Merge branch 'master' into feat/examples

masmovil · Dec 12, 2024 · 3786b6f · 3786b6f
2 parents 937e709 + 692cecf
commit 3786b6f
Show file tree

Hide file tree

Showing 10 changed files with 141 additions and 76 deletions.
diff --git a/MODULE.bazel b/MODULE.bazel
@@ -36,12 +36,12 @@ register_toolchains("@gcloud_toolchains//:all")
 
 utils = use_extension("@masorange_rules_helm//:extensions.bzl", "utils", dev_dependency = True)
 utils.pull(
-    name = "helm_chart_a",
-    chart_name = "a_values",
-    repo_url = "http://localhost:8080/charts",
-    version = "0.0.0",
+    name = "nginx-chart",
+    chart_name = "nginx",
+    repo_url = "oci://localhost",
+    version = "1.10.0"
 )
-use_repo(utils, "helm_chart_a")
+use_repo(utils, "nginx-chart")
 
 deps = use_extension("@masorange_rules_helm//:deps_extension.bzl", "non_module_dependencies")
 use_repo(deps, "io_bazel_rules_docker")
diff --git a/docs/helm_pull.md b/docs/helm_pull.md
@@ -10,44 +10,62 @@
 helm_pull(<a href="#helm_pull-name">name</a>, <a href="#helm_pull-chart_name">chart_name</a>, <a href="#helm_pull-repo_mapping">repo_mapping</a>, <a href="#helm_pull-repo_name">repo_name</a>, <a href="#helm_pull-repo_url">repo_url</a>, <a href="#helm_pull-repository_config">repository_config</a>, <a href="#helm_pull-version">version</a>)
 </pre>
 
-Repository rule to download a `helm_chart` from a remote registry.
+    Repository rule to download a `helm_chart` from a remote registry.
 
-To load the rule use:
-```starlark
-load("//helm:defs.bzl", "helm_pull")
-```
+    To load the rule use:
+    ```starlark
+    load("//helm:defs.bzl", "helm_pull")
+    ```
 
-It uses `helm` binary to download the chart, so `helm` has to be available in the PATH of the host machine where bazel is running.
+    It uses `helm` binary to download the chart, so `helm` has to be available in the PATH of the host machine where bazel is running.
 
-Default credentials on the host machine are used to authenticate against the remote registry.
-To use basic auth you must provide the basic credentials through env variables: `HELM_USER` and `HELM_PASSWORD`.
+    Default credentials on the host machine are used to authenticate against the remote registry.
+    To use basic auth you must provide the basic credentials through env variables: `HELM_USER` and `HELM_PASSWORD`.
 
-OCI registries are supported.
+    OCI registries are supported.
 
-The downloaded chart is defined using the `helm_chart` rule and it's available as `:chart` target inside the repo name.
+    The downloaded chart is defined using the `helm_chart` rule and it's available as `:chart` target inside the repo name.
 
-```starlark
-# WORKSPACE or extensions.bzl/MODULE.bazel
-load("//helm:defs.bzl", "helm_pull")
-
-helm_pull(
-    name = "example_helm_chart",
-    chart_name = "example",
-    repo_url = "oci://docker.pkg.dev/project/helm-charts",
-    version = "1.0.0",
-)
+    ```starlark
+    # With bzlmod, you typically will:
+    # MODULE.bazel
+    bazel_dep(name = "masorange_rules_helm", version = "1.3.1")
+
+    helm = use_extension("@masmovil_bazel_rules//:extensions.bzl", "utils")
+
+    helm.pull(
+        name = "some_chart",
+        chart_name = "chart_name",
+        # do not add the chart name to the end of the url
+        repo_url = "oci://docker.pkg.dev/helm-charts",
+        version = "v1-stable",
+    )
+    use_repo(helm, "some_chart")
 ```
 
-It can be later referenced in a BUILD file in `helm_chart` dep:
+In non bzlmod workspaces:
+```starlark
+    # WORKSPACE
+    load("//helm:defs.bzl", "helm_pull")
+
+    helm_pull(
+        name = "example_helm_chart",
+        chart_name = "example",
+        repo_url = "oci://docker.pkg.dev/project/helm-charts",
+        version = "1.0.0",
+    )
+    ```
+
+    It can be later referenced in a BUILD file in `helm_chart` dep:
 
