From df356fb4f2f789fd7eea3a4c5872c93ab7fae1a6 Mon Sep 17 00:00:00 2001 From: browol Date: Sat, 25 Nov 2023 23:29:23 +0700 Subject: [PATCH] feat(ci): added lint and test workflow on PR for helm charts --- .github/workflows/lint-test.yaml | 49 +++ charts/general-purpose/Chart.yaml | 20 +- .../general-purpose/templates/deployment.yaml | 4 +- charts/general-purpose/values.yaml | 294 +++++++++--------- 4 files changed, 199 insertions(+), 168 deletions(-) create mode 100644 .github/workflows/lint-test.yaml diff --git a/.github/workflows/lint-test.yaml b/.github/workflows/lint-test.yaml new file mode 100644 index 0000000..5e29729 --- /dev/null +++ b/.github/workflows/lint-test.yaml @@ -0,0 +1,49 @@ +name: Lint and Test Charts + +on: pull_request + +permissions: + contents: read + +jobs: + lint-test: + runs-on: ubuntu-latest + steps: + - name: Checkout + uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 # v4.1.1 + with: + fetch-depth: 0 + + - name: Set up Helm + uses: azure/setup-helm@5119fcb9089d432beecbf79bb2c7915207344b78 # v3.5 + with: + version: v3.12.1 + + - uses: actions/setup-python@65d7f2d534ac1bc67fcd62888c5f4f3d2cb2b236 # v4.7.1 + with: + python-version: 3.9 + + - name: Set up chart-testing + uses: helm/chart-testing-action@e6669bcd63d7cb57cb4380c33043eebe5d111992 # v2.6.1 + with: + version: v3.10.0 + + - name: Run chart-testing (list-changed) + id: list-changed + run: | + changed=$(ct list-changed --target-branch ${{ github.event.repository.default_branch }}) + if [[ -n "$changed" ]]; then + echo "changed=true" >> "$GITHUB_OUTPUT" + fi + + - name: Run chart-testing (lint) + if: steps.list-changed.outputs.changed == 'true' + run: ct lint --target-branch ${{ github.event.repository.default_branch }} + + - name: Create kind cluster + if: steps.list-changed.outputs.changed == 'true' + uses: helm/kind-action@dda0770415bac9fc20092cacbc54aa298604d140 # v1.8.0 + + - name: Run chart-testing (install) + if: steps.list-changed.outputs.changed == 'true' + run: ct install --target-branch ${{ github.event.repository.default_branch }} diff --git a/charts/general-purpose/Chart.yaml b/charts/general-purpose/Chart.yaml index ad23e84..28fce1e 100644 --- a/charts/general-purpose/Chart.yaml +++ b/charts/general-purpose/Chart.yaml @@ -1,23 +1,5 @@ apiVersion: v2 name: general-purpose description: A Helm chart for Kubernetes to deploy an Application - -# A chart can be either an 'application' or a 'library' chart. -# -# Application charts are a collection of templates that can be packaged into versioned archives -# to be deployed. -# -# Library charts provide useful utilities or functions for the chart developer. They're included as -# a dependency of application charts to inject those utilities and functions into the rendering -# pipeline. Library charts do not define any templates and therefore cannot be deployed. type: application - -# This is the chart version. This version number should be incremented each time you make changes -# to the chart and its templates, including the app version. -# Versions are expected to follow Semantic Versioning (https://semver.org/) -version: 0.2.9 - -# This is the version number of the application being deployed. This version number should be -# incremented each time you make changes to the application. Versions are not expected to -# follow Semantic Versioning. They should reflect the version the application is using. -appVersion: 1.16.0 +version: 0.2.10 diff --git a/charts/general-purpose/templates/deployment.yaml b/charts/general-purpose/templates/deployment.yaml index 27e6dd8..0a2f777 100644 --- a/charts/general-purpose/templates/deployment.yaml +++ b/charts/general-purpose/templates/deployment.yaml @@ -87,8 +87,8 @@ spec: httpGet: path: {{ .Values.app.readinessProbe.path | default "/" }} port: {{ .Values.app.image.containerPort | default 80 }} - {{ if .Values.app.livenessProbe.httpHeaders }} - httpHeaders: {{ .Values.app.livenessProbe.headers }} + {{ if .Values.app.readinessProbe.httpHeaders }} + httpHeaders: {{ .Values.app.readinessProbe.headers }} {{ end }} initialDelaySeconds: {{ .Values.app.readinessProbe.initialDelaySeconds | default 0 }} periodSeconds: {{ .Values.app.readinessProbe.periodSeconds | default 10 }} diff --git a/charts/general-purpose/values.yaml b/charts/general-purpose/values.yaml index b320614..c53dbaf 100644 --- a/charts/general-purpose/values.yaml +++ b/charts/general-purpose/values.yaml @@ -2,15 +2,15 @@ app: # name: myhelloworldapp image: registry: docker.io - repository: foobar/helloworld # (Optional) Default: .Values.app.name | default .Release.Name + repository: foobar/helloworld # (Optional) Default: .Values.app.name | default .Release.Name tag: latest pullPolicy: Always - + # pullSecret: image-secret-helm - pullSecret: null + pullSecret: null # containerPort: 4200 - containerPort: null + containerPort: null readinessProbe: enabled: false @@ -26,8 +26,8 @@ app: securityContext: enabled: false spec: - runAsUser: 199 - runAsGroup: 199 + runAsUser: 1001 + runAsGroup: 1001 allowPrivilegeEscalation: false readOnlyRootFilesystem: true @@ -35,158 +35,158 @@ app: securityContext: enabled: false spec: - fsGroup: 199 - supplementalGroups: - - 199 + fsGroup: 1001 + supplementalGroups: + - 1001 initContainers: enabled: false containers: - - name: install - image: busybox - command: - - wget - - "-O" - - "/work-dir/index.html" - - http://info.cern.ch - volumeMounts: - - name: workdir - mountPath: /work-dir + - name: install + image: busybox + command: + - wget + - "-O" + - "/work-dir/index.html" + - http://info.cern.ch + volumeMounts: + - name: workdir + mountPath: /work-dir volumeMounts: enabled: false volumes: - # Export env variable from inline data and mount as config.json file - - name: env-volume - type: configMap - mountPath: /app/dist/app/browser/assets/env/ - spec: - name: env-from-file - asEnvVar: ENV_FROM_FILE # (Optional) Environment variable - fileName: config.json - value: | - { - "hello": "world" - } - - # Export env variable from json file and mount as config.json file - - name: json-from-file-as-env - type: configMap - mountPath: /app/assets/ - spec: - name: env-from-file # Configmap name - asEnvVar: MY_CONFIG # (Optional) Environment variable - fileName: config.json # Filename in configmap - fromFile: ./config.json # Path to your json file - - # mounting persistance volume claim into pods from azure disk - - name: my-azure-managed-disk - type: azureDisk - mountPath: /tmp/data/ - spec: - diskName: pvcRestored - diskURI: /subscriptions/19da35d3-9a1a-4f3b-9b9c-3c56ef409565/resourceGroups/MC_myResourceGroupAKS_myAKSCluster_eastus/providers/Microsoft.Compute/disks/pvcRestored - - # mounting persistance volume claim into pods from existing pvc - - name: my-existing-pvc - type: persistentVolumeClaim - mountPath: /tmp/app/ - spec: - claimName: azure-default-disk - - # mounting emptyDir volume - - name: workdir - type: emptyDir - mountPath: /work-dir + # Export env variable from inline data and mount as config.json file + - name: env-volume + type: configMap + mountPath: /app/dist/app/browser/assets/env/ + spec: + name: env-from-file + asEnvVar: ENV_FROM_FILE # (Optional) Environment variable + fileName: config.json + value: | + { + "hello": "world" + } + + # Export env variable from json file and mount as config.json file + - name: json-from-file-as-env + type: configMap + mountPath: /app/assets/ + spec: + name: env-from-file # Configmap name + asEnvVar: MY_CONFIG # (Optional) Environment variable + fileName: config.json # Filename in configmap + fromFile: ./config.json # Path to your json file + + # mounting persistance volume claim into pods from azure disk + - name: my-azure-managed-disk + type: azureDisk + mountPath: /tmp/data/ + spec: + diskName: pvcRestored + diskURI: /subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/MC_myResourceGroupAKS_myAKSCluster_eastus/providers/Microsoft.Compute/disks/pvcRestored + + # mounting persistance volume claim into pods from existing pvc + - name: my-existing-pvc + type: persistentVolumeClaim + mountPath: /tmp/app/ + spec: + claimName: azure-default-disk + + # mounting emptyDir volume + - name: workdir + type: emptyDir + mountPath: /work-dir service: enabled: false name: angular ports: - - name: proxy - port: 8080 - targetPort: 4200 - protocol: TCP + - name: proxy + port: 8080 + targetPort: 4200 + protocol: TCP ingress: enabled: false ingresses: - - name: my-internal-ingress - annotations: - nginx.ingress.kubernetes.io/service-upstream: "true" - nginx.ingress.kubernetes.io/upstream-vhost: angular.myabc-ns.svc.cluster.local - ingressClassName: nginx - paths: - - path: / - pathType: ImplementationSpecific # this is default value - backend: - serviceName: angular - servicePort: 8080 - http: - - domainName: - - example.com - tls: null - - domainName: - - example2.com - tls: - existingSecret: null - cert: - name: pubcert - path: certificates/pub # path to certificate directory - fileName: "*" - - name: my-internet-ingress - annotations: - nginx.ingress.kubernetes.io/service-upstream: "true" - nginx.ingress.kubernetes.io/upstream-vhost: angular.myabc-ns.svc.cluster.local - ingressClassName: nginx-internet - paths: - - path: / - pathType: ImplementationSpecific # this is default value - backend: - serviceName: angular - servicePort: 8080 - http: - - domainName: - - example3.com - - example4.com - tls: - existingSecret: my-tls-secret - - domainName: - - example5.com - tls: - existingSecret: null - cert: - name: extcert - path: certificates/ext # path to certificate directory - fileName: "*" - defaultBackend: - service: - name: defaultbackend - port: - number: 8080 - + - name: my-internal-ingress + annotations: + nginx.ingress.kubernetes.io/service-upstream: "true" + nginx.ingress.kubernetes.io/upstream-vhost: angular.myabc-ns.svc.cluster.local + ingressClassName: nginx + paths: + - path: / + pathType: ImplementationSpecific # this is default value + backend: + serviceName: angular + servicePort: 8080 + http: + - domainName: + - example.com + tls: null + - domainName: + - example2.com + tls: + existingSecret: null + cert: + name: pubcert + path: certificates/pub # path to certificate directory + fileName: "*" + - name: my-internet-ingress + annotations: + nginx.ingress.kubernetes.io/service-upstream: "true" + nginx.ingress.kubernetes.io/upstream-vhost: angular.myabc-ns.svc.cluster.local + ingressClassName: nginx-internet + paths: + - path: / + pathType: ImplementationSpecific # this is default value + backend: + serviceName: angular + servicePort: 8080 + http: + - domainName: + - example3.com + - example4.com + tls: + existingSecret: my-tls-secret + - domainName: + - example5.com + tls: + existingSecret: null + cert: + name: extcert + path: certificates/ext # path to certificate directory + fileName: "*" + defaultBackend: + service: + name: defaultbackend + port: + number: 8080 + ConfigMap: enabled: false data: - - name: NODE_ENV - value: "dynamic" - - name: PRODUCTION - value: false - - name: USEMOCK - value: false - - name: AUTH_METHOD - value: "saml" - - name: INTERNAL_URL - value: "http://myabc-app:8080" - - name: PORTAL_URL - value: "https://example.com" - - name: LOG_LEVEL - value: "debug" + - name: NODE_ENV + value: "dynamic" + - name: PRODUCTION + value: false + - name: USEMOCK + value: false + - name: AUTH_METHOD + value: "saml" + - name: INTERNAL_URL + value: "http://myabc-app:8080" + - name: PORTAL_URL + value: "https://example.com" + - name: LOG_LEVEL + value: "debug" envFrom: enabled: false - + # envFrom: # enabled: false # data: @@ -196,12 +196,12 @@ envFrom: env: enabled: false data: - - name: MY_NODE_NAME - valueFrom: - fieldRef: - fieldPath: spec.nodeName - - name: ABC - value: "haha" + - name: MY_NODE_NAME + valueFrom: + fieldRef: + fieldPath: spec.nodeName + - name: ABC + value: "haha" # key Vault for public cloud provider keyVault: @@ -212,15 +212,15 @@ keyVault: driver: secrets-store.csi.k8s.io resourceGroup: rg-example subscriptionId: example-subscription-id - tenantId: 6aee0642d-69ab-c7c6-b9e1-7777c7ca55ba + tenantId: 00000000-0000-0000-0000-000000000000 secretRef: secrets-store-creds-helm cloudName: AzurePublicCloud - vaultName: kv-allianz-for-dev-ub79 + vaultName: kv-dev-ub79 objects: - - secretName: akssecret - type: Opaque - data: - - name: session-secret - key: SESSION_SECRET + - secretName: akssecret + type: Opaque + data: + - name: session-secret + key: SESSION_SECRET resources: {}