This action lints a Helmfile deployment.
To catch mistakes early on, we want to test as many helm chart configuration as we can.
https://github.com/wtag/helm-lint-action is another action we made that will test a single chart (generally the chart to deploy the application).
This action allows us to test every chart present in a helmfile.
We are stuck with a dilemma.
On one hand, we do not want GitHub or any other third-party services to know about secrets of our applications.
On the other hand, we want to test as much as we can of the helm charts we are going to deploy. A great way to do this is to use the helmfile template and helmfile lint commands, which are testing every helm release we will make.
Unfortunately, those commands use the secrets.yaml files, but we do not have access to them from the CI.
In this action, we are recreating every secret.yaml files:
- The keys are exactly the same as the original
secret.yamlfile - All values are set to the
"dummy"string - The
secrets.yamlare re-encrypted using a localgpgencryption.
This will allow us to be able to run helmfile template and helmfile lint without making a single change to the helmfile of the application.
Required The environment that we would like to lint (staging or production)
Required (default: "deployment") The path to the directory where the helmfile is located
uses: wtag/helmfile-lint-action@master
with:
stage: staging# Build the docker image
docker build -t helmfile-lint-action-local .
# Set your variables accordingly
export HELMFILE_DIRECTORY=$PWD/../meta/deployment
export STAGE=staging
# Run the GitHub action locally 🎉
docker run -v $HELMFILE_DIRECTORY:/app helmfile-lint-action-local /app "${STAGE}"