 ```starlark
-helm_chart(
-    ...
-    deps = [
-        "@example_helm_chart//:chart",
-    ]
-)
-```
+    helm_chart(
+        ...
+        deps = [
+            "@example_helm_chart//:chart",
+        ]
+    )
+    ```
 
 **ATTRIBUTES**
 
@@ -60,6 +78,6 @@ helm_chart(
 | <a id="helm_pull-repo_name"></a>repo_name |  The name of the repository. This is only useful if you provide a `repository_config` file and you want the repo url to be located within the repo config.   | String | optional |  `""`  |
 | <a id="helm_pull-repo_url"></a>repo_url |  The url where the chart is located. You have to omit the chart name from the url.   | String | required |  |
 | <a id="helm_pull-repository_config"></a>repository_config |  The repository config file.   | <a href="https://bazel.build/concepts/labels">Label</a> | optional |  `None`  |
-| <a id="helm_pull-version"></a>version |  The version of the chart to download.   | String | required |  |
+| <a id="helm_pull-version"></a>version |  The version of the chart to download. If no specified, the latest version will be pulled.   | String | optional |  `""`  |
 
 
diff --git a/docs/helm_release.md b/docs/helm_release.md
@@ -8,7 +8,7 @@
 
 <pre>
 helm_release(<a href="#helm_release-name">name</a>, <a href="#helm_release-chart">chart</a>, <a href="#helm_release-create_namespace">create_namespace</a>, <a href="#helm_release-kubernetes_context">kubernetes_context</a>, <a href="#helm_release-namespace">namespace</a>, <a href="#helm_release-namespace_dep">namespace_dep</a>,
-             <a href="#helm_release-release_name">release_name</a>, <a href="#helm_release-set">set</a>, <a href="#helm_release-values">values</a>, <a href="#helm_release-values_yaml">values_yaml</a>, <a href="#helm_release-wait">wait</a>)
+             <a href="#helm_release-release_name">release_name</a>, <a href="#helm_release-remote_chart">remote_chart</a>, <a href="#helm_release-set">set</a>, <a href="#helm_release-values">values</a>, <a href="#helm_release-values_yaml">values_yaml</a>, <a href="#helm_release-version">version</a>, <a href="#helm_release-wait">wait</a>)
 </pre>
 
   Installs or upgrades a helm release of a chart in to a cluster using helm binary.
@@ -18,36 +18,69 @@ helm_release(<a href="#helm_release-name">name</a>, <a href="#helm_release-chart
   load("//helm:defs.bzl", "helm_release")
   ```
 
-  This rule builds an executable. Use `run` instead of `build` to be install the release.
+  This rule builds an executable. Use `run` instead of `build` to execute it.
 
   ```starklark
 helm_release(
-    name = "chart_install",
+    name = "install",
+    remote_chart = "oci://docker.pkg.dev/helm-charts/test_helm_chart",
+    version = "0.7.5",
+    namespace = "myapp",
+    release_name = "helm-release-name",
+    values = ["additional_values.yaml"],
+)
+
+helm_release(
+    name = "install",
     chart = ":chart",
     namespace = "myapp",
-    tiller_namespace = "tiller-system",
+    release_name = "helm-release-name",
+    values = glob(["charts/myapp/values.yaml"]),
+)
+```
+
+Example of use providing a kubernetes context config:
+```starklark
+helm_release(
+    name = "chart_install",
+    chart = ":chart",
     release_name = "release-name",
-    values_yaml = glob(["charts/myapp/values.yaml"]),
-    kubernetes_context = "mm-k8s-context",
+    values = glob(["charts/myapp/values.yaml"]),
+    kubernetes_context = "mm-k8s-c<ontext",
 )
 ```
 
-Example of use with k8s_namespace:
+Example of use decryptying sops secrets:
+```starklark
+
+sops_decrypt(
+  name = "secret",
+  srcs = ["secrets.yaml"],
+)
+
+helm_release(
+    name = "chart_install",
+    chart = ":chart",
+    release_name = "release-name",
+    values = glob(["charts/myapp/values.yaml"]) + [":secret"],
+)
+```
+
+Example of use with k8s_namespace annotated with a GCP SA:
 ```starklark
 k8s_namespace(
   name = "test-namespace",
   namespace_name = "test-namespace",
   kubernetes_sa = "test-kubernetes-sa",
   kubernetes_context = "mm-k8s-context",
 )
+
 helm_release(
     name = "chart_install",
     chart = ":chart",
     namespace_dep = ":test-namespace",
-    tiller_namespace = "tiller-system",
     release_name = "release-name",
-    values_yaml = glob(["charts/myapp/values.yaml"]),
-    kubernetes_context = "mm-k8s-context",
+    values = glob(["charts/myapp/values.yaml"]),
 )
 ```
 
