From 8cffa813037f86248d2364af452ee4e7a6334a81 Mon Sep 17 00:00:00 2001 From: Massimiliano Giovagnoli Date: Sat, 30 Dec 2023 16:22:41 +0100 Subject: [PATCH] ci(charts): add linting and publishing jobs Signed-off-by: Massimiliano Giovagnoli --- .github/configs/ct.yaml | 10 ++++ .github/configs/lintconf.yaml | 43 ++++++++++++++ .github/workflows/lint-charts.yml | 48 ++++++++++++++++ .github/workflows/publish-charts.yml | 81 +++++++++++++++++++++++++++ Makefile | 22 +++++++- charts/capsule-addon-fluxcd/README.md | 41 ++++++++++++++ 6 files changed, 243 insertions(+), 2 deletions(-) create mode 100644 .github/configs/ct.yaml create mode 100644 .github/configs/lintconf.yaml create mode 100644 .github/workflows/lint-charts.yml create mode 100644 .github/workflows/publish-charts.yml create mode 100644 charts/capsule-addon-fluxcd/README.md diff --git a/.github/configs/ct.yaml b/.github/configs/ct.yaml new file mode 100644 index 0000000..af59857 --- /dev/null +++ b/.github/configs/ct.yaml @@ -0,0 +1,10 @@ +remote: origin +target-branch: main +chart-dirs: + - charts +helm-extra-args: "--timeout 600s" +validate-chart-schema: false +validate-maintainers: false +validate-yaml: true +exclude-deprecated: true +check-version-increment: false diff --git a/.github/configs/lintconf.yaml b/.github/configs/lintconf.yaml new file mode 100644 index 0000000..947c502 --- /dev/null +++ b/.github/configs/lintconf.yaml @@ -0,0 +1,43 @@ + +--- +rules: + braces: + min-spaces-inside: 0 + max-spaces-inside: 0 + min-spaces-inside-empty: -1 + max-spaces-inside-empty: -1 + brackets: + min-spaces-inside: 0 + max-spaces-inside: 0 + min-spaces-inside-empty: -1 + max-spaces-inside-empty: -1 + colons: + max-spaces-before: 0 + max-spaces-after: 1 + commas: + max-spaces-before: 0 + min-spaces-after: 1 + max-spaces-after: 1 + comments: + require-starting-space: true + min-spaces-from-content: 1 + document-end: disable + document-start: disable # No --- to start a file + empty-lines: + max: 2 + max-start: 0 + max-end: 0 + hyphens: + max-spaces-after: 1 + indentation: + spaces: consistent + indent-sequences: whatever # - list indentation will handle both indentation and without + check-multi-line-strings: false + key-duplicates: enable + line-length: disable # Lines can be any length + new-line-at-end-of-file: enable + new-lines: + type: unix + trailing-spaces: enable + truthy: + level: warning diff --git a/.github/workflows/lint-charts.yml b/.github/workflows/lint-charts.yml new file mode 100644 index 0000000..85bda23 --- /dev/null +++ b/.github/workflows/lint-charts.yml @@ -0,0 +1,48 @@ +name: Lint charts +permissions: {} + +on: + pull_request: + branches: [ "main" ] + +concurrency: + group: ${{ github.workflow }}-${{ github.ref }} + cancel-in-progress: true + +jobs: + lint: + runs-on: ubuntu-20.04 + steps: + - uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 # v4.1.1 + with: + fetch-depth: 0 + - uses: azure/setup-helm@5119fcb9089d432beecbf79bb2c7915207344b78 # v3 + - name: Linting Chart + run: helm lint ./charts/capsule + - name: Setup Chart Linting + id: lint + uses: helm/chart-testing-action@e6669bcd63d7cb57cb4380c33043eebe5d111992 # v2.6.1 + - name: Run chart-testing (list-changed) + id: list-changed + run: | + changed=$(ct list-changed --config ./.github/configs/ct.yaml) + if [[ -n "$changed" ]]; then + echo "::set-output name=changed::true" + fi + - name: Run chart-testing (lint) + run: ct lint --debug --config ./.github/configs/ct.yaml --lint-conf ./.github/configs/lintconf.yaml + - name: Run docs-testing (helm-docs) + id: helm-docs + run: | + make helm-docs + if [[ $(git diff --stat) != '' ]]; then + echo -e '\033[0;31mDocumentation outdated! (Run make helm-docs locally and commit)\033[0m ❌' + git diff --color + exit 1 + else + echo -e '\033[0;32mDocumentation up to date\033[0m ✔' + fi + + - name: Run chart-testing (install) + run: make helm-test + if: steps.list-changed.outputs.changed == 'true' \ No newline at end of file diff --git a/.github/workflows/publish-charts.yml b/.github/workflows/publish-charts.yml new file mode 100644 index 0000000..8305bbb --- /dev/null +++ b/.github/workflows/publish-charts.yml @@ -0,0 +1,81 @@ +name: Publish charts +permissions: read-all +on: + push: + tags: [ "helm-v*" ] + +concurrency: + group: ${{ github.workflow }}-${{ github.ref }} + cancel-in-progress: true + +env: + CHART_NAME: capsule-addon-fluxcd + +jobs: + publish-helm: + # Skip this Release on forks + if: github.repository_owner == 'maxgio92' + runs-on: ubuntu-20.04 + steps: + - uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 # v4.1.1 + - name: "Extract Version" + id: extract_version + run: | + GIT_TAG=${GITHUB_REF##*/} + VERSION=${GIT_TAG##*v} + echo "version=$(echo $VERSION)" >> $GITHUB_OUTPUT + - name: Publish Helm chart + uses: stefanprodan/helm-gh-pages@0ad2bb377311d61ac04ad9eb6f252fb68e207260 # v1.7.0 + with: + token: "${{ secrets.HELM_CHARTS_PUSH_TOKEN }}" + linting: off + chart_version: ${{ steps.extract_version.outputs.version }} + charts_dir: charts + charts_url: https://${{ github.repository_owner }}.github.io/charts + owner: ${{ github.repository_owner }} + repository: charts + branch: gh-pages + commit_username: ${{ github.actor }} + publish-helm-oci: + runs-on: ubuntu-20.04 + permissions: + contents: write + id-token: write + packages: write + outputs: + chart-digest: ${{ steps.helm_publish.outputs.digest }} + steps: + - uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 # v4.1.1 + - uses: sigstore/cosign-installer@1fc5bd396d372bee37d608f955b336615edf79c8 # v3.2.0 + - name: "Extract Version" + id: extract_version + run: | + GIT_TAG=${GITHUB_REF##*/} + VERSION=${GIT_TAG##*v} + echo "version=$(echo $VERSION)" >> $GITHUB_OUTPUT + - name: Helm | Publish + id: helm_publish + uses: peak-scale/github-actions/helm-oci-chart@38322faabccd75abfa581c435e367d446b6d2c3b # v0.1.0 + with: + registry: ghcr.io + repository: ${{ github.repository_owner }}/charts + name: $CHART_NAME + version: ${{ steps.extract_version.outputs.version }} + registry-username: ${{ github.actor }} + registry-password: ${{ secrets.GITHUB_TOKEN }} + update-dependencies: 'true' # Defaults to false + sign-image: 'true' + signature-repository: ghcr.io/${{ github.repository_owner }}/charts/${{ env.CHART_NAME }} + helm-provenance: + needs: publish-helm-oci + permissions: + id-token: write # To sign the provenance. + packages: write # To upload assets to release. + actions: read # To read the workflow path. + uses: slsa-framework/slsa-github-generator/.github/workflows/generator_container_slsa3.yml@v1.9.0 + with: + image: ghcr.io/${{ github.repository_owner }}/charts/capsule-addon-fluxcd + digest: "${{ needs.publish-helm-oci.outputs.chart-digest }}" + registry-username: ${{ github.actor }} + secrets: + registry-password: ${{ secrets.GITHUB_TOKEN }} diff --git a/Makefile b/Makefile index fdff1d7..04f4250 100644 --- a/Makefile +++ b/Makefile @@ -1,3 +1,5 @@ +SRC_ROOT = $(shell git rev-parse --show-toplevel) + GINKGO ?= $(shell command -v ginkgo) GOLANGCI_LINT ?