From a5e3af9a3a96af72729615c8748944f6c86cd1af Mon Sep 17 00:00:00 2001 From: vbouzon Date: Tue, 26 Sep 2023 17:53:10 +0200 Subject: [PATCH] feat: add reusable workflow for Helm Chart --- .github/workflows/_helm_lint_publish.yml | 77 ++++++++++++++++++++++++ helm/conform/action.yml | 46 ++++++++++++++ helm/lint/action.yml | 37 ++++++++++++ helm/publish-cm/action.yml | 46 ++++++++++++++ 4 files changed, 206 insertions(+) create mode 100644 .github/workflows/_helm_lint_publish.yml create mode 100644 helm/conform/action.yml create mode 100644 helm/lint/action.yml create mode 100644 helm/publish-cm/action.yml diff --git a/.github/workflows/_helm_lint_publish.yml b/.github/workflows/_helm_lint_publish.yml new file mode 100644 index 00000000..127d9643 --- /dev/null +++ b/.github/workflows/_helm_lint_publish.yml @@ -0,0 +1,77 @@ +name: _Build and publish Helm Chart + +on: + workflow_call: + inputs: + release: + type: boolean + required: false + default: false + version: + type: string + required: false + chart-testing-config: + type: string + required: false + default: ".github/ct.yaml" + +jobs: + lint-chart: + runs-on: [self-hosted, shared] + steps: + - name: Run Chart lint + uses: LedgerHQ/actions/helm/lint@add-reusable-workflow-helm + with: + chart-testing-config: ${{inputs.chart-testing-config}} + + kubeconform-chart: + runs-on: [self-hosted, shared] + strategy: + matrix: + k8s: + - v1.22.4 + - v1.23.0 + - v1.24.0 + steps: + - name: Checkout + uses: LedgerHQ/actions/helm/conform@add-reusable-workflow-helm + with: + kubernetes-version: ${{ matrix.k8s }} + + publish-chartmuseum-dev: + name: publish-chartmuseum-dev + environment: chartmuseum-dev + if: inputs.version != '' + runs-on: [self-hosted, shared] + needs: [lint-chart, kubeconform-chart] + steps: + - name: Checkout + uses: actions/checkout@v4 + with: + fetch-depth: 0 + - name: Push chart to chartmuseum-prd repo + uses: LedgerHQ/actions/helm/publish-cm@add-reusable-workflow-helm + with: + version: ${{ inputs.version }} + chartmuseum-url: ${{ secrets.CHARTMUSEUM_URL }} + chartmuseum-user: ${{ secrets.CHARTMUSEUM_USER }} + chartmuseum-password: ${{ secrets.CHARTMUSEUM_PASSWORD }} + + publish-chartmuseum-prd: + name: publish-chartmuseum-prd + environment: chartmuseum-prd + if: inputs.version != '' && inputs.release != false + runs-on: [self-hosted, shared] + needs: [publish-chartmuseum-dev] + steps: + - name: Checkout + uses: actions/checkout@v4 + with: + fetch-depth: 0 + - name: Push chart to chartmuseum-prd repo + uses: LedgerHQ/actions/helm/publish-cm@add-reusable-workflow-helm + with: + version: ${{ inputs.version }} + chartmuseum-url: ${{ secrets.CHARTMUSEUM_URL }} + chartmuseum-user: ${{ secrets.CHARTMUSEUM_USER }} + chartmuseum-password: ${{ secrets.CHARTMUSEUM_PASSWORD }} \ No newline at end of file diff --git a/helm/conform/action.yml b/helm/conform/action.yml new file mode 100644 index 00000000..f0924caa --- /dev/null +++ b/helm/conform/action.yml @@ -0,0 +1,46 @@ +name: "Run Kubeconform" +description: "Run Kubeconform againt specified K8S version." + +inputs: + kubernetes-version: + description: "Specify the kubernetes version that you want to test." + required: true + charts-path: + description: "Specify the path where the charts are located." + required: false + default: "./helm/charts/" + +runs: + using: "composite" + steps: + - name: Checkout + uses: actions/checkout@v4 + with: + fetch-depth: 0 + + - name: Run kubeconform + shell: bash + env: + KUBERNETES_VERSION: ${{ matrix.k8s }} + KUBECONFORM_VERSION: "v0.4.12" + KUBECONFORM_BASE_URL: "https://github.com/yannh/kubeconform/releases/download" + FILENAME_FORMAT: "{kind}-{group}-{version}" + run: | + set -o pipefail + OS=$(uname) + # install kubeconform + curl -sSfL "${KUBECONFORM_BASE_URL}/${KUBECONFORM_VERSION}/kubeconform-${OS}-amd64.tar.gz" | + tar -xzf - kubeconform + # validate changed charts + for chart in ${{ inputs.charts-path }}/*/; do + values=$(echo "${chart}" | sed "s/charts/values/g") + echo "Running kubeconform for folder: '${chart}'" + helm dep up "${chart}" && + for value in $(find "${values}" -type f -name "*.yaml"); do + echo -e "▶ Validating ${chart} with values from ${value}" + helm template --kube-version "${KUBERNETES_VERSION#v}" -f "${value}" "${chart}" | + ./kubeconform -strict -ignore-missing-schemas -exit-on-error \ + -schema-location default -schema-location 'helm/k8s-crds-schemas/{{ .ResourceKind }}{{ .KindSuffix }}.json' \ + -kubernetes-version "${KUBERNETES_VERSION#v}" -summary -verbose -schema-location default + done + done diff --git a/helm/lint/action.yml b/helm/lint/action.yml new file mode 100644 index 00000000..c83452f6 --- /dev/null +++ b/helm/lint/action.yml @@ -0,0 +1,37 @@ +name: "Run Helm Chart Testing & Docs" +description: "Run Helm Chart Testing & Docs" + +inputs: + chart-testing-config: + description: "Specify the path where the ct.yaml is located." + required: true + default: ".github/ct.yaml" + +runs: + using: "composite" + steps: + - name: Checkout + uses: actions/checkout@v4 + with: + fetch-depth: 0 + + - name: Set up chart-testing + uses: helm/chart-testing-action@v2.2.0 + + - name: Run chart-testing (lint) + shell: bash + run: ct lint --config ${{ inputs.chart-testing-config }} --check-version-increment=false + + - name: Run helm-docs + shell: bash + env: + HELM_DOCS_VERSION: "1.11.0" + HELM_DOCS_BASE_URL: "https://github.com/norwoodj/helm-docs/releases/download" + run: | + OS=$(uname) + # install helm-docs + curl -sSfL "${HELM_DOCS_BASE_URL}/v${HELM_DOCS_VERSION}/helm-docs_${HELM_DOCS_VERSION}_${OS}_x86_64.tar.gz" | + tar -xzf - helm-docs + # validate docs + ./helm-docs + git diff --exit-code diff --git a/helm/publish-cm/action.yml b/helm/publish-cm/action.yml new file mode 100644 index 00000000..b0ee77bc --- /dev/null +++ b/helm/publish-cm/action.yml @@ -0,0 +1,46 @@ +name: "Publish Helm Chart on chart museum" +description: "Publish Helm Chart on chart museum." + +inputs: + version: + description: "Specify the chart version to publish." + required: true + charts-path: + description: "Specify the path where the charts are located." + required: false + default: "./helm/charts/" + chartmuseum-url: + description: "Specify the URL of Chart Museum" + required: true + chartmuseum-user: + description: "Specify the user of Chart Museum" + required: true + chartmuseum-password: + description: "Specify the password of Chart Museum" + required: true + +runs: + using: "composite" + steps: + - name: Checkout + uses: actions/checkout@v4 + with: + fetch-depth: 0 + + - name: Set up chart-testing + uses: helm/chart-testing-action@v2.2.0 + + - name: Add chartmuseum-prd helm repo + shell: bash + run: | + if ! helm plugin list | grep -q push; then + helm plugin install https://github.com/chartmuseum/helm-push.git + fi + helm repo add chartmuseum-prd --username ${{ inputs.chartmuseum-user }} --password ${{ inputs.chartmuseum-password }} ${{ inputs.chartmuseum-url }} && + helm repo update + - name: Push chart to chartmuseum-prd repo + shell: bash + run: | + for chart in ${{ inputs.charts-path }}/*/; do + helm cm-push $chart chartmuseum-prd --version ${{ inputs.version }} + done