Skip to content

[scalardl-auditor] Support Azure Marketplace (#278) #906

[scalardl-auditor] Support Azure Marketplace (#278)

[scalardl-auditor] Support Azure Marketplace (#278) #906

name: Chart Testing and Kubeval
on:
pull_request:
branches:
- main
push:
branches:
- main
paths:
- "charts/**"
workflow_dispatch:
env:
HELM_VERSION: v3.11.3
jobs:
lint-chart:
runs-on: ubuntu-latest
env:
PYTHON_VERSION: 3.11
steps:
- name: Checkout
uses: actions/checkout@v3
with:
fetch-depth: 0
- name: Set up Helm
uses: azure/setup-helm@v3
with:
version: ${{ env.HELM_VERSION }}
- name: Set up Python
uses: actions/setup-python@v4
with:
python-version: ${{ env.PYTHON_VERSION }}
- name: Add Helm repos
run: |
helm repo add scalar https://scalar-labs.github.io/helm-charts
- name: Set up chart-testing
uses: helm/chart-testing-action@v2
with:
version: 3.10.1
- name: Run chart-testing (updated chart)
if: ${{ github.event_name != 'workflow_dispatch' }}
run: ct lint --config .github/ct.yaml
- name: Run chart-testing (all charts)
if: ${{ github.event_name == 'workflow_dispatch' }}
run: ct lint --config .github/ct-all.yaml
kubeaudit-chart:
runs-on: ubuntu-latest
env:
KUBE_AUDIT_VERSION: 0.22.0
steps:
- name: Checkout
uses: actions/checkout@v3
with:
fetch-depth: 0
- name: Set up Helm
uses: azure/setup-helm@v3
with:
version: ${{ env.HELM_VERSION }}
- name: Set up kubeaudit
uses: supplypike/setup-bin@v3
with:
uri: "https://github.com/Shopify/kubeaudit/releases/download/v${{ env.KUBE_AUDIT_VERSION }}/kubeaudit_${{ env.KUBE_AUDIT_VERSION }}_linux_amd64.tar.gz"
name: "kubeaudit"
version: ${{ env.KUBE_AUDIT_VERSION }}
- name: Add Helm repos
run: |
helm repo add scalar https://scalar-labs.github.io/helm-charts
- name: Run kubeaudit
run: |
# TODO If more charts are supported by kubeaudit, they should be added.
# Change to `ls charts` when all charts are supported.
chart_dirs=(envoy scalardb scalardl scalardl-audit scalardb-cluster scalardb-analytics-postgresql)
for chart_dir in ${chart_dirs[@]}; do
echo "helm dependency build charts/${chart_dir} chart..."
helm dependency build charts/${chart_dir}
echo "kubeaudit charts/${chart_dir} chart..."
kubeaudit all -k .github/kube-audit.yaml -f <(helm template --generate-name "charts/${chart_dir}") -m error
done
kubeval-chart:
runs-on: ubuntu-latest
needs: lint-chart
strategy:
matrix:
k8s:
- v1.27.16
- v1.28.13
- v1.29.8
- v1.30.4
- v1.31.0
steps:
- name: Checkout
uses: actions/checkout@v3
with:
fetch-depth: 0
- name: Set up Helm
uses: azure/setup-helm@v3
with:
version: ${{ env.HELM_VERSION }}
- name: Add Helm repos
run: |
helm repo add scalar https://scalar-labs.github.io/helm-charts
- name: Install helm-kubeval plugin
run: helm plugin install https://github.com/instrumenta/helm-kubeval
- name: Run kubeval
run: |
chart_dirs=$(ls charts)
for chart_dir in ${chart_dirs}; do
echo "helm dependency build charts/${chart_dir} chart..."
helm dependency build charts/${chart_dir}
echo "kubeval(idating) charts/${chart_dir} chart..."
helm kubeval "charts/${chart_dir}" -v "${KUBERNETES_VERSION#v}"
done
env:
KUBERNETES_VERSION: ${{ matrix.k8s }}
KUBEVAL_SCHEMA_LOCATION: https://raw.githubusercontent.com/yannh/kubernetes-json-schema/master
