Skip to content

PAG svc ingress

PAG svc ingress #2334

Workflow file for this run

---
name: Helm Charts test and docs
on:
pull_request:
branches:
- main
jobs:
# Only run tests and generate docs if Helm files have changed.
helm-change:
runs-on: 'ubuntu-latest'
if: ${{ ! startsWith(github.triggering_actor, 'akeyless') }}
permissions:
pull-requests: read
outputs:
charts-change: ${{ steps.filter.outputs.charts-change }}
steps:
- name: "Check charts files changes"
uses: dorny/paths-filter@v3
id: filter
with:
filters: |
charts-change:
- 'charts/**/dockerfiles/**'
- 'charts/**/templates/**'
- 'charts/**/values.yaml'
- 'charts/**/Chart.yaml'
- 'charts-private/**/dockerfiles/**'
- 'charts-private/**/templates/**'
- 'charts-private/**/values.yaml'
- 'charts-private/**/Chart.yaml'
helm-test:
needs: helm-change
if: ${{ needs.helm-change.outputs.charts-change == 'true' && ! startsWith(github.triggering_actor, 'akeyless') }}
runs-on: 'ubuntu-latest'
env:
HELM_VERSION: "v3.14.1"
permissions:
contents: read
id-token: write
steps:
- name: "Checkout current PR"
uses: actions/checkout@v4
with:
fetch-depth: 0
- name: "Install Helm"
uses: azure/setup-helm@v4
with:
version: "${{ env.HELM_VERSION }}"
- name: "Install Python 3"
uses: actions/setup-python@v5
with:
python-version: '3.9'
check-latest: true
- name: "Set up chart-testing"
uses: helm/chart-testing-action@v2
- name: "Run chart-testing (list-changed)"
id: list-changed
run: |
changed=$(ct list-changed --target-branch ${{ github.event.repository.default_branch }} --chart-dirs charts,charts-private)
if [[ -n "$changed" ]]; then
echo "changed=true" >> $GITHUB_OUTPUT
changed=$(echo $changed | tr '\n' ' ')
echo "changed_charts=$changed" >> $GITHUB_OUTPUT
fi
- name: "Run chart-testing (lint)"
if: steps.list-changed.outputs.changed == 'true'
run: ct lint --target-branch ${{ github.event.repository.default_branch }} --chart-dirs charts,charts-private
- name: "Create kind cluster"
if: steps.list-changed.outputs.changed == 'true'
uses: helm/kind-action@v1.10.0
- name: "Install dependencies - Kong CRDs"
if: steps.list-changed.outputs.changed == 'true' && contains(steps.list-changed.outputs.changed_charts, 'charts/kong-celo-fullnode')
# contains(join(steps.updated_files.outputs.all), 'charts/kong-celo-fullnode/')
run: |
kubectl apply -f https://raw.githubusercontent.com/Kong/kong-operator/main/helm-charts/kong/crds/custom-resource-definitions.yaml
- name: "Install dependencies - ConfigConnector CRDs"
if: steps.list-changed.outputs.changed == 'true' && contains(steps.list-changed.outputs.changed_charts, 'charts/blockscout')
run: |
dir=${PWD%/*}
mkdir /tmp/k8s-config-connector && cd /tmp/k8s-config-connector
git init
git remote add -f origin https://github.com/GoogleCloudPlatform/k8s-config-connector
git config core.sparseCheckout true
echo "crds/*" >> .git/info/sparse-checkout
git pull origin master
kubectl apply -f crds/
cd $dir
- name: "Install dependencies - ExternalSecrets CRDs"
if: steps.list-changed.outputs.changed == 'true' && contains(steps.list-changed.outputs.changed_charts, 'charts/optics-keymaster')
run: |
kubectl apply --kustomize https://github.com/external-secrets/external-secrets.git/config/crds/bases\?ref\=main
- name: "Authenticate to Google Cloud"
if: steps.list-changed.outputs.changed == 'true'
uses: google-github-actions/auth@v2
with:
workload_identity_provider: projects/1094498259535/locations/global/workloadIdentityPools/gh-charts/providers/github-by-repos
service_account: 'pull-helm-charts@devopsre.iam.gserviceaccount.com'
- name: "Set up Cloud SDK"
if: steps.list-changed.outputs.changed == 'true'
uses: google-github-actions/setup-gcloud@v2
- name: "Login to Artifact Registry"
if: steps.list-changed.outputs.changed == 'true'
run: |
set -o errexit
# desired cluster name; default is "kind"
KIND_CLUSTER_NAME="chart-testing"
# create a temp file for the docker config
echo "Creating temporary docker client config directory ..."
DOCKER_CONFIG=$(mktemp -d)
export DOCKER_CONFIG
trap 'echo "Removing ${DOCKER_CONFIG}/*" && rm -rf ${DOCKER_CONFIG:?}' EXIT
echo "Creating a temporary config.json"
# This is to force the omission of credsStore, which is automatically
# created on supported system. With credsStore missing, "docker login"
# will store the password in the config.json file.
# https://docs.docker.com/engine/reference/commandline/login/#credentials-store
cat <<EOF >"${DOCKER_CONFIG}/config.json"
{
"auths": { "gcr.io": {} }
}
EOF
