Skip to content

Commit

Permalink
feat: initial WIP version
Browse files Browse the repository at this point in the history
  • Loading branch information
dirien committed Dec 9, 2024
1 parent 2296e48 commit a0baa28
Show file tree
Hide file tree
Showing 30 changed files with 1,480 additions and 830 deletions.
2 changes: 2 additions & 0 deletions .github/configs/cr.yaml
Original file line number Diff line number Diff line change
@@ -0,0 +1,2 @@
## Reference: https://github.com/helm/chart-releaser
index-path: "./index.yaml"
13 changes: 13 additions & 0 deletions .github/configs/ct-install.yaml
Original file line number Diff line number Diff line change
@@ -0,0 +1,13 @@
## Reference: https://github.com/helm/chart-testing/blob/master/doc/ct_lint-and-install.md
# Don't add the 'debug' attribute, otherwise the workflow won't work anymore
# Only Used for the CT Lint Stage
remote: origin
target-branch: master
chart-dirs:
- helm
helm-extra-args: "--timeout 600s"
validate-chart-schema: false
validate-maintainers: true
validate-yaml: true
exclude-deprecated: true
excluded-charts: []
13 changes: 13 additions & 0 deletions .github/configs/ct-lint.yaml
Original file line number Diff line number Diff line change
@@ -0,0 +1,13 @@
## Reference: https://github.com/helm/chart-testing/blob/master/doc/ct_lint-and-install.md
# Don't add the 'debug' attribute, otherwise the workflow won't work anymore
# Only Used for the CT Lint Stage
remote: origin
target-branch: main
chart-dirs:
- helm
helm-extra-args: "--timeout 600s"
validate-chart-schema: false
validate-maintainers: true
validate-yaml: true
exclude-deprecated: true
excluded-charts: []
42 changes: 42 additions & 0 deletions .github/configs/lintconf.yaml
Original file line number Diff line number Diff line change
@@ -0,0 +1,42 @@
---
rules:
braces:
min-spaces-inside: 0
max-spaces-inside: 0
min-spaces-inside-empty: -1
max-spaces-inside-empty: -1
brackets:
min-spaces-inside: 0
max-spaces-inside: 0
min-spaces-inside-empty: -1
max-spaces-inside-empty: -1
colons:
max-spaces-before: 0
max-spaces-after: 1
commas:
max-spaces-before: 0
min-spaces-after: 1
max-spaces-after: 1
comments:
require-starting-space: true
min-spaces-from-content: 1
document-end: disable
document-start: disable # No --- to start a file
empty-lines:
max: 2
max-start: 0
max-end: 0
hyphens:
max-spaces-after: 1
indentation:
spaces: consistent
indent-sequences: whatever # - list indentation will handle both indentation and without
check-multi-line-strings: false
key-duplicates: enable
line-length: disable # Lines can be any length
new-line-at-end-of-file: enable
new-lines:
type: unix
trailing-spaces: enable
truthy:
level: warning
78 changes: 78 additions & 0 deletions .github/workflows/chart-lint-and-test.yml
Original file line number Diff line number Diff line change
@@ -0,0 +1,78 @@
name: ct-linting-and-testing
on:
pull_request:
paths:
- helm/**
- "!helm/pulumi-operator/README.md"
- "!helm/pulumi-operator/README.md.gotmpl"

permissions: read-all

jobs:
chart-test:
runs-on: ubuntu-latest
steps:
- name: Checkout
uses: actions/checkout@44c2b7a8a4ea60a981eaca3cf939b5f4305c123b # v4.1.5
with:
fetch-depth: 0

- name: Set up Helm
uses: azure/setup-helm@5119fcb9089d432beecbf79bb2c7915207344b78 # v3.5
with:
version: v3.6.3

- name: Set up python
uses: actions/setup-python@82c7e631bb3cdc910f68e0081d67478d79c6982d # v5.1.0
with:
python-version: 3.7

- name: Run Trivy vulnerability scanner in IaC mode
uses: aquasecurity/trivy-action@b2933f565dbc598b29947660e66259e3c7bc8561 # 0.20.0
with:
scan-type: 'config'
hide-progress: false
format: 'sarif'
scan-ref: 'helm'
output: 'trivy-results.sarif'
limit-severities-for-sarif: true
exit-code: '0'
ignore-unfixed: true
severity: 'CRITICAL,HIGH'

- name: Upload Trivy scan results to GitHub Security tab
uses: github/codeql-action/upload-sarif@ccf74c947955fd1cf117aef6a0e4e66191ef6f61 # v3.25.4
with:
sarif_file: 'trivy-results.sarif'

- name: Setup Chart Linting
id: lint
uses: helm/chart-testing-action@e6669bcd63d7cb57cb4380c33043eebe5d111992 # v2.6.1

- name: List changed charts
id: list-changed
run: |
## If executed with debug this won't work anymore.
changed=$(ct --config ./.github/configs/ct-lint.yaml list-changed)
charts=$(echo "$changed" | tr '\n' ' ' | xargs)
if [[ -n "$changed" ]]; then
echo "changed=true" >> "$GITHUB_OUTPUT"
echo "changed_charts=$charts" >> "$GITHUB_OUTPUT"
fi
- name: Run Artifact Hub lint
run: |
curl -s https://api.github.com/repos/artifacthub/hub/releases/latest | grep -E 'browser_download_url' | grep linux_amd64.tar.gz\" | grep -Eo 'https://[^\"]*' | xargs wget -O - | tar -xz
./ah lint -p helm || exit 1
rm -f ./ah
- name: Run chart-testing (lint)
run: ct lint --debug --config ./.github/configs/ct-lint.yaml --lint-conf ./.github/configs/lintconf.yaml

- name: Create kind cluster
uses: helm/kind-action@0025e74a8c7512023d06dc019c617aa3cf561fde # v1.10.0
if: steps.list-changed.outputs.changed == 'true'

- name: Run chart-testing (install)
run: ct install --config ./.github/configs/ct-lint.yaml
if: steps.list-changed.outputs.changed == 'true'
78 changes: 78 additions & 0 deletions .github/workflows/chart-publish.yaml
Original file line number Diff line number Diff line change
@@ -0,0 +1,78 @@
---
name: chart-publish
on:
push:
tags:
- v*.*.* # e.g. v2.0.0

env:
HELM_DOCS_VERSION: "1.11.0"

permissions: read-all

jobs:
publish:
permissions:
contents: write # for helm/chart-releaser-action to push chart release and create a release
packages: write # for helm/chart-releaser-action to push chart release and create a release
id-token: write # for helm/chart-releaser-action to push chart release and create a release
runs-on: ubuntu-latest
steps:
- name: Checkout
uses: actions/checkout@44c2b7a8a4ea60a981eaca3cf939b5f4305c123b # v4.1.5
with:
fetch-depth: 0

- name: Install Helm
uses: azure/setup-helm@5119fcb9089d432beecbf79bb2c7915207344b78 # v3.5

- name: Configure Git
run: |
git config user.name "$GITHUB_ACTOR"
git config user.email "[email protected]"
- name: install helm-docs
run: |
cd /tmp
wget https://github.com/norwoodj/helm-docs/releases/download/v${{env.HELM_DOCS_VERSION}}/helm-docs_${{env.HELM_DOCS_VERSION}}_Linux_x86_64.tar.gz
tar -xvf helm-docs_${{env.HELM_DOCS_VERSION}}_Linux_x86_64.tar.gz
sudo mv helm-docs /usr/local/sbin
- name: run helm-docs
run: |
helm-docs -t README.md.gotmpl -o README.md -b for-the-badge
- name: Login to GHCR
uses: docker/login-action@e92390c5fb421da1463c202d546fed0ec5c39f20 # v3.1.0
with:
registry: ghcr.io
username: ${ GITHUB_REPOSITORY_OWNER }
password: ${{ secrets.GITHUB_TOKEN }}

- name: Run Artifact Hub lint
run: |
curl -s https://api.github.com/repos/artifacthub/hub/releases/latest | grep -E 'browser_download_url' | grep linux_amd64.tar.gz\" | grep -Eo 'https://[^\"]*' | xargs wget -O - | tar -xz
./ah lint -p helm || exit 1
rm -f ./ah
- name: Run chart-releaser
uses: helm/chart-releaser-action@a917fd15b20e8b64b94d9158ad54cd6345335584 # v1.6.0
with:
config: "./.github/configs/cr.yaml"
charts_dir: "helm"
env:
CR_TOKEN: "${{ secrets.GITHUB_TOKEN }}"

- uses: sigstore/cosign-installer@59acb6260d9c0ba8f4a2f9d9b48431a222b68e20 # v3.5.0
- name: Push chart to GHCR
env:
COSIGN_EXPERIMENTAL: 1
run: |
shopt -s nullglob
for pkg in .cr-release-packages/*; do
if [ -z "${pkg:-}" ]; then
break
fi
helm push "${pkg}" oci://ghcr.io/pulumi/helm-charts |& tee .digest
cosign sign -y $(cat .digest | awk -F "[, ]+" '/Pushed/{print $NF}')
done
78 changes: 78 additions & 0 deletions .github/workflows/ci.yaml
Original file line number Diff line number Diff line change
@@ -0,0 +1,78 @@
name: build-binary
on:
push:
branches:
- 'main'
tags:
- '*'
pull_request:

permissions: read-all

jobs:
build:
runs-on: ubuntu-latest
steps:
- name: Checkout
uses: actions/checkout@d632683dd7b4114ad314bca15554477dd762a938 # v4.2.0
with:
fetch-depth: 0
- name: Set up Go
uses: actions/setup-go@0a12ed9d6a96ab950c8f026ed9f722fe0da7ef32 # v5.0.2
with:
go-version: 1.22.x
- uses: actions/cache@0c45773b623bea8c8e75f6c82b208c3cf94ea4f9 # v4.0.2
with:
path: |
~/.cache/go-build
~/go/pkg/mod
key: ${{ runner.os }}-go-${{ hashFiles('**/go.sum') }}
restore-keys: |
${{ runner.os }}-go-
- name: Tests the build
run: |
go build .
release:
permissions:
contents: write
id-token: write
packages: write
needs: build
runs-on: ubuntu-latest
if: success() && startsWith(github.ref, 'refs/tags/')
env:
DOCKER_CLI_EXPERIMENTAL: "enabled"
steps:
- name: Checkout
uses: actions/checkout@d632683dd7b4114ad314bca15554477dd762a938 # v4.2.0
with:
fetch-depth: 0
- name: Set up QEMU
uses: docker/setup-qemu-action@49b3bc8e6bdd4a60e6116a5414239cba5943d3cf # v3.2.0
- name: Docker Login
uses: docker/login-action@9780b0c442fbb1117ed29e0efdff1e18412f7567 # v3.3.0
with:
registry: ghcr.io
username: ${{ github.repository_owner }}
password: ${{ secrets.GITHUB_TOKEN }}
- name: Set up Go
uses: actions/setup-go@0a12ed9d6a96ab950c8f026ed9f722fe0da7ef32 # v5.0.2
with:
go-version: 1.22.x
- uses: actions/cache@0c45773b623bea8c8e75f6c82b208c3cf94ea4f9 # v4.0.2
with:
path: |
~/.cache/go-build
~/go/pkg/mod
key: ${{ runner.os }}-go-${{ hashFiles('**/go.sum') }}
restore-keys: |
${{ runner.os }}-go-
- uses: sigstore/cosign-installer@4959ce089c160fddf62f7b42464195ba1a56d382 # v3.6.0
- uses: anchore/sbom-action/download-syft@61119d458adab75f756bc0b9e4bde25725f86a7a # v0.17.2
- name: Run GoReleaser
uses: goreleaser/goreleaser-action@286f3b13b1b49da4ac219696163fb8c1c93e1200 # v6.0.0
with:
version: latest
args: release --clean
env:
GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
3 changes: 3 additions & 0 deletions .gitignore
Original file line number Diff line number Diff line change
@@ -0,0 +1,3 @@
**/dist
.idea
pulumi-esc-csi-provider
Loading

0 comments on commit a0baa28

Please sign in to comment.