= $(shell command -v golangci-lint) @@ -11,11 +13,11 @@ lint: golangci-lint .PHONY: e2e e2e: ginkgo - @$(GINKGO) -v -tags e2e ./e2e + @$(GINKGO) -v -tags e2e $(SRC_ROOT)/e2e .PHONY: e2e/charts e2e/charts: ginkgo - $(GINKGO) -v -tags e2e ./e2e/charts + @$(GINKGO) -v -tags e2e $(SRC_ROOT)/e2e/charts .PHONY: golangci-lint golangci-lint: @@ -24,3 +26,19 @@ golangci-lint: .PHONY: ginkgo ginkgo: @hash ginkgo 2>/dev/null || go install github.com/onsi/ginkgo/v2/ginkgo@v2.13.2 + +helm-lint: CT_VERSION := v3.3.1 +helm-lint: docker + @docker run -v "$(SRC_ROOT):/workdir" --entrypoint /bin/sh quay.io/helmpack/chart-testing:$(CT_VERSION) -c "cd /workdir; ct lint --config .github/configs/ct.yaml --lint-conf .github/configs/lintconf.yaml --all --debug" + +.PHONY: helm-docs +helm-docs: HELMDOCS_VERSION := v1.12.0 +helm-docs: docker + @docker run -v "$(SRC_ROOT):/helm-docs" jnorwood/helm-docs:$(HELMDOCS_VERSION) --chart-search-root=/helm-docs + +.PHONY: docker +docker: + @hash docker 2>/dev/null || {\ + echo "You need docker" &&\ + exit 1;\ + } diff --git a/charts/capsule-addon-fluxcd/README.md b/charts/capsule-addon-fluxcd/README.md new file mode 100644 index 0000000..94868b1 --- /dev/null +++ b/charts/capsule-addon-fluxcd/README.md @@ -0,0 +1,41 @@ +# capsule-addon-fluxcd + +![Version: 0.1.0](https://img.shields.io/badge/Version-0.1.0-informational?style=flat-square) ![Type: application](https://img.shields.io/badge/Type-application-informational?style=flat-square) ![AppVersion: 0.1.0](https://img.shields.io/badge/AppVersion-0.1.0-informational?style=flat-square) + +A Helm chart for Kubernetes + +## Values + +| Key | Type | Default | Description | +|-----|------|---------|-------------| +| affinity | object | `{}` | | +| fullnameOverride | string | `""` | | +| image.pullPolicy | string | `"IfNotPresent"` | | +| image.repository | string | `"ghcr.io/maxgio92/capsule-addon-fluxcd"` | | +| image.tag | string | `""` | | +| imagePullSecrets | list | `[]` | | +| livenessProbe | object | `{"httpGet":{"path":"/healthz","port":10080}}` | Configure the liveness probe using Deployment probe spec | +| nameOverride | string | `""` | | +| nodeSelector | object | `{}` | | +| options.logLevel | string | `"4"` | Set the log verbosity of the capsule with a value from 1 to 10 | +| podAnnotations | object | `{}` | | +| podSecurityContext | object | `{}` | | +| proxy | object | `{"tls":{"secretKey":"ca","secretName":"capsule-proxy"}}` | - Configure deployments settings related to the Capsule proxy | +| proxy.tls.secretKey | string | `"ca"` | - Set the Secret key that contains the CA certificate of the proxy | +| proxy.tls.secretName | string | `"capsule-proxy"` | - Set the Secret name that contains the CA certificate of the proxy | +| rbac.annotations | object | `{}` | | +| rbac.create | bool | `true` | | +| readinessProbe | object | `{"httpGet":{"path":"/readyz","port":10080}}` | Configure the readiness probe using Deployment probe spec | +| replicaCount | int | `1` | | +| resources | object | `{}` | | +| securityContext.capabilities.drop[0] | string | `"ALL"` | | +| securityContext.readOnlyRootFilesystem | bool | `true` | | +| securityContext.runAsNonRoot | bool | `true` | | +| securityContext.runAsUser | int | `1000` | | +| serviceAccount.annotations | object | `{}` | | +| serviceAccount.create | bool | `true` | | +| serviceAccount.name | string | `""` | | +| tolerations | list | `[]` | | + +---------------------------------------------- +Autogenerated from chart metadata using [helm-docs v1.12.0](https://github.com/norwoodj/helm-docs/releases/v1.12.0)