# login to gcr in DOCKER_CONFIG using an access token
# https://cloud.google.com/container-registry/docs/advanced-authentication#access_token
echo "Logging in to GCR in temporary docker client config directory ..."
gcloud auth application-default print-access-token | \
docker login -u oauth2accesstoken --password-stdin https://us-west1-docker.pkg.dev
# setup credentials on each node
echo "Moving credentials to kind cluster name='${KIND_CLUSTER_NAME}' nodes ..."
for node in $(kind get nodes --name "${KIND_CLUSTER_NAME}"); do
# the -oname format is kind/name (so node/name) we just want name
node_name=${node#node/}
# copy the config to where kubelet will look
docker cp "${DOCKER_CONFIG}/config.json" "${node_name}:/var/lib/kubelet/config.json"
# restart kubelet to pick up the config
docker exec "${node_name}" systemctl restart kubelet.service
done
echo "Done!"
- name: "Templating charts"
if: steps.list-changed.outputs.changed == 'true'
run: |
for chart in ${{ steps.list-changed.outputs.changed_charts }}; do
if [ -d ./${chart} ]; then
# Only template 'application' charts (libraries cannot be templated)
if cat "./${chart}/Chart.yaml" | grep -E '^type' | grep 'application' >/dev/null; then
# Skipping clean-pvcs as .Release.Namespace does not exist in helm template
if [ "${chart}" != "charts/clean-pvcs" ]; then
echo "Templating ${chart}."
helm template "./${chart}/" -f "./${chart}/values.yaml"
# Skipping celo-fullnode-backups as kind has not volumesnapshot and gemini cannot be installed
if [ "${chart}" != "charts/celo-fullnode-backups" ]; then
echo "Validating ${chart} templates."
# Check against K8s API
helm template "./${chart}/" -f "./${chart}/values.yaml" --validate
fi
fi
fi
else
echo "Skipping ${chart} as it seems it has been deleted."
fi
done
- name: "Setup tmate session"
uses: mxschmitt/action-tmate@v3
timeout-minutes: 30
if: false
with:
limit-access-to-actor: true
- name: "Run chart-testing (install)"
if: steps.list-changed.outputs.changed == 'true'
run: >
ct install
--target-branch ${{ github.event.repository.default_branch }}
--chart-dirs charts,charts-private
--excluded-charts akeyless-gcp-producer,celo-fullnode-backups,common,daily-chain-backup
--excluded-charts blockscout,akeyless-gadmin-producer,ultragreen-dashboard,kong-celo-fullnode
--excluded-charts eigenda-proxy,nethermind,prysm,op-conductor
--chart-repos bitnami=https://charts.bitnami.com/bitnami,stakewise=https://charts.stakewise.io/
helm-docs:
runs-on: 'ubuntu-latest'
if: ${{ ! startsWith(github.triggering_actor, 'akeyless') }}
needs: 'helm-test'
env:
HELM_DOCS_VERSION: "1.14.2"
permissions:
id-token: write
steps:
- name: "Get GitHub Token from Akeyless"
id: get_auth_token
uses:
docker://us-west1-docker.pkg.dev/devopsre/akeyless-public/akeyless-action:latest
with:
api-url: https://api.gateway.akeyless.celo-networks-dev.org
access-id: p-kf9vjzruht6l
dynamic-secrets: '{"/dynamic-secrets/keys/github/charts/contents=write,pull_requests=write":"PAT"}'
- name: "Checkout current PR"
uses: actions/checkout@v4
with:
token: ${{ env.PAT }}
- name: "Install helm-docs"
run: |
cd /tmp
wget https://github.com/norwoodj/helm-docs/releases/download/v${{env.HELM_DOCS_VERSION}}/helm-docs_${{env.HELM_DOCS_VERSION}}_Linux_x86_64.tar.gz
tar -xvf helm-docs_${{env.HELM_DOCS_VERSION}}_Linux_x86_64.tar.gz
sudo mv helm-docs /usr/local/sbin
- name: "Run helm-docs in changed charts"
run: |
helm-docs
- name: Install YQ
uses: dcarbone/install-yq-action@v1.1.1
- name: "Regenerate list of charts"
run: |
# Function to generate the list of charts
generate_chart_list() {
local chart_list=""
for file in $(find ./charts -type d -maxdepth 1 ! -name 'charts' | sort); do
desc=$(cat "$file/Chart.yaml" | yq .description)
chart_list+="- [$(basename "$file")]($file/README.md) - $desc"$'\n'
done
echo "$chart_list"
}
# Main script
update_markdown() {
local markdown_file=$1
START_HEADING="## List of charts"
END_HEADING="## Helm charts best practices"
# Generate chart list
chart_list=$(generate_chart_list)
TEMP_FILE=$(mktemp)
printf '%s\n' "$chart_list" > $TEMP_FILE
sed -i "/$START_HEADING/,/$END_HEADING/{//!d; /$START_HEADING/r $TEMP_FILE
}" $markdown_file
}
# Run the update_markdown function with the specified markdown file
update_markdown "README.md"
- name: "Commit updated README.md to the branch if changed"
uses: stefanzweifel/git-auto-commit-action@v5
with:
commit_message: '[Automatic] - Update chart README.md'
file_pattern: 'README.md charts/**/README.md charts-private/**/README.md'