feat(gitea): replace Bitnami PostgreSQL and Redis with CNPG and Valkey

[adamancini]

Summary

• Remove all four Bitnami subchart dependencies (postgresql, postgresql-ha, redis-cluster, redis) from the Gitea Helm chart
• Deploy PostgreSQL via CloudNativePG operator (same pattern as storagebox)
• Deploy Valkey (Redis-compatible) via the official valkey-io/valkey-helm chart as a subchart
• Wire Gitea to use these external services via gitea.config.database.* and gitea.config.cache/session/queue.*
• Add CNPG operator (0.27.0) and cert-manager (v1.19.1) as Embedded Cluster extensions
• Update EC version to 2.13.3+k8s-1.33 and ingress-nginx to 4.14.1
• Replace bitnami/kubectl image with registry.k8s.io/kubectl:v1.33.0
• Add KOTS config group for Valkey cache settings
• Default internal_postgres_enabled to true (aligns with Valkey which already defaults true)
• Bump chart version to 11.0.0
• Fix deprecated helm.sh/hook: test-success annotation to test
• Add CI workflow (gitea-ci.yml) with lint-and-template and helm-install-test jobs
• Add Python smoke tests validating Gitea HTTP, CNPG PostgreSQL, and Valkey connectivity
• Add Makefile test targets (test-lint, test-install-operators, test-install, test-smoke, test-all)

Motivation

Bitnami is transitioning to a paid Broadcom subscription model after September 2025. Rather than forking/modifying the upstream Gitea chart templates, this disables the Bitnami subcharts and wires Gitea to operator-managed PostgreSQL and Valkey. The Gitea chart's _helpers.tpl already supports this — when subchart conditions are false, explicit gitea.config.* values take precedence.

External database support

The chart supports both embedded (CNPG) and external PostgreSQL. When postgres.embedded.enabled: false, no CNPG Cluster CR is created and Gitea connects to whatever gitea.config.database.HOST points to. The KOTS config exposes postgres_host as a user-editable field for this purpose.

Test plan

• helm dependency update charts/gitea resolves Valkey, no Bitnami
• helm lint charts/gitea passes
• helm template gitea charts/gitea --debug renders CNPG Cluster CR, Valkey subchart, and correct Gitea connection strings
• Verify gitea.config.database.HOST, cache.HOST, session.PROVIDER_CONFIG, queue.CONN_STR all point to correct services
• make package-and-update packages chart as gitea-11.0.0.tgz
• Deploy to CMX k3s 1.32 cluster and verify Gitea connects to CNPG PostgreSQL and Valkey
• Smoke tests pass: Gitea HTTP (v1.22.3), PostgreSQL TCP, Valkey TCP
• registry.k8s.io/kubectl:v1.33.0 resolves correctly (v prefix required)

Review feedback addressed

• kubectl image tag needs v prefix (v1.33.0 not 1.33.0) — fixed in 84f19d6
• Replicated SDK dependency — out of scope, tracked in Add Replicated SDK Chart to applications #105
• CNPG as EC extension vs subchart — explained: EC extensions install before the app, ensuring CRDs exist. For helm install, users can pre-install the operator or point to an external database.

Resolves #97

[xavpaice]

if we've removed redis, should we remove this stanza?

[jmboby]

@adamancini I found this issue with the release:

# gitea-chart.yaml
#Line 50 | Error: unexpected "\\" in operand
#Error unable-to-render.

HOST: "redis://:repl{{ ConfigOption \"valkey_password\" }}@gitea-valkey:6379/0?pool_size=100&idle_timeout=180s&"

Naturally this is causing the Admin Console to fail spinning up: