[scalardl-auditor] Support Azure Marketplace (#278) #906
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
name: Chart Testing and Kubeval | |
on: | |
pull_request: | |
branches: | |
- main | |
push: | |
branches: | |
- main | |
paths: | |
- "charts/**" | |
workflow_dispatch: | |
env: | |
HELM_VERSION: v3.11.3 | |
jobs: | |
lint-chart: | |
runs-on: ubuntu-latest | |
env: | |
PYTHON_VERSION: 3.11 | |
steps: | |
- name: Checkout | |
uses: actions/checkout@v3 | |
with: | |
fetch-depth: 0 | |
- name: Set up Helm | |
uses: azure/setup-helm@v3 | |
with: | |
version: ${{ env.HELM_VERSION }} | |
- name: Set up Python | |
uses: actions/setup-python@v4 | |
with: | |
python-version: ${{ env.PYTHON_VERSION }} | |
- name: Add Helm repos | |
run: | | |
helm repo add scalar https://scalar-labs.github.io/helm-charts | |
- name: Set up chart-testing | |
uses: helm/chart-testing-action@v2 | |
with: | |
version: 3.10.1 | |
- name: Run chart-testing (updated chart) | |
if: ${{ github.event_name != 'workflow_dispatch' }} | |
run: ct lint --config .github/ct.yaml | |
- name: Run chart-testing (all charts) | |
if: ${{ github.event_name == 'workflow_dispatch' }} | |
run: ct lint --config .github/ct-all.yaml | |
kubeaudit-chart: | |
runs-on: ubuntu-latest | |
env: | |
KUBE_AUDIT_VERSION: 0.22.0 | |
steps: | |
- name: Checkout | |
uses: actions/checkout@v3 | |
with: | |
fetch-depth: 0 | |
- name: Set up Helm | |
uses: azure/setup-helm@v3 | |
with: | |
version: ${{ env.HELM_VERSION }} | |
- name: Set up kubeaudit | |
uses: supplypike/setup-bin@v3 | |
with: | |
uri: "https://github.com/Shopify/kubeaudit/releases/download/v${{ env.KUBE_AUDIT_VERSION }}/kubeaudit_${{ env.KUBE_AUDIT_VERSION }}_linux_amd64.tar.gz" | |
name: "kubeaudit" | |
version: ${{ env.KUBE_AUDIT_VERSION }} | |
- name: Add Helm repos | |
run: | | |
helm repo add scalar https://scalar-labs.github.io/helm-charts | |
- name: Run kubeaudit | |
run: | | |
# TODO If more charts are supported by kubeaudit, they should be added. | |
# Change to `ls charts` when all charts are supported. | |
chart_dirs=(envoy scalardb scalardl scalardl-audit scalardb-cluster scalardb-analytics-postgresql) | |
for chart_dir in ${chart_dirs[@]}; do | |
echo "helm dependency build charts/${chart_dir} chart..." | |
helm dependency build charts/${chart_dir} | |
echo "kubeaudit charts/${chart_dir} chart..." | |
kubeaudit all -k .github/kube-audit.yaml -f <(helm template --generate-name "charts/${chart_dir}") -m error | |
done | |
kubeval-chart: | |
runs-on: ubuntu-latest | |
needs: lint-chart | |
strategy: | |
matrix: | |
k8s: | |
- v1.27.16 | |
- v1.28.13 | |
- v1.29.8 | |
- v1.30.4 | |
- v1.31.0 | |
steps: | |
- name: Checkout | |
uses: actions/checkout@v3 | |
with: | |
fetch-depth: 0 | |
- name: Set up Helm | |
uses: azure/setup-helm@v3 | |
with: | |
version: ${{ env.HELM_VERSION }} | |
- name: Add Helm repos | |
run: | | |
helm repo add scalar https://scalar-labs.github.io/helm-charts | |
- name: Install helm-kubeval plugin | |
run: helm plugin install https://github.com/instrumenta/helm-kubeval | |
- name: Run kubeval | |
run: | | |
chart_dirs=$(ls charts) | |
for chart_dir in ${chart_dirs}; do | |
echo "helm dependency build charts/${chart_dir} chart..." | |
helm dependency build charts/${chart_dir} | |
echo "kubeval(idating) charts/${chart_dir} chart..." | |
helm kubeval "charts/${chart_dir}" -v "${KUBERNETES_VERSION#v}" | |
done | |
env: | |
KUBERNETES_VERSION: ${{ matrix.k8s }} | |
KUBEVAL_SCHEMA_LOCATION: https://raw.githubusercontent.com/yannh/kubernetes-json-schema/master | |
install-chart: | |
name: install-chart | |
runs-on: ubuntu-latest | |
needs: | |
- lint-chart | |
- kubeval-chart | |
- kubeaudit-chart | |
env: | |
DOCKER_REGISTRY_PASSWORD: ${{ secrets.CR_PAT }} | |
DOCKER_REGISTRY_USERNAME: scalar-git | |
DOCKER_REGISTRY_SERVER: ghcr.io | |
strategy: | |
matrix: | |
k8s: | |
- v1.27.16 | |
- v1.28.13 | |
- v1.29.8 | |
- v1.30.4 | |
- v1.31.0 | |
steps: | |
- name: Checkout | |
uses: actions/checkout@v3 | |
with: | |
fetch-depth: 0 | |
- name: Set up chart-testing | |
uses: helm/chart-testing-action@v2 | |
- name: Add Helm repos | |
run: | | |
helm repo add scalar https://scalar-labs.github.io/helm-charts | |
- name: Run chart-testing (list-changed) | |
id: list-changed | |
run: | | |
changed=$(ct list-changed --config .github/ct.yaml) | |
if [[ -n "$changed" ]]; then | |
echo "changed=true" >> $GITHUB_OUTPUT | |
fi | |
- name: Create kind ${{ matrix.k8s }} cluster | |
uses: helm/[email protected] | |
with: | |
config: .github/kind-cluster.yaml | |
node_image: kindest/node:${{ matrix.k8s }} | |
kubectl_version: ${{ matrix.k8s }} | |
if: ${{ steps.list-changed.outputs.changed == 'true' || github.event_name == 'workflow_dispatch' }} | |
- name: Setup kubernetes (Kind) with registry, PostgreSQL and schema | |
run: | | |
kubectl cluster-info | |
kubectl create secret docker-registry reg-docker-secrets --docker-server=${DOCKER_REGISTRY_SERVER} --docker-username=${DOCKER_REGISTRY_USERNAME} --docker-password=${DOCKER_REGISTRY_PASSWORD} | |
kubectl create secret generic ledger-keys --from-file=private-key=.github/ledger-key.pem | |
kubectl create secret generic auditor-keys --from-file=certificate=.github/auditor-cert.pem --from-file=private-key=.github/auditor-key.pem | |
kubectl create secret generic scalardb-analytics-postgresql-superuser-password --from-literal=superuser-password=postgres | |
helm install postgresql oci://registry-1.docker.io/bitnamicharts/postgresql -f .github/postgresql.yaml | |
helm dependency build charts/scalardb-cluster/ | |
helm install scalardb-cluster-for-scalar-admin-for-kubernetes ./charts/scalardb-cluster/ -f ./charts/scalardb-cluster/ci/scalardb-cluster-ct-values.yaml # Create ScalarDB Cluster for Scalar Admin for Kubernetes test. | |
sleep 1 # Waiting for the StatefulSet creates a PostgreSQL pod. | |
kubectl wait --for=condition=Ready --timeout=120s pod/postgresql-0 | |
kubectl create -f .github/schema-loading.yaml # Create schema for ScalarDB GraphQL and ScalarDB Analytics with PostgreSQL. | |
kubectl wait --for=condition=complete --timeout=60s job/schema-loading | |
kubectl wait --for=condition=available --timeout=300s deployment/scalardb-cluster-for-scalar-admin-for-kubernetes-node | |
kubectl get pods,svc,endpoints,nodes -o wide | |
- name: Run chart-testing (updated chart) | |
if: ${{ github.event_name != 'workflow_dispatch' }} | |
run: ct install --config .github/ct.yaml --helm-extra-set-args "--wait-for-jobs" | |
- name: Run chart-testing (all charts) | |
if: ${{ github.event_name == 'workflow_dispatch' }} | |
run: ct install --config .github/ct-all.yaml --helm-extra-set-args "--wait-for-jobs" | |
verify-chart-docs: | |
runs-on: ubuntu-latest | |
steps: | |
- name: Checkout | |
uses: actions/checkout@v3 | |
- name: Verify chart docs | |
run: ./scripts/verify-chart-docs.sh | |
verify-values-schema-json: | |
runs-on: ubuntu-latest | |
steps: | |
- name: Checkout | |
uses: actions/checkout@v3 | |
- name: Verify values schema json | |
run: ./scripts/verify-values-schema-json.sh |