@@ -57,15 +90,17 @@ helm_release(
 | Name  | Description | Type | Mandatory | Default |
 | :------------- | :------------- | :------------- | :------------- | :------------- |
 | <a id="helm_release-name"></a>name |  A unique name for this target.   | <a href="https://bazel.build/concepts/labels#target-names">Name</a> | required |  |
-| <a id="helm_release-chart"></a>chart |  The packaged chart archive to be published. It can be a reference to a `helm_chart` rule or a reference to a helm archived file   | <a href="https://bazel.build/concepts/labels">Label</a> | required |  |
+| <a id="helm_release-chart"></a>chart |  The packaged chart archive to be published. It can be a reference to a `helm_chart` rule or a reference to a helm archived file. To specify a helm chart from a remote repository use `remote_chart` instead.   | <a href="https://bazel.build/concepts/labels">Label</a> | optional |  `None`  |
 | <a id="helm_release-create_namespace"></a>create_namespace |  A flag to indicate helm binary to create the kubernetes namespace if it is not already present in the cluster.   | Boolean | optional |  `True`  |
 | <a id="helm_release-kubernetes_context"></a>kubernetes_context |  Reference to a kubernetes context file used by helm binary.   | <a href="https://bazel.build/concepts/labels">Label</a> | optional |  `None`  |
 | <a id="helm_release-namespace"></a>namespace |  The namespace literal where to install the helm release. Set to `""` to use namespace from current kube context   | String | optional |  `""`  |
 | <a id="helm_release-namespace_dep"></a>namespace_dep |  A reference to a `k8s_namespace` rule from where to extract the namespace to be used to install the release.Namespace where this release is installed to. Must be a label to a k8s_namespace rule. It takes precedence over namespace   | <a href="https://bazel.build/concepts/labels">Label</a> | optional |  `None`  |
 | <a id="helm_release-release_name"></a>release_name |  The name of the helm release to be installed or upgraded.   | String | required |  |
+| <a id="helm_release-remote_chart"></a>remote_chart |  Helm registry url of the chart to be installed. If `chart` attribute is also providedd, `remote_chart` has preference.   | String | optional |  `""`  |
 | <a id="helm_release-set"></a>set |  A dictionary of key value pairs consisting on yaml paths and values to be replaced in the chart via --set helm option before installing it: "yaml.path": "value"   | <a href="https://bazel.build/rules/lib/dict">Dictionary: String -> String</a> | optional |  `{}`  |
 | <a id="helm_release-values"></a>values |  A list of value files to be provided to helm install command through -f flag.   | <a href="https://bazel.build/concepts/labels">List of labels</a> | optional |  `[]`  |
 | <a id="helm_release-values_yaml"></a>values_yaml |  [Deprecated] Use `values` attr instead   | <a href="https://bazel.build/concepts/labels">List of labels</a> | optional |  `[]`  |
+| <a id="helm_release-version"></a>version |  Chart version to be installed in a kubernetes cluster. This option will only be used if the `remote_chart` attribute is used.   | String | optional |  `""`  |
 | <a id="helm_release-wait"></a>wait |  Helm flag to wait for all resources to be created to exit.   | Boolean | optional |  `True`  |
 
 
diff --git a/docs/sops_decrypt.md b/docs/sops_decrypt.md
@@ -56,7 +56,7 @@ helm_release(
     chart = ":chart",
     namespace = "myapp",
     release_name = "release-name",
-    values_yaml = glob(["charts/myapp/values.yaml"]) + [":decrypt_secret_files"],
+    values = glob(["charts/myapp/values.yaml"]) + [":decrypt_secret_files"],
 )
 ```
 

diff --git a/gcs/private/BUILD b/gcs/private/BUILD
@@ -1,7 +1,5 @@
 load("@bazel_skylib//:bzl_library.bzl", "bzl_library")
 
-exports_files(["gcs-upload.sh.tpl"])
-
 exports_files(
     glob(["*.bzl"]),
     visibility = ["//docs:__pkg__"],

diff --git a/helm/private/helm_pull.bzl b/helm/private/helm_pull.bzl
@@ -18,7 +18,25 @@ _DOC = """
     The downloaded chart is defined using the `helm_chart` rule and it's available as `:chart` target inside the repo name.
 
     ```starlark
-    # WORKSPACE or extensions.bzl/MODULE.bazel
+    # With bzlmod, you typically will:
+    # MODULE.bazel
+    bazel_dep(name = "masorange_rules_helm", version = "1.3.1")
+
+    helm = use_extension("@masmovil_bazel_rules//:extensions.bzl", "utils")
+
+    helm.pull(
+        name = "some_chart",
+        chart_name = "chart_name",
+        # do not add the chart name to the end of the url
+        repo_url = "oci://docker.pkg.dev/helm-charts",
+        version = "v1-stable",
+    )
+    use_repo(helm, "some_chart")
+```
+
+In non bzlmod workspaces:
+```starlark
+    # WORKSPACE
     load("//helm:defs.bzl", "helm_pull")
 
     helm_pull(
@@ -31,7 +49,7 @@ _DOC = """
 
     It can be later referenced in a BUILD file in `helm_chart` dep:
 
