessary for requesting data from the API and processing the webhook.
    sonarqube:
      ## @param app.configuration.sonarqube.url Endpoint of your SonarQube instance. Must be expandable by '/api' to form the API base path.
      url: "https://sonarqube.avroid.tech"

      ## Created access token for the user that shall be used as bot account.
      ## User needs "Browse on project" permissions
      ## @param app.configuration.sonarqube.token.value SonarQube token as plain text. Can be replaced with `file` key containing path to file.
      token:
        value: ""

      ## If the sent webhook has a signature header, the bot validates the request payload. If the value does not match, the
      ## request will be ignored.
      ## The bot looks for `X-Sonar-Webhook-HMAC-SHA256` header containing the sha256 hmac hash of the plain text secret.
      ## If the header exists and no webhookSecret is defined here, the bot will ignore the request, because it cannot be
      ## validated.
      ## @param app.configuration.sonarqube.webhook.secret Secret for signature header (in plaintext)
      ## @extra app.configuration.sonarqube.webhook.secretFile Path to file containing the plain text secret. Alternative to inline `app.configuration.sonarqube.webhook.secret`
      webhook:
        secret: ""

    ## List of project mappings to take care of. Webhooks for other projects will be ignored.
    ## At least one must be configured. Otherwise, all webhooks (no matter which source) because the bot cannot map on its own.
    ## @param app.configuration.projects[0].sonarqube.key Project key inside SonarQube
    ## @param app.configuration.projects[0].gitea.owner Repository owner inside Gitea
    ## @param app.configuration.projects[0].gitea.name Repository name inside Gitea
    projects:
      - sonarqube:
          key: example:example_sast
        ## A repository specification contains the owner name and the repository name itself. The owner can be the name of a
        ## real account or an organization in which the repository is located.
        gitea:
          owner: DevSec
          name: sast-demo

    ## Define pull request names from SonarScanner analysis. Default pattern matches the Jenkins Gitea plugin schema.
    ## @param app.configuration.namingPattern.regex Regular expression that MUST HAVE exactly ONE GROUP that matches the integer part of the PR. That integer part is identical to the pull request ID in Gitea.
    ## @param app.configuration.namingPattern.template Valid Go format string. It MUST have one integer placeholder which will be replaced by the pull request ID. See: https://pkg.go.dev/fmt#hdr-Printing
    namingPattern:
      regex: ^PR-(\d+)$
      urlregex: ^http.*&pullRequest=PR-(\d+).*$
      template: PR-%d

    bitbucket:
      webhook:
        secret: ""

## @section Security parameters

serviceAccount:
  ## @param serviceAccount.create Specifies whether a service account should be created
  create: false
  ## @param serviceAccount.name The name of the service account to use. If not set and create is true, a name is generated using the fullname template
  name: "vault"

## ref: https://kubernetes.io/docs/user-guide/ingress/
ingress:

  ## @param ingress.enabled Enable ingress controller resource
  enabled: true

  ## @param ingress.className IngressClass that will be be used to implement the Ingress (Kubernetes 1.18+)
  ## This is supported in Kubernetes 1.18+ and required if you have more than one IngressClass marked as the default for your cluster.
  ## ref: https://kubernetes.io/blog/2020/04/02/improvements-to-the-ingress-api-in-kubernetes-1.18/
  className: "nginx"

  ## @param ingress.annotations Additional annotations for the Ingress resource.
  annotations:
    kubernetes.io/ingress.class: nginx

  ## @param ingress.hosts[0].host Host for the ingress resource
  ## @param ingress.hosts[0].paths[0].path The path to the bot endpoint
  ## @param ingress.hosts[0].paths[0].pathType Ingress path type
  hosts:
    - host: gitea-sonarqube-bot.avroid.tech
      paths:
        - path: /
          pathType: ImplementationSpecific