-
Notifications
You must be signed in to change notification settings - Fork 0
190 lines (165 loc) · 8.34 KB
/
helm-chart-package.yml
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
name: helm-chart-package
on:
workflow_call:
inputs:
registry:
type: string
description: e.g. ghcr.io/gh-user, xyz.azurecr.io or docker.io
required: true
repository:
type: string
description: If unset we use the name of the current Git repository.
repository-prefix:
type: string
description: e.g. prefix/
default: ''
chart-repository-prefix:
type: string
description: e.g. prefix/charts/
default: ''
tag:
type: string
description: e.g. latest, latest-dev, 1.2.3
required: true
chart-path:
type: string
description: Relative path to the charts folder in the Git repository.
default: ./charts/
is-library-chart:
type: boolean
description: Is the helm chart a library chart?
default: false
push-chart:
type: boolean
description: By default always push the newly packaged chart.
default: true
chart-testing-cli-version:
type: string
description: See https://quay.io/repository/helmpack/chart-testing?tab=tags
default: latest
chart-testing-cli-command:
type: string
description: Accepts lint or install. Default is lint.
default: lint
jobs:
helm-chart-package:
runs-on: ubuntu-latest
steps:
- uses: actions/checkout@v4
- name: setup helm (1 of 2) #pull version from devcontainer.json
run: |
npm install --global json5
json5 -c .devcontainer/devcontainer.json
VERSION_TO_INSTALL=$(cat .devcontainer/devcontainer.json | jq -r '.features[] | select(.helm | . != null).helm')
git restore .devcontainer/devcontainer.json
echo "VERSION_TO_INSTALL=$VERSION_TO_INSTALL" >> $GITHUB_ENV
echo "VERSION_TO_INSTALL=$VERSION_TO_INSTALL"
- name: setup helm (2 of 2)
uses: azure/setup-helm@v4
with:
version: ${{ env.VERSION_TO_INSTALL }}
- name: set vars
run: |
if [[ -z "${{ inputs.repository }}" ]]; then
REPOSITORY=$(echo ${{ github.repository }} | sed "s|${{ github.repository_owner }}\/||g")
else
REPOSITORY=${{ inputs.repository }}
fi
REPOSITORY=${REPOSITORY,,}
echo "CHART_NAME=$REPOSITORY" >> $GITHUB_ENV
echo "CHART_PATH=${{ inputs.chart-path }}$REPOSITORY" >> $GITHUB_ENV
REGISTRY=${{ inputs.registry }}
echo "REGISTRY=$REGISTRY" >> $GITHUB_ENV
echo "REPOSITORY=${{ inputs.repository-prefix }}$REPOSITORY" >> $GITHUB_ENV
echo "IMAGE_REPOSITORY=$REGISTRY/$REPOSITORY" >> $GITHUB_ENV
echo "TAG=${{ inputs.tag }}" >> $GITHUB_ENV
- name: helm build/lint/package
run: |
echo "CHART_NAME=$CHART_NAME"
echo "CHART_PATH=$CHART_PATH"
echo "REGISTRY=$REGISTRY"
echo "REPOSITORY=$REPOSITORY"
echo "IMAGE_REPOSITORY=$IMAGE_REPOSITORY"
echo "TAG=$TAG"
LABEL=$REPOSITORY-$TAG
if [[ "${#LABEL}" -gt 63 ]]; then
echo "::error::RFC 1123 Label Names maximum length of 63 characters reached for '$LABEL', suggest shortening your repository or branch name."
exit 1
fi
printf "\n\n>helm version\n"
helm version
printf "\n\n>helm registry login $REGISTRY --username ${{ github.repository_owner }} --password-stdin\n"
printf ${{ secrets.GITHUB_TOKEN }} | helm registry login $REGISTRY --username ${{ github.repository_owner }} --password-stdin
#printf $servicePrincipalKey | helm registry login $REGISTRY --username $servicePrincipalId --password-stdin
printf "\n\nUpdate the version+appVersion in the Chart.yaml before packaging...\n"
yq -i '.version = env(TAG)' $CHART_PATH/Chart.yaml
if [[ "${{ inputs.is-library-chart }}" == "false" ]]; then
yq -i '.appVersion = env(TAG)' $CHART_PATH/Chart.yaml
fi
cat $CHART_PATH/Chart.yaml
if [[ "${{ inputs.is-library-chart }}" == "false" ]]; then
printf "\n\nUpdate the repository in the values.yaml before packaging...\n"
yq -i '.image.repository = env(IMAGE_REPOSITORY)' $CHART_PATH/values.yaml
yq -i '.image.tag = env(TAG)' $CHART_PATH/values.yaml
printf "\n\nAdd git repository context in the values.yaml before packaging...\n"
yq -i '.git.repository=env(GITHUB_REPOSITORY)' $CHART_PATH/values.yaml
yq -i '.git.branch=env(GITHUB_REF)' $CHART_PATH/values.yaml
yq -i '.git.commit=env(GITHUB_SHA)' $CHART_PATH/values.yaml
printf "\n\nAdd github context in the values.yaml before packaging...\n"
yq -i '.github.workflow=env(GITHUB_WORKFLOW)' $CHART_PATH/values.yaml
yq -i '.github.run_id=env(GITHUB_RUN_ID)' $CHART_PATH/values.yaml
yq -i '.github.run_number=env(GITHUB_RUN_NUMBER)' $CHART_PATH/values.yaml
cat $CHART_PATH/values.yaml
fi
#Note: when pulling library charts from private ghcr packages you need to give the pulling repository permission to pull the package
#https://helm.sh/docs/helm/helm_dependency_update/
printf "\n\n>helm dependency update $CHART_PATH\n"
helm dependency update $CHART_PATH
#https://helm.sh/docs/helm/helm_dependency_list/
printf "\n\n>helm dependency list $CHART_PATH\n"
helm dependency list $CHART_PATH
#https://helm.sh/docs/helm/helm_lint/
printf "\n\n>helm lint $CHART_PATH\n"
helm lint $CHART_PATH
#https://helm.sh/docs/helm/helm_package/
printf "\n\n>helm package $CHART_PATH --destination ${{ github.workspace }}/artifacts/ --app-version $TAG\n"
helm package $CHART_PATH --destination ${{ github.workspace }}/artifacts/ --app-version $TAG
if [[ "${{ inputs.is-library-chart }}" == "false" ]]; then
#https://helm.sh/docs/helm/helm_template/
printf "\n\n>helm template $CHART_NAME $CHART_PATH > ${{ github.workspace }}/artifacts/$CHART_NAME.yaml\n"
helm template $CHART_NAME $CHART_PATH > ${{ github.workspace }}/artifacts/$CHART_NAME.yaml
cat ${{ github.workspace }}/artifacts/$CHART_NAME.yaml
else
printf "\n\nhelm template skipped...\n"
fi
printf "\n\nsuccess!"
- uses: helm/kind-action@v1
if: inputs.chart-testing-cli-command == 'install' && inputs.is-library-chart == false
#https://github.com/helm/chart-testing/blob/main/doc/ct_lint.md
- name: chart-testing (lint)
if: inputs.chart-testing-cli-command == 'lint'
run: |
ARGS="--set=image.tag=$TAG"
docker run --rm --network host --workdir=/data --volume ~/.kube/config:/root/.kube/config:ro \
--volume $(pwd):/data quay.io/helmpack/chart-testing:${{ inputs.chart-testing-cli-version }} \
ct ${{ inputs.chart-testing-cli-command }} --charts $CHART_PATH \
--helm-extra-args "$ARGS" --validate-maintainers=false
#https://github.com/helm/chart-testing/blob/main/doc/ct_install.md
- name: chart-testing (install)
if: inputs.chart-testing-cli-command == 'install' && inputs.is-library-chart == false
run: |
#Note: we can only fully install the chart if we have pushed the image as well, assumption inputs.push-chart == inputs.push-image
ARGS="--set=image.tag=$TAG"
if [[ "${{ inputs.push-chart }}" == "false" ]]; then
ARGS="--set=image.repository=nginx --set=image.tag=latest"
fi
docker run --rm --network host --workdir=/data --volume ~/.kube/config:/root/.kube/config:ro \
--volume $(pwd):/data quay.io/helmpack/chart-testing:${{ inputs.chart-testing-cli-version }} \
ct ${{ inputs.chart-testing-cli-command }} --charts $CHART_PATH \
--helm-extra-set-args "$ARGS" --build-id ${{ github.run_id }}
- name: helm push
if: inputs.push-chart == true
run: |
#https://helm.sh/docs/helm/helm_push/
printf "\n\n>helm push ${{ github.workspace }}/artifacts/$CHART_NAME-$TAG.tgz oci://$REGISTRY/${{ inputs.chart-repository-prefix }}\n"
helm push ${{ github.workspace }}/artifacts/$CHART_NAME-$TAG.tgz oci://$REGISTRY/${{ inputs.chart-repository-prefix }}