feat: add reusable workflow for Helm Chart

LedgerHQ · Sep 30, 2023 · 135d89a · 135d89a
1 parent 5c9d1c9
commit 135d89a
Show file tree

Hide file tree

Showing 4 changed files with 203 additions and 0 deletions.
diff --git a/.github/workflows/_helm_lint_publish.yml b/.github/workflows/_helm_lint_publish.yml
@@ -0,0 +1,77 @@
+name: _Build and publish Helm Chart
+
+on:
+  workflow_call:
+    inputs:
+      release:
+        type: boolean
+        required: false
+        default: false
+      version:
+        type: string
+        required: false
+      chart-testing-config:
+        type: string
+        required: false
+        default: ".github/ct.yaml"
+
+jobs:
+  lint-chart:
+    runs-on: [self-hosted, shared]
+    steps:
+      - name: Run Chart lint
+        uses: LedgerHQ/actions/helm/lint@add-reusable-workflow-helm
+        with:
+          chart-testing-config: ${{inputs.chart-testing-config}}
+
+  kubeconform-chart:
+    runs-on: [self-hosted, shared]
+    strategy:
+      matrix:
+        k8s:
+          - v1.22.4
+          - v1.23.0
+          - v1.24.0
+    steps:
+      - name: Checkout
+        uses: LedgerHQ/actions/helm/conform@add-reusable-workflow-helm
+        with:
+          kubernetes-version: ${{ matrix.k8s }}
+
+  publish-chartmuseum-dev:
+    name: publish-chartmuseum-dev
+    environment: chartmuseum-dev
+    if: inputs.version != ''
+    runs-on: [self-hosted, shared]
+    needs: [lint-chart, kubeconform-chart]
+    steps:
+      - name: Checkout
+        uses: actions/checkout@v4
+        with:
+          fetch-depth: 0
+      - name: Push chart to chartmuseum-prd repo
+        uses: LedgerHQ/actions/helm/publish-cm@add-reusable-workflow-helm
+        with:
+          version: ${{ inputs.version }}
+          chartmuseum-url: ${{ secrets.CHARTMUSEUM_URL }}
+          chartmuseum-user: ${{ secrets.CHARTMUSEUM_USER }}
+          chartmuseum-password: ${{ secrets.CHARTMUSEUM_PASSWORD }}
+
+  publish-chartmuseum-prd:
+    name: publish-chartmuseum-prd
+    environment: chartmuseum-prd
+    if: inputs.version != '' && inputs.release != false
+    runs-on: [self-hosted, shared]
+    needs: [publish-chartmuseum-dev]
+    steps:
+      - name: Checkout
+        uses: actions/checkout@v4
+        with:
+          fetch-depth: 0
+      - name: Push chart to chartmuseum-prd repo
+        uses: LedgerHQ/actions/helm/publish-cm@add-reusable-workflow-helm
+        with:
+          version: ${{ inputs.version }}
+          chartmuseum-url: ${{ secrets.CHARTMUSEUM_URL }}
+          chartmuseum-user: ${{ secrets.CHARTMUSEUM_USER }}
+          chartmuseum-password: ${{ secrets.CHARTMUSEUM_PASSWORD }}
diff --git a/helm/conform/action.yml b/helm/conform/action.yml
@@ -0,0 +1,46 @@
+name: "Run Kubeconform"
+description: "Run Kubeconform againt specified K8S version."
+
+inputs:
+  kubernetes-version:
+    description: "Specify the kubernetes version that you want to test."
+    required: true
+  charts-path:
+    description: "Specify the path where the charts are located."
+    required: false
+    default: "./helm/charts/"
+
+runs:
+  using: "composite"
+  steps:
+      - name: Checkout
+        uses: actions/checkout@v4
+        with:
+          fetch-depth: 0
+
+      - name: Run kubeconform
+        shell: bash
+        env:
+          KUBERNETES_VERSION: ${{ matrix.k8s }}
+          KUBECONFORM_VERSION: "v0.4.12"
+          KUBECONFORM_BASE_URL: "https://github.com/yannh/kubeconform/releases/download"
+          FILENAME_FORMAT: "{kind}-{group}-{version}"
+        run: |
+          set -o pipefail
+          OS=$(uname)
+          # install kubeconform
+          curl -sSfL "${KUBECONFORM_BASE_URL}/${KUBECONFORM_VERSION}/kubeconform-${OS}-amd64.tar.gz" |
+          tar -xzf - kubeconform
+          # validate changed charts
+          for chart in ${{ inputs.charts-path }}/*/; do
+            values=$(echo "${chart}" | sed "s/charts/values/g")
+            echo "Running kubeconform for folder: '${chart}'"
+            helm dep up "${chart}" &&
+            for value in $(find "${values}" -type f -name "*.yaml"); do
+              echo -e "▶ Validating ${chart} with values from ${value}"
+              helm template --kube-version "${KUBERNETES_VERSION#v}" -f "${value}" "${chart}" |
+              ./kubeconform -strict -ignore-missing-schemas -exit-on-error \
+                -schema-location default -schema-location 'helm/k8s-crds-schemas/{{ .ResourceKind }}{{ .KindSuffix }}.json' \
+                -kubernetes-version "${KUBERNETES_VERSION#v}" -summary -verbose -schema-location default
+            done
+          done
diff --git a/helm/lint/action.yml b/helm/lint/action.yml
@@ -0,0 +1,37 @@
+name: "Run Helm Chart Testing & Docs"
+description: "Run Helm Chart Testing & Docs"
+
+inputs:
+  chart-testing-config:
+    description: "Specify the path where the ct.yaml is located."
+    required: true
+    default: ".github/ct.yaml"
+
+runs:
+  using: "composite"
+  steps:
+      - name: Checkout
+        uses: actions/checkout@v4
+        with:
+          fetch-depth: 0
+
+      - name: Set up chart-testing
+        uses: helm/chart-testing-action@v2.2.0
+
+      - name: Run chart-testing (lint)
+        shell: bash
+        run: ct lint --config ${{ inputs.chart-testing-config }} --check-version-increment=false
+
+      - name: Run helm-docs
+        shell: bash
+        env:
+          HELM_DOCS_VERSION: "1.11.0"
+          HELM_DOCS_BASE_URL: "https://github.com/norwoodj/helm-docs/releases/download"
+        run: |
+          OS=$(uname)
+          # install helm-docs
+          curl -sSfL "${HELM_DOCS_BASE_URL}/v${HELM_DOCS_VERSION}/helm-docs_${HELM_DOCS_VERSION}_${OS}_x86_64.tar.gz" |
+          tar -xzf - helm-docs
+          # validate docs
+          ./helm-docs
+          git diff --exit-code
diff --git a/helm/publish-cm/action.yml b/helm/publish-cm/action.yml
@@ -0,0 +1,43 @@
+name: "Publish Helm Chart on chart museum"
+description: "Publish Helm Chart on chart museum."
+
+inputs:
+  version:
+    description: "Specify the chart version to publish."
+    required: true
+  charts-path:
+    description: "Specify the path where the charts are located."
+    required: false
+    default: "./helm/charts/"
+  chartmuseum-url:
+    description: "Specify the URL of Chart Museum"
+    required: true
+  chartmuseum-user:
+    description: "Specify the user of Chart Museum"
+    required: true
+  chartmuseum-password:
+    description: "Specify the password of Chart Museum"
+    required: true
+
+runs:
+  using: "composite"
+  steps:
+      - name: Checkout
+        uses: actions/checkout@v4
+        with:
+          fetch-depth: 0
+
+      - name: Add chartmuseum-prd helm repo
+        shell: bash
+        run: |
+          if ! helm plugin list | grep -q push; then
+            helm plugin install https://github.com/chartmuseum/helm-push.git
+          fi
+          helm repo add chartmuseum-prd --username ${{ inputs.chartmuseum-user }} --password ${{ inputs.chartmuseum-password }} ${{ inputs.chartmuseum-url }} &&
+          helm repo update
+      - name: Push chart to chartmuseum-prd repo
+        shell: bash
+        run: |
+          for chart in ${{ inputs.charts-path }}/*/; do
+            helm cm-push $chart chartmuseum-prd --version ${{ inputs.version }}
+          done