From 37fed327a0e97975b48c8cf6b146cff9a55d814c Mon Sep 17 00:00:00 2001 From: Steven Pall Date: Wed, 11 Mar 2020 15:24:40 -0700 Subject: [PATCH 01/33] If chart and release git repo are the same, attempt to checkout the branch being tested --- src/hrval.sh | 24 ++++++++++++++++-------- 1 file changed, 16 insertions(+), 8 deletions(-) diff --git a/src/hrval.sh b/src/hrval.sh index caad4c0..eece562 100755 --- a/src/hrval.sh +++ b/src/hrval.sh @@ -35,21 +35,29 @@ function download { function clone { ORIGIN=$(git rev-parse --show-toplevel) - GIT_REPO=$(yq r ${1} spec.chart.git) + CHART_GIT_REPO=$(yq r ${1} spec.chart.git) + RELEASE_GIT_REPO=$(git remote get-url origin) + CHART_BASE_URL=$(echo "${CHART_GIT_REPO}" | sed -e 's/ssh:\/\///' -e 's/http:\/\///' -e 's/https:\/\///' -e 's/git@//' -e 's/:/\//') + RELEASE_BASE_URL=$(echo "${RELEASE_GIT_REPO}" | sed -e 's/ssh:\/\///' -e 's/http:\/\///' -e 's/https:\/\///' -e 's/git@//' -e 's/:/\//') if [[ -n "${GITHUB_TOKEN}" ]]; then - BASE_URL=$(echo "${GIT_REPO}" | sed -e 's/ssh:\/\///' -e 's/git@//' -e 's/:/\//') - GIT_REPO="https://${GITHUB_TOKEN}:x-oauth-basic@${BASE_URL}" + CHART_GIT_REPO="https://${GITHUB_TOKEN}:x-oauth-basic@${CHART_BASE_URL}" elif [[ -n "${GITLAB_CI_TOKEN}" ]]; then - BASE_URL=$(echo "${GIT_REPO}" | sed -e 's/ssh:\/\///' -e 's/git@//' -e 's/:/\//') - GIT_REPO="https://gitlab-ci-token:${GITLAB_CI_TOKEN}@${BASE_URL}" + CHART_GIT_REPO="https://gitlab-ci-token:${GITLAB_CI_TOKEN}@${CHART_BASE_URL}" fi - GIT_REF=$(yq r ${1} spec.chart.ref) + CHART_GIT_REF=$(yq r ${1} spec.chart.ref) + RELEASE_GIT_REF=$(git rev-parse --abbrev-ref HEAD) CHART_PATH=$(yq r ${1} spec.chart.path) cd ${2} git init -q - git remote add origin ${GIT_REPO} + git remote add origin ${CHART_GIT_REPO} git fetch -q origin - git checkout -q ${GIT_REF} + if [[ "${CHART_BASE_URL}" == "${RELEASE_BASE_URL}" ]]; then + git checkout -q ${RELEASE_GIT_REF} + echo "Checkout ${RELEASE_GIT_REF}" + else + git checkout -q ${CHART_GIT_REF} + echo "Checkout ${CHART_GIT_REF}" + fi cd ${ORIGIN} echo ${2}/${CHART_PATH} } From 7df9de13ca5982f77681cdde31486157c3252319 Mon Sep 17 00:00:00 2001 From: Maksym Kulish Date: Fri, 22 May 2020 00:57:23 +0300 Subject: [PATCH 02/33] Use helmv3 to download dependency charts --- src/hrval.sh | 11 +++++++++-- 1 file changed, 9 insertions(+), 2 deletions(-) diff --git a/src/hrval.sh b/src/hrval.sh index f522ce0..2468eac 100755 --- a/src/hrval.sh +++ b/src/hrval.sh @@ -28,8 +28,15 @@ function download { CHART_NAME=$(yq r ${1} spec.chart.name) CHART_VERSION=$(yq r ${1} spec.chart.version) CHART_DIR=${2}/${CHART_NAME} - helm repo add ${CHART_NAME} ${CHART_REPO} - helm fetch --version ${CHART_VERSION} --untar ${CHART_NAME}/${CHART_NAME} --untardir ${2} + + if [[ ${HELM_VER} == "v3" ]]; then + helmv3 repo add ${CHART_NAME} ${CHART_REPO} + helmv3 fetch --version ${CHART_VERSION} --untar ${CHART_NAME}/${CHART_NAME} --untardir ${2} + else + helm repo add ${CHART_NAME} ${CHART_REPO} + helm fetch --version ${CHART_VERSION} --untar ${CHART_NAME}/${CHART_NAME} --untardir ${2} + fi + echo ${CHART_DIR} } From 4b48026a3e29e6820a7714db79fe91301bd3c401 Mon Sep 17 00:00:00 2001 From: Maksym Kulish Date: Fri, 22 May 2020 01:08:58 +0300 Subject: [PATCH 03/33] Install ssh in docker --- Dockerfile | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/Dockerfile b/Dockerfile index c39c7f3..9074084 100644 --- a/Dockerfile +++ b/Dockerfile @@ -1,6 +1,6 @@ FROM garethr/kubeval:latest -RUN apk --no-cache add curl bash git +RUN apk --no-cache add curl bash git openssh-client COPY LICENSE README.md / From e575bd6444624fc6042063034f866cd961de3ebc Mon Sep 17 00:00:00 2001 From: Maksym Kulish Date: Wed, 3 Jun 2020 00:49:57 +0300 Subject: [PATCH 04/33] Add HRVAL_HEAD_BRANCH and HRVAL_BASE_BRANCH - environment variables based support for detecting helm releases where chart source is located in a head repository, and cloning right helm chart version from a head source --- src/hrval.sh | 47 ++++++++++++++++++++++++++++++----------------- 1 file changed, 30 insertions(+), 17 deletions(-) diff --git a/src/hrval.sh b/src/hrval.sh index d7b5d04..1472095 100755 --- a/src/hrval.sh +++ b/src/hrval.sh @@ -40,33 +40,46 @@ function download { echo ${CHART_DIR} } + +function fetch { + cd ${1} + git init -q + git remote add origin ${3} + git fetch -q origin + git checkout -q ${4} + cd ${5} + echo ${2} +} + + function clone { ORIGIN=$(git rev-parse --show-toplevel) CHART_GIT_REPO=$(yq r ${1} spec.chart.git) RELEASE_GIT_REPO=$(git remote get-url origin) - CHART_BASE_URL=$(echo "${CHART_GIT_REPO}" | sed -e 's/ssh:\/\///' -e 's/http:\/\///' -e 's/https:\/\///' -e 's/git@//' -e 's/:/\//') - RELEASE_BASE_URL=$(echo "${RELEASE_GIT_REPO}" | sed -e 's/ssh:\/\///' -e 's/http:\/\///' -e 's/https:\/\///' -e 's/git@//' -e 's/:/\//') + + CHART_BASE_URL=$(basename $(echo "${CHART_GIT_REPO}" | sed -e 's/ssh:\/\///' -e 's/http:\/\///' -e 's/https:\/\///' -e 's/git@//' -e 's/:/\//') .git ) + RELEASE_BASE_URL=$(basename $(echo "${RELEASE_GIT_REPO}" | sed -e 's/ssh:\/\///' -e 's/http:\/\///' -e 's/https:\/\///' -e 's/git@//' -e 's/:/\//') .git ) + if [[ -n "${GITHUB_TOKEN}" ]]; then CHART_GIT_REPO="https://${GITHUB_TOKEN}:x-oauth-basic@${CHART_BASE_URL}" elif [[ -n "${GITLAB_CI_TOKEN}" ]]; then CHART_GIT_REPO="https://gitlab-ci-token:${GITLAB_CI_TOKEN}@${CHART_BASE_URL}" fi - CHART_GIT_REF=$(yq r ${1} spec.chart.ref) - RELEASE_GIT_REF=$(git rev-parse --abbrev-ref HEAD) + + GIT_REF=$(yq r ${1} spec.chart.ref) CHART_PATH=$(yq r ${1} spec.chart.path) - cd ${2} - git init -q - git remote add origin ${CHART_GIT_REPO} - git fetch -q origin - if [[ "${CHART_BASE_URL}" == "${RELEASE_BASE_URL}" ]]; then - git checkout -q ${RELEASE_GIT_REF} - echo "Checkout ${RELEASE_GIT_REF}" + + if [ ! -z ${3} ]; then + if [[ "${CHART_BASE_URL}" == "${RELEASE_BASE_URL}" ]] && [[ ${GIT_REF} == "${4}" ]]; then + # Clone from the head repository branch/ref + fetch ${2} ${2}/${CHART_PATH} ${RELEASE_GIT_REPO} ${3} ${ORIGIN} + else + # Regular clone + fetch ${2} ${2}/${CHART_PATH} ${CHART_GIT_REPO} ${GIT_REF} ${ORIGIN} + fi else - git checkout -q ${CHART_GIT_REF} - echo "Checkout ${CHART_GIT_REF}" + fetch ${2} ${2}/${CHART_PATH} ${CHART_GIT_REPO} ${GIT_REF} ${ORIGIN} fi - cd ${ORIGIN} - echo ${2}/${CHART_PATH} } function validate { @@ -80,10 +93,10 @@ function validate { if [[ -z "${CHART_PATH}" ]]; then echo "Downloading to ${TMPDIR}" - CHART_DIR=$(download ${HELM_RELEASE} ${TMPDIR}| tail -n1) + CHART_DIR=$(download ${HELM_RELEASE} ${TMPDIR} ${HELM_VER}| tail -n1) else echo "Cloning to ${TMPDIR}" - CHART_DIR=$(clone ${HELM_RELEASE} ${TMPDIR}| tail -n1) + CHART_DIR=$(clone ${HELM_RELEASE} ${TMPDIR} ${HRVAL_HEAD_BRANCH} ${HRVAL_BASE_BRANCH} | tail -n1) fi HELM_RELEASE_NAME=$(yq r ${HELM_RELEASE} metadata.name) From d770d370004a8b212dcf75f1861967ed4956ce0f Mon Sep 17 00:00:00 2001 From: Maksym Kulish Date: Tue, 9 Jun 2020 01:15:18 +0300 Subject: [PATCH 05/33] Add documentation for HRVAL_*_BRANCH env vars --- README.md | 37 ++++++++++++++++++++++++++++++++----- 1 file changed, 32 insertions(+), 5 deletions(-) diff --git a/README.md b/README.md index 1c1ff25..e821bd0 100644 --- a/README.md +++ b/README.md @@ -30,17 +30,17 @@ jobs: steps: - uses: actions/checkout@v1 - name: Validate Helm Releases in test dir - uses: stefanprodan/hrval-action@v3.1.0 + uses: stefanprodan/hrval-action@v3.2.0 with: helmRelease: test/ - name: Validate Helm Release from Helm Repo - uses: stefanprodan/hrval-action@v3.1.0 + uses: stefanprodan/hrval-action@v3.2.0 with: helmRelease: test/flagger.yaml helmVersion: v2 kubernetesVersion: 1.17.0 - name: Validate Helm Release from Git Repo - uses: stefanprodan/hrval-action@v3.1.0 + uses: stefanprodan/hrval-action@v3.2.0 with: helmRelease: test/podinfo.yaml helmVersion: v3 @@ -89,7 +89,7 @@ jobs: steps: - uses: actions/checkout@v1 - name: Validate Helm Releases in test dir - uses: stefanprodan/hrval-action@v3.1.0 + uses: stefanprodan/hrval-action@v3.2.0 with: helmRelease: test/ env: @@ -108,7 +108,7 @@ jobs: steps: - uses: actions/checkout@v1 - name: Validate Helm Releases in test dir - uses: stefanprodan/hrval-action@v3.1.0 + uses: stefanprodan/hrval-action@v3.2.0 with: helmRelease: test/ awsS3Repo: true @@ -124,6 +124,33 @@ jobs: Gitlab CI Token is also possible using `GITLAB_CI_TOKEN`. +## Usage with pull requests containing changes of Helm chart source located in base repository branch + +If a base repository branch of pull request is referenced in helm release, +you need to pass `HRVAL_BASE_BRANCH` and `HRVAL_HEAD_BRANCH` environment variables +to an action to make sure it will check out amended version of the chart +from a head repository branch. + + +```yaml +name: CI + +on: [pull_request] + +jobs: + hrval: + runs-on: ubuntu-latest + steps: + - uses: actions/checkout@v1 + - name: Validate Helm Releases in test dir + uses: stefanprodan/hrval-action@v3.2.0 + with: + helmRelease: test/ + env: + HRVAL_BASE_BRANCH: ${{ github.base_ref }} + HRVAL_HEAD_BRANCH: ${{ github.head_ref }} +``` + ## CI alternatives The validation scripts can be used in any CI system. From 6b5b925624e67984ac7830458c6abe06cd12fd2f Mon Sep 17 00:00:00 2001 From: Steven Wade Date: Fri, 12 Jun 2020 11:52:19 +0100 Subject: [PATCH 06/33] Setting repo name to be the md5sum of the registry This has increased our build time and also hrval consistency. --- src/hrval.sh | 12 ++++++++---- 1 file changed, 8 insertions(+), 4 deletions(-) diff --git a/src/hrval.sh b/src/hrval.sh index 1472095..8242622 100755 --- a/src/hrval.sh +++ b/src/hrval.sh @@ -28,13 +28,17 @@ function download { CHART_NAME=$(yq r ${1} spec.chart.name) CHART_VERSION=$(yq r ${1} spec.chart.version) CHART_DIR=${2}/${CHART_NAME} + + CHART_REPO_MD5=`/bin/echo $CHART_REPO | /usr/bin/md5sum | cut -f1 -d" "` if [[ ${HELM_VER} == "v3" ]]; then - helmv3 repo add ${CHART_NAME} ${CHART_REPO} - helmv3 fetch --version ${CHART_VERSION} --untar ${CHART_NAME}/${CHART_NAME} --untardir ${2} + helmv3 repo add ${CHART_REPO_MD5} ${CHART_REPO} + helm3 repo update + helmv3 fetch --version ${CHART_VERSION} --untar ${CHART_REPO_MD5}/${CHART_NAME} --untardir ${2} else - helm repo add ${CHART_NAME} ${CHART_REPO} - helm fetch --version ${CHART_VERSION} --untar ${CHART_NAME}/${CHART_NAME} --untardir ${2} + helm repo add ${CHART_REPO_MD5} ${CHART_REPO} + helm repo update + helm fetch --version ${CHART_VERSION} --untar ${CHART_REPO_MD5}/${CHART_NAME} --untardir ${2} fi echo ${CHART_DIR} From 67cad7733ea22978a11b51142f4395e9b1da2fe9 Mon Sep 17 00:00:00 2001 From: Harry Gogonis Date: Mon, 15 Jun 2020 14:11:50 -0400 Subject: [PATCH 07/33] fix helmv3 typo --- src/hrval.sh | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/src/hrval.sh b/src/hrval.sh index 8242622..08b1f20 100755 --- a/src/hrval.sh +++ b/src/hrval.sh @@ -28,12 +28,12 @@ function download { CHART_NAME=$(yq r ${1} spec.chart.name) CHART_VERSION=$(yq r ${1} spec.chart.version) CHART_DIR=${2}/${CHART_NAME} - + CHART_REPO_MD5=`/bin/echo $CHART_REPO | /usr/bin/md5sum | cut -f1 -d" "` if [[ ${HELM_VER} == "v3" ]]; then helmv3 repo add ${CHART_REPO_MD5} ${CHART_REPO} - helm3 repo update + helmv3 repo update helmv3 fetch --version ${CHART_VERSION} --untar ${CHART_REPO_MD5}/${CHART_NAME} --untardir ${2} else helm repo add ${CHART_REPO_MD5} ${CHART_REPO} From 5e27efb2300ef6d7e9088dbac57d740e5a1935a2 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Christian=20Ho=CC=88ltje?= Date: Thu, 24 Sep 2020 14:28:00 -0400 Subject: [PATCH 08/33] fix: strip .git off url properly `basename` is too aggressive and removes the hostname and path. --- src/hrval.sh | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/src/hrval.sh b/src/hrval.sh index 08b1f20..7338b49 100755 --- a/src/hrval.sh +++ b/src/hrval.sh @@ -61,8 +61,8 @@ function clone { CHART_GIT_REPO=$(yq r ${1} spec.chart.git) RELEASE_GIT_REPO=$(git remote get-url origin) - CHART_BASE_URL=$(basename $(echo "${CHART_GIT_REPO}" | sed -e 's/ssh:\/\///' -e 's/http:\/\///' -e 's/https:\/\///' -e 's/git@//' -e 's/:/\//') .git ) - RELEASE_BASE_URL=$(basename $(echo "${RELEASE_GIT_REPO}" | sed -e 's/ssh:\/\///' -e 's/http:\/\///' -e 's/https:\/\///' -e 's/git@//' -e 's/:/\//') .git ) + CHART_BASE_URL=$(echo "${CHART_GIT_REPO}" | sed -e 's/ssh:\/\///' -e 's/http:\/\///' -e 's/https:\/\///' -e 's/git@//' -e 's/:/\//' -e 's/\.git$//') + RELEASE_BASE_URL=$(echo "${RELEASE_GIT_REPO}" | sed -e 's/ssh:\/\///' -e 's/http:\/\///' -e 's/https:\/\///' -e 's/git@//' -e 's/:/\//' -e 's/\.git$//') if [[ -n "${GITHUB_TOKEN}" ]]; then CHART_GIT_REPO="https://${GITHUB_TOKEN}:x-oauth-basic@${CHART_BASE_URL}" From 4c90f1480f66862d7ed55dc5c23292e9bfab0bed Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Christian=20Ho=CC=88ltje?= Date: Thu, 24 Sep 2020 14:37:23 -0400 Subject: [PATCH 09/33] ci: add linting just to sanity check everything This uses super linter. See https://github.com/github/super-linter#readme --- .github/workflows/linter.yml | 52 ++++++++++++++++++++++++++++++++++++ README.md | 1 + 2 files changed, 53 insertions(+) create mode 100644 .github/workflows/linter.yml diff --git a/.github/workflows/linter.yml b/.github/workflows/linter.yml new file mode 100644 index 0000000..fdcf412 --- /dev/null +++ b/.github/workflows/linter.yml @@ -0,0 +1,52 @@ +--- +########################### +########################### +## Linter GitHub Actions ## +########################### +########################### +name: Lint Code Base + +# +# Documentation: +# https://help.github.com/en/articles/workflow-syntax-for-github-actions +# + +############################# +# Start the job on all push # +############################# +on: + push: + branches-ignore: [master] + # Remove the line above to run when pushing to master + pull_request: + branches: [master] + +############### +# Set the Job # +############### +jobs: + build: + # Name the Job + name: Lint Code Base + # Set the agent to run on + runs-on: ubuntu-latest + + ################## + # Load all steps # + ################## + steps: + ########################## + # Checkout the code base # + ########################## + - name: Checkout Code + uses: actions/checkout@v2 + + ################################ + # Run Linter against code base # + ################################ + - name: Lint Code Base + uses: github/super-linter@v3 + env: + VALIDATE_ALL_CODEBASE: false + DEFAULT_BRANCH: master + GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} diff --git a/README.md b/README.md index e821bd0..f195292 100644 --- a/README.md +++ b/README.md @@ -2,6 +2,7 @@ ![CI](https://github.com/stefanprodan/hrval-action/workflows/CI/badge.svg) [![Docker](https://img.shields.io/badge/Docker%20Hub-stefanprodan%2Fhrval-blue)](https://hub.docker.com/r/stefanprodan/hrval) +[![GitHub Super-Linter](https://github.com/stefanprodan/hrval-action/workflows/Lint%20Code%20Base/badge.svg)](https://github.com/marketplace/actions/super-linter) This GitHub action validates a Flux [Helm Release](https://docs.fluxcd.io/projects/helm-operator/en/latest/references/helmrelease-custom-resource.html) From ab04ef86cf5a65bed606507c477d1fbe44b10c3c Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Christian=20Ho=CC=88ltje?= Date: Thu, 24 Sep 2020 14:44:52 -0400 Subject: [PATCH 10/33] readme: remove trailing spaces --- README.md | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/README.md b/README.md index f195292..4098710 100644 --- a/README.md +++ b/README.md @@ -4,7 +4,7 @@ [![Docker](https://img.shields.io/badge/Docker%20Hub-stefanprodan%2Fhrval-blue)](https://hub.docker.com/r/stefanprodan/hrval) [![GitHub Super-Linter](https://github.com/stefanprodan/hrval-action/workflows/Lint%20Code%20Base/badge.svg)](https://github.com/marketplace/actions/super-linter) -This GitHub action validates a Flux +This GitHub action validates a Flux [Helm Release](https://docs.fluxcd.io/projects/helm-operator/en/latest/references/helmrelease-custom-resource.html) Kubernetes custom resources with [kubeval](https://github.com/instrumenta/kubeval). @@ -154,7 +154,7 @@ jobs: ## CI alternatives -The validation scripts can be used in any CI system. +The validation scripts can be used in any CI system. CircleCI example: From 4c30d87d930eb0cd06eac07b0bf27f357c1fb126 Mon Sep 17 00:00:00 2001 From: Maksym Kulish Date: Wed, 7 Oct 2020 18:48:21 +0300 Subject: [PATCH 11/33] Add source caching support --- README.md | 27 +++++++++++++++++ action.yml | 4 +++ src/hrval-all.sh | 11 +++++-- src/hrval.sh | 79 ++++++++++++++++++++++++++++++++++++++++++------ 4 files changed, 109 insertions(+), 12 deletions(-) diff --git a/README.md b/README.md index 4098710..911c28a 100644 --- a/README.md +++ b/README.md @@ -152,6 +152,33 @@ jobs: HRVAL_HEAD_BRANCH: ${{ github.head_ref }} ``` +## Usage with Helm source caching enabled + +Sometimes single Helm release might be referenced multiple times in a single Flux repository, +for example if staging branch of Helm chart repository is used as a release ref across all staging releases. +A property named `helmSourcesCacheEnabled` enables caching for such releases, +so a single Helm repository chafrt version or Git repository ref +will be retrieved only once, and cached version will be used for validation of another releases which reuse same sources. + + +```yaml +name: CI + +on: [pull_request] + +jobs: + hrval: + runs-on: ubuntu-latest + steps: + - uses: actions/checkout@v1 + - name: Validate Helm Releases in test dir + uses: stefanprodan/hrval-action@v3.2.0 + with: + helmRelease: test/ + helmSourcesCacheEnabled: true +``` + + ## CI alternatives The validation scripts can be used in any CI system. diff --git a/action.yml b/action.yml index 6867f8d..0b3693a 100644 --- a/action.yml +++ b/action.yml @@ -26,6 +26,9 @@ inputs: awsS3Plugin: description: '(Optional) AWS S3 Plugin to be used in the helm plugin install command' default: '' + helmSourcesCacheEnabled: + description: '(Optional) Enabled Helm source caching, so same release or ref will not be downloaded twice.' + default: 'false' outputs: numFilesTested: description: The number of HelmRelease files which were tested @@ -41,3 +44,4 @@ runs: - ${{ inputs.awsS3Repo }} - ${{ inputs.awsS3RepoName }} - ${{ inputs.awsS3RepoPlugin }} + - ${{ inputs.helmSourcesCacheEnabled }} diff --git a/src/hrval-all.sh b/src/hrval-all.sh index b5977b3..54db232 100755 --- a/src/hrval-all.sh +++ b/src/hrval-all.sh @@ -10,6 +10,13 @@ HRVAL="$( cd "$( dirname "${BASH_SOURCE[0]}" )" >/dev/null 2>&1 && pwd )/hrval.s AWS_S3_REPO=${5-false} AWS_S3_REPO_NAME=${6-""} AWS_S3_PLUGIN={$7-""} +HELM_SOURCES_CACHE_ENABLED=${8-""} + +if [ "${HELM_SOURCES_CACHE_ENABLED}" == "true" ]; then + CACHEDIR=$(mktemp -d) +else + CACHEDIR="" +fi if [[ ${HELM_VER} == "v2" ]]; then helm init --client-only @@ -23,7 +30,7 @@ fi # If the path provided is actually a file, just run hrval against this one file if test -f "${DIR}"; then - ${HRVAL} ${DIR} ${IGNORE_VALUES} ${KUBE_VER} ${HELM_VER} + ${HRVAL} ${DIR} ${IGNORE_VALUES} ${KUBE_VER} ${HELM_VER} ${CACHEDIR} exit 0 fi @@ -47,7 +54,7 @@ DIR_PATH=$(echo ${DIR} | sed "s/^\///;s/\/$//") FILES_TESTED=0 for f in `find ${DIR} -type f -name '*.yaml' -or -name '*.yml'`; do if [[ $(isHelmRelease ${f}) == "true" ]]; then - ${HRVAL} ${f} ${IGNORE_VALUES} ${KUBE_VER} ${HELM_VER} + ${HRVAL} ${f} ${IGNORE_VALUES} ${KUBE_VER} ${HELM_VER} ${CACHEDIR} FILES_TESTED=$(( FILES_TESTED+1 )) else echo "Ignoring ${f} not a HelmRelease" diff --git a/src/hrval.sh b/src/hrval.sh index 7338b49..d098c3e 100755 --- a/src/hrval.sh +++ b/src/hrval.sh @@ -6,6 +6,7 @@ HELM_RELEASE=${1} IGNORE_VALUES=${2} KUBE_VER=${3-master} HELM_VER=${4-v2} +CACHEDIR=${5-""} if test ! -f "${HELM_RELEASE}"; then echo "\"${HELM_RELEASE}\" Helm release file not found!" @@ -23,6 +24,7 @@ function isHelmRelease { fi } + function download { CHART_REPO=$(yq r ${1} spec.chart.repository) CHART_NAME=$(yq r ${1} spec.chart.name) @@ -86,22 +88,79 @@ function clone { fi } + +function retrieve_sources { + HELM_RELEASE=${1} + TMPDIR=${2} + + CHART_PATH=$(yq r ${HELM_RELEASE} spec.chart.path) + + if [[ -z "${CACHEDIR}" ]]; then + + # Retrieve files directly into tempdir + if [[ -z "${CHART_PATH}" ]]; then + >&2 echo "Downloading to ${TMPDIR}" + CHART_DIR=$(download ${HELM_RELEASE} ${TMPDIR} ${HELM_VER}| tail -n1) + else + >&2 echo "Cloning to ${TMPDIR}" + CHART_DIR=$(clone ${HELM_RELEASE} ${TMPDIR} ${HRVAL_HEAD_BRANCH} ${HRVAL_BASE_BRANCH} | tail -n1) + fi + + else + # Retrieve existing resource from cache directory, or use new if it exists. + + if [[ -z "${CHART_PATH}" ]]; then + # Caches releases from Helm repos + + CHART_REPO=$(yq r ${HELM_RELEASE} spec.chart.repository) + CHART_REPO_MD5=`/bin/echo $CHART_REPO | /usr/bin/md5sum | cut -f1 -d" "` + CHART_NAME=$(yq r ${HELM_RELEASE} spec.chart.name) + CHART_VERSION=$(yq r ${HELM_RELEASE} spec.chart.version) + CHART_LOCAL_PATH=${CACHEDIR}/${CHART_REPO_MD5}/${CHART_NAME}/${CHART_VERSION} + + if [[ ! -d ${CHART_LOCAL_PATH} ]]; then + mkdir -p ${CHART_LOCAL_PATH} + >&2 echo "Downloading to ${CHART_LOCAL_PATH}" + CHART_DIR=$(download ${HELM_RELEASE} ${CHART_LOCAL_PATH} ${HELM_VER}| tail -n1) + else + >&2 echo "Using cached sources from ${CHART_LOCAL_PATH}" + CHART_DIR=${CHART_LOCAL_PATH}/${CHART_NAME} + fi + + else + # Caches releases from Git repos + + CHART_GIT_REPO=$(yq r ${1} spec.chart.git) + CHART_PATH=$(yq r ${1} spec.chart.path) + GIT_REF=$(yq r ${1} spec.chart.ref) + + CHART_LOCAL_PATH=${CACHEDIR}/${CHART_GIT_REPO}/${GIT_REF} + + if [[ ! -d ${CHART_LOCAL_PATH} ]]; then + mkdir -p ${CHART_LOCAL_PATH} + >&2 echo "Cloning to ${CHART_LOCAL_PATH}" + CHART_DIR=$(clone ${HELM_RELEASE} ${CHART_LOCAL_PATH} ${HRVAL_HEAD_BRANCH} ${HRVAL_BASE_BRANCH} | tail -n1) + else + >&2 echo "Using cached sources from ${CHART_LOCAL_PATH}" + CHART_DIR=${CHART_LOCAL_PATH}/${CHART_PATH} + fi + + fi + + fi + + echo ${CHART_DIR} +} + + function validate { if [[ $(isHelmRelease ${HELM_RELEASE}) == "false" ]]; then echo "\"${HELM_RELEASE}\" is not of kind HelmRelease!" exit 1 fi - TMPDIR=$(mktemp -d) - CHART_PATH=$(yq r ${HELM_RELEASE} spec.chart.path) - - if [[ -z "${CHART_PATH}" ]]; then - echo "Downloading to ${TMPDIR}" - CHART_DIR=$(download ${HELM_RELEASE} ${TMPDIR} ${HELM_VER}| tail -n1) - else - echo "Cloning to ${TMPDIR}" - CHART_DIR=$(clone ${HELM_RELEASE} ${TMPDIR} ${HRVAL_HEAD_BRANCH} ${HRVAL_BASE_BRANCH} | tail -n1) - fi + TMPDIR="$(mktemp -d)" + CHART_DIR=$(retrieve_sources ${HELM_RELEASE} ${TMPDIR}) HELM_RELEASE_NAME=$(yq r ${HELM_RELEASE} metadata.name) HELM_RELEASE_NAMESPACE=$(yq r ${HELM_RELEASE} metadata.namespace) From 882c71a8550dcdbf2507c1c0dd0b880aa69ed97c Mon Sep 17 00:00:00 2001 From: Maksym Kulish Date: Wed, 7 Oct 2020 19:20:51 +0300 Subject: [PATCH 12/33] Allow passing CACHEDIR via env vars --- src/hrval-all.sh | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/src/hrval-all.sh b/src/hrval-all.sh index 54db232..925af13 100755 --- a/src/hrval-all.sh +++ b/src/hrval-all.sh @@ -15,7 +15,7 @@ HELM_SOURCES_CACHE_ENABLED=${8-""} if [ "${HELM_SOURCES_CACHE_ENABLED}" == "true" ]; then CACHEDIR=$(mktemp -d) else - CACHEDIR="" + CACHEDIR="${CACHEDIR}" fi if [[ ${HELM_VER} == "v2" ]]; then From e7f760b90bc25b485b204dca5f96505ca0384c75 Mon Sep 17 00:00:00 2001 From: Maksym Kulish Date: Thu, 8 Oct 2020 03:19:58 +0300 Subject: [PATCH 13/33] Fix chart dep build --- src/hrval.sh | 1 + 1 file changed, 1 insertion(+) diff --git a/src/hrval.sh b/src/hrval.sh index d098c3e..6dd013f 100755 --- a/src/hrval.sh +++ b/src/hrval.sh @@ -161,6 +161,7 @@ function validate { TMPDIR="$(mktemp -d)" CHART_DIR=$(retrieve_sources ${HELM_RELEASE} ${TMPDIR}) + CHART_PATH=$(yq r ${HELM_RELEASE} spec.chart.path) HELM_RELEASE_NAME=$(yq r ${HELM_RELEASE} metadata.name) HELM_RELEASE_NAMESPACE=$(yq r ${HELM_RELEASE} metadata.namespace) From 2d8390deb9841f30a6418b1005f5dfb4abb1752d Mon Sep 17 00:00:00 2001 From: Maksym Kulish Date: Thu, 8 Oct 2020 03:27:21 +0300 Subject: [PATCH 14/33] Fix lint errors in hrval-all.sh --- src/hrval-all.sh | 17 ++++++++--------- 1 file changed, 8 insertions(+), 9 deletions(-) diff --git a/src/hrval-all.sh b/src/hrval-all.sh index 925af13..b22cb79 100755 --- a/src/hrval-all.sh +++ b/src/hrval-all.sh @@ -9,7 +9,7 @@ HELM_VER=${4-v2} HRVAL="$( cd "$( dirname "${BASH_SOURCE[0]}" )" >/dev/null 2>&1 && pwd )/hrval.sh" AWS_S3_REPO=${5-false} AWS_S3_REPO_NAME=${6-""} -AWS_S3_PLUGIN={$7-""} +AWS_S3_PLUGIN="${7-""}" HELM_SOURCES_CACHE_ENABLED=${8-""} if [ "${HELM_SOURCES_CACHE_ENABLED}" == "true" ]; then @@ -23,14 +23,14 @@ if [[ ${HELM_VER} == "v2" ]]; then fi if [[ ${AWS_S3_REPO} == true ]]; then - helm plugin install ${