-    ```starlark
+```starlark
     helm_chart(
         ...
         deps = [
@@ -45,8 +63,7 @@ pull_attrs = {
     "chart_name": attr.string(mandatory = True, doc="The name of the helm_chart to download. It will be appendend at the end of the repository url."),
     "repo_url": attr.string(mandatory = True, doc="The url where the chart is located. You have to omit the chart name from the url."),
     "repo_name": attr.string(mandatory = False, doc="The name of the repository. This is only useful if you provide a `repository_config` file and you want the repo url to be located within the repo config."),
-    # TODO: extract latest version from repo index and mark version as an optional attr
-    "version": attr.string(mandatory = True, doc="The version of the chart to download."),
+    "version": attr.string(mandatory = False, doc="The version of the chart to download. If no specified, the latest version will be pulled."),
     "repository_config": attr.label(allow_single_file = True, mandatory = False, doc="The repository config file."),
 }
 
@@ -66,11 +83,14 @@ def _helm_pull_impl(rctx):
     args = ["helm", "pull"]
 
     if rctx.attr.repository_config and rctx.attr.repo_name:
-        args += ["%s/%s" % (rctx.attr.repo_name, rctx.attr.chart_name), "--version", rctx.attr.version]
+        args += ["%s/%s" % (rctx.attr.repo_name, rctx.attr.chart_name)]
     elif rctx.attr.repo_url.startswith('oci://'):
-        args += ["%s/%s" % (rctx.attr.repo_url, rctx.attr.chart_name), "--version", rctx.attr.version]
+        args += ["%s/%s" % (rctx.attr.repo_url, rctx.attr.chart_name)]
     else:
-        args += ["%s/%s" % (rctx.attr.repo_url, rctx.attr.chart_name), "--version", rctx.attr.version]
+        args += ["%s/%s" % (rctx.attr.repo_url, rctx.attr.chart_name)]
+
+    if rctx.attr.version:
+        args += ["--version", rctx.attr.version]
 
     if rctx.attr.repository_config:
         args += ["--repository-config", rctx.file.repository_config.path]

diff --git a/helm/private/helm_release.bzl b/helm/private/helm_release.bzl
@@ -104,7 +104,19 @@ def _helm_release_impl(ctx):
 
     namespace = ctx.attr.namespace_dep[NamespaceDataInfo].namespace if ctx.attr.namespace_dep else ctx.attr.namespace
 
-    args = ["upgrade", ctx.attr.release_name, ctx.file.chart.short_path, '--install']
+    args = ["upgrade", ctx.attr.release_name]
+
+    if not ctx.attr.remote_chart and ctx.attr.chart:
+      files += [ctx.file.chart]
+      args.append(ctx.file.chart.short_path)
+
+    args.append('--install')
+
+    if ctx.attr.remote_chart:
+      if not ctx.attr.version:
+        print("WARN: No chart version has been provided via `version` attribute. The latest chart published to the registry will be used.")
+
+      args += ["--version", ctx.attr.version]
 
     if namespace:
       args += ["--namespace", namespace]
@@ -124,15 +136,6 @@ def _helm_release_impl(ctx):
     if ctx.attr.chart and ctx.attr.remote_chart:
       print("WARN: You have provide both `remote_chart` and `chart` attributes, only `remote_chart` will be used.")
 
-    if ctx.attr.remote_chart:
-      if not ctx.attr.version:
-        print("WARN: No chart version has been provided via `version` attribute. The latest chart published to the registry will be used.")
-
-      args.append("--version", ctx.attr.version)
-
-    if not ctx.attr.remote_chart and ctx.attr.chart:
-      files += [ctx.file.chart]
-
     for values in ctx.files.values:
       args += ["-f", values.short_path]
 

diff --git a/sops/private/sops_decrypt.bzl b/sops/private/sops_decrypt.bzl
@@ -64,6 +64,7 @@ def _sops_decrypt_impl(ctx):
 
         args = ctx.actions.args()
 
+        args.add("--output", out_file.path)
         args.add("--decrypt", src.path)
         args.add("--config", ctx.file.sops_yaml.path)
 

diff --git a/sops/private/sops_decrypt.sh.tpl b/sops/private/sops_decrypt.sh.tpl
diff --git a/sops/private/sops_toolchain.bzl b/sops/private/sops_toolchain.bzl
@@ -180,7 +180,7 @@ resolved_toolchain(name = "resolved_toolchain", visibility = ["//visibility:publ
 toolchain(
     name = "{platform}_toolchain",
     exec_compatible_with = {compatible_with},
-    toolchain = "@sops.{platform}//:sops_toolchain",
+    toolchain = "@sops_{platform}//:sops_toolchain",
     toolchain_type = "@masorange_rules_helm//sops:sops_toolchain_type",
 )
 """.format(