install-chart:
name: install-chart
runs-on: ubuntu-latest
needs:
- lint-chart
- kubeval-chart
- kubeaudit-chart
env:
DOCKER_REGISTRY_PASSWORD: ${{ secrets.CR_PAT }}
DOCKER_REGISTRY_USERNAME: scalar-git
DOCKER_REGISTRY_SERVER: ghcr.io
strategy:
matrix:
k8s:
- v1.27.16
- v1.28.13
- v1.29.8
- v1.30.4
- v1.31.0
steps:
- name: Checkout
uses: actions/checkout@v3
with:
fetch-depth: 0
- name: Set up chart-testing
uses: helm/chart-testing-action@v2
- name: Add Helm repos
run: |
helm repo add scalar https://scalar-labs.github.io/helm-charts
- name: Run chart-testing (list-changed)
id: list-changed
run: |
changed=$(ct list-changed --config .github/ct.yaml)
if [[ -n "$changed" ]]; then
echo "changed=true" >> $GITHUB_OUTPUT
fi
- name: Create kind ${{ matrix.k8s }} cluster
uses: helm/[email protected]
with:
config: .github/kind-cluster.yaml
node_image: kindest/node:${{ matrix.k8s }}
kubectl_version: ${{ matrix.k8s }}
if: ${{ steps.list-changed.outputs.changed == 'true' || github.event_name == 'workflow_dispatch' }}
- name: Setup kubernetes (Kind) with registry, PostgreSQL and schema
run: |
kubectl cluster-info
kubectl create secret docker-registry reg-docker-secrets --docker-server=${DOCKER_REGISTRY_SERVER} --docker-username=${DOCKER_REGISTRY_USERNAME} --docker-password=${DOCKER_REGISTRY_PASSWORD}
kubectl create secret generic ledger-keys --from-file=private-key=.github/ledger-key.pem
kubectl create secret generic auditor-keys --from-file=certificate=.github/auditor-cert.pem --from-file=private-key=.github/auditor-key.pem
kubectl create secret generic scalardb-analytics-postgresql-superuser-password --from-literal=superuser-password=postgres
helm install postgresql oci://registry-1.docker.io/bitnamicharts/postgresql -f .github/postgresql.yaml
helm dependency build charts/scalardb-cluster/
helm install scalardb-cluster-for-scalar-admin-for-kubernetes ./charts/scalardb-cluster/ -f ./charts/scalardb-cluster/ci/scalardb-cluster-ct-values.yaml # Create ScalarDB Cluster for Scalar Admin for Kubernetes test.
sleep 1 # Waiting for the StatefulSet creates a PostgreSQL pod.
kubectl wait --for=condition=Ready --timeout=120s pod/postgresql-0
kubectl create -f .github/schema-loading.yaml # Create schema for ScalarDB GraphQL and ScalarDB Analytics with PostgreSQL.
kubectl wait --for=condition=complete --timeout=60s job/schema-loading
kubectl wait --for=condition=available --timeout=300s deployment/scalardb-cluster-for-scalar-admin-for-kubernetes-node
kubectl get pods,svc,endpoints,nodes -o wide
- name: Run chart-testing (updated chart)
if: ${{ github.event_name != 'workflow_dispatch' }}
run: ct install --config .github/ct.yaml --helm-extra-set-args "--wait-for-jobs"
- name: Run chart-testing (all charts)
if: ${{ github.event_name == 'workflow_dispatch' }}
run: ct install --config .github/ct-all.yaml --helm-extra-set-args "--wait-for-jobs"
verify-chart-docs:
runs-on: ubuntu-latest
steps:
- name: Checkout
uses: actions/checkout@v3
- name: Verify chart docs
run: ./scripts/verify-chart-docs.sh
verify-values-schema-json:
runs-on: ubuntu-latest
steps:
- name: Checkout
uses: actions/checkout@v3
- name: Verify values schema json
run: ./scripts/verify-values-schema-json.sh