-
Notifications
You must be signed in to change notification settings - Fork 2
274 lines (238 loc) · 10.8 KB
/
helm_test.yml
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
232
233
234
235
236
237
238
239
240
241
242
243
244
245
246
247
248
249
250
251
252
253
254
255
256
257
258
259
260
261
262
263
264
265
266
267
268
269
270
271
272
273
274
---
name: Helm Charts test and docs
on:
pull_request:
branches:
- main
jobs:
# Only run tests and generate docs if Helm files have changed.
helm-change:
runs-on: 'ubuntu-latest'
if: ${{ ! startsWith(github.triggering_actor, 'akeyless') }}
permissions:
pull-requests: read
outputs:
charts-change: ${{ steps.filter.outputs.charts-change }}
steps:
- name: "Check charts files changes"
uses: dorny/paths-filter@v3
id: filter
with:
filters: |
charts-change:
- 'charts/**/dockerfiles/**'
- 'charts/**/templates/**'
- 'charts/**/values.yaml'
- 'charts/**/Chart.yaml'
- 'charts-private/**/dockerfiles/**'
- 'charts-private/**/templates/**'
- 'charts-private/**/values.yaml'
- 'charts-private/**/Chart.yaml'
helm-test:
needs: helm-change
if: ${{ needs.helm-change.outputs.charts-change == 'true' && ! startsWith(github.triggering_actor, 'akeyless') }}
runs-on: 'ubuntu-latest'
env:
HELM_VERSION: "v3.14.1"
permissions:
contents: read
id-token: write
steps:
- name: "Checkout current PR"
uses: actions/checkout@v4
with:
fetch-depth: 0
- name: "Install Helm"
uses: azure/setup-helm@v4
with:
version: "${{ env.HELM_VERSION }}"
- name: "Install Python 3"
uses: actions/setup-python@v5
with:
python-version: '3.9'
check-latest: true
- name: "Set up chart-testing"
uses: helm/chart-testing-action@v2
- name: "Run chart-testing (list-changed)"
id: list-changed
run: |
changed=$(ct list-changed --target-branch ${{ github.event.repository.default_branch }} --chart-dirs charts,charts-private)
if [[ -n "$changed" ]]; then
echo "changed=true" >> $GITHUB_OUTPUT
changed=$(echo $changed | tr '\n' ' ')
echo "changed_charts=$changed" >> $GITHUB_OUTPUT
fi
- name: "Run chart-testing (lint)"
if: steps.list-changed.outputs.changed == 'true'
run: ct lint --target-branch ${{ github.event.repository.default_branch }} --chart-dirs charts,charts-private
- name: "Create kind cluster"
if: steps.list-changed.outputs.changed == 'true'
uses: helm/kind-action@v1.10.0
- name: "Install dependencies - Kong CRDs"
if: steps.list-changed.outputs.changed == 'true' && contains(steps.list-changed.outputs.changed_charts, 'charts/kong-celo-fullnode')
# contains(join(steps.updated_files.outputs.all), 'charts/kong-celo-fullnode/')
run: |
kubectl apply -f https://raw.githubusercontent.com/Kong/kong-operator/main/helm-charts/kong/crds/custom-resource-definitions.yaml
- name: "Install dependencies - ConfigConnector CRDs"
if: steps.list-changed.outputs.changed == 'true' && contains(steps.list-changed.outputs.changed_charts, 'charts/blockscout')
run: |
dir=${PWD%/*}
mkdir /tmp/k8s-config-connector && cd /tmp/k8s-config-connector
git init
git remote add -f origin https://github.com/GoogleCloudPlatform/k8s-config-connector
git config core.sparseCheckout true
echo "crds/*" >> .git/info/sparse-checkout
git pull origin master
kubectl apply -f crds/
cd $dir
- name: "Install dependencies - ExternalSecrets CRDs"
if: steps.list-changed.outputs.changed == 'true' && contains(steps.list-changed.outputs.changed_charts, 'charts/optics-keymaster')
run: |
kubectl apply --kustomize https://github.com/external-secrets/external-secrets.git/config/crds/bases\?ref\=main
- name: "Authenticate to Google Cloud"
if: steps.list-changed.outputs.changed == 'true'
uses: google-github-actions/auth@v2
with:
workload_identity_provider: projects/1094498259535/locations/global/workloadIdentityPools/gh-charts/providers/github-by-repos
service_account: 'pull-helm-charts@devopsre.iam.gserviceaccount.com'
- name: "Set up Cloud SDK"
if: steps.list-changed.outputs.changed == 'true'
uses: google-github-actions/setup-gcloud@v2
- name: "Login to Artifact Registry"
if: steps.list-changed.outputs.changed == 'true'
run: |
set -o errexit
# desired cluster name; default is "kind"
KIND_CLUSTER_NAME="chart-testing"
# create a temp file for the docker config
echo "Creating temporary docker client config directory ..."
DOCKER_CONFIG=$(mktemp -d)
export DOCKER_CONFIG
trap 'echo "Removing ${DOCKER_CONFIG}/*" && rm -rf ${DOCKER_CONFIG:?}' EXIT
echo "Creating a temporary config.json"
# This is to force the omission of credsStore, which is automatically
# created on supported system. With credsStore missing, "docker login"
# will store the password in the config.json file.
# https://docs.docker.com/engine/reference/commandline/login/#credentials-store
cat <<EOF >"${DOCKER_CONFIG}/config.json"
{
"auths": { "gcr.io": {} }
}
EOF
# login to gcr in DOCKER_CONFIG using an access token
# https://cloud.google.com/container-registry/docs/advanced-authentication#access_token
echo "Logging in to GCR in temporary docker client config directory ..."
gcloud auth application-default print-access-token | \
docker login -u oauth2accesstoken --password-stdin https://us-west1-docker.pkg.dev
# setup credentials on each node
echo "Moving credentials to kind cluster name='${KIND_CLUSTER_NAME}' nodes ..."
for node in $(kind get nodes --name "${KIND_CLUSTER_NAME}"); do
# the -oname format is kind/name (so node/name) we just want name
node_name=${node#node/}
# copy the config to where kubelet will look
docker cp "${DOCKER_CONFIG}/config.json" "${node_name}:/var/lib/kubelet/config.json"
# restart kubelet to pick up the config
docker exec "${node_name}" systemctl restart kubelet.service
done
echo "Done!"
- name: "Templating charts"
if: steps.list-changed.outputs.changed == 'true'
run: |
for chart in ${{ steps.list-changed.outputs.changed_charts }}; do
if [ -d ./${chart} ]; then
# Only template 'application' charts (libraries cannot be templated)
if cat "./${chart}/Chart.yaml" | grep -E '^type' | grep 'application' >/dev/null; then
# Skipping clean-pvcs as .Release.Namespace does not exist in helm template
if [ "${chart}" != "charts/clean-pvcs" ]; then
echo "Templating ${chart}."
helm template "./${chart}/" -f "./${chart}/values.yaml"
# Skipping celo-fullnode-backups as kind has not volumesnapshot and gemini cannot be installed
if [ "${chart}" != "charts/celo-fullnode-backups" ]; then
echo "Validating ${chart} templates."
# Check against K8s API
helm template "./${chart}/" -f "./${chart}/values.yaml" --validate
fi
fi
fi
else
echo "Skipping ${chart} as it seems it has been deleted."
fi
done
- name: "Setup tmate session"
uses: mxschmitt/action-tmate@v3
timeout-minutes: 30
if: false
with:
limit-access-to-actor: true
- name: "Run chart-testing (install)"
if: steps.list-changed.outputs.changed == 'true'
run: >
ct install
--target-branch ${{ github.event.repository.default_branch }}
--chart-dirs charts,charts-private
--excluded-charts akeyless-gcp-producer,celo-fullnode-backups,common,daily-chain-backup
--excluded-charts blockscout,akeyless-gadmin-producer,ultragreen-dashboard,kong-celo-fullnode
--excluded-charts eigenda-proxy,nethermind,prysm,op-conductor
--chart-repos bitnami=https://charts.bitnami.com/bitnami,stakewise=https://charts.stakewise.io/
helm-docs:
runs-on: 'ubuntu-latest'
if: ${{ ! startsWith(github.triggering_actor, 'akeyless') }}
needs: 'helm-test'
env:
HELM_DOCS_VERSION: "1.14.2"
permissions:
id-token: write
steps:
- name: "Get GitHub Token from Akeyless"
id: get_auth_token
uses:
docker://us-west1-docker.pkg.dev/devopsre/akeyless-public/akeyless-action:latest
with:
api-url: https://api.gateway.akeyless.celo-networks-dev.org
access-id: p-kf9vjzruht6l
dynamic-secrets: '{"/dynamic-secrets/keys/github/charts/contents=write,pull_requests=write":"PAT"}'
- name: "Checkout current PR"
uses: actions/checkout@v4
with:
token: ${{ env.PAT }}
- name: "Install helm-docs"
run: |
cd /tmp
wget https://github.com/norwoodj/helm-docs/releases/download/v${{env.HELM_DOCS_VERSION}}/helm-docs_${{env.HELM_DOCS_VERSION}}_Linux_x86_64.tar.gz
tar -xvf helm-docs_${{env.HELM_DOCS_VERSION}}_Linux_x86_64.tar.gz
sudo mv helm-docs /usr/local/sbin
- name: "Run helm-docs in changed charts"
run: |
helm-docs
- name: Install YQ
uses: dcarbone/install-yq-action@v1.3.1
- name: "Regenerate list of charts"
run: |
# Function to generate the list of charts
generate_chart_list() {
local chart_list=""
for file in $(find ./charts -type d -maxdepth 1 ! -name 'charts' | sort); do
desc=$(cat "$file/Chart.yaml" | yq .description)
chart_list+="- [$(basename "$file")]($file/README.md) - $desc"$'\n'
done
echo "$chart_list"
}
# Main script
update_markdown() {
local markdown_file=$1
START_HEADING="## List of charts"
END_HEADING="## Helm charts best practices"
# Generate chart list
chart_list=$(generate_chart_list)
TEMP_FILE=$(mktemp)
printf '%s\n' "$chart_list" > $TEMP_FILE
sed -i "/$START_HEADING/,/$END_HEADING/{//!d; /$START_HEADING/r $TEMP_FILE
}" $markdown_file
}
# Run the update_markdown function with the specified markdown file
update_markdown "README.md"
- name: "Commit updated README.md to the branch if changed"
uses: stefanzweifel/git-auto-commit-action@v5
with:
commit_message: '[Automatic] - Update chart README.md'
file_pattern: 'README.md charts/**/README.md charts-private/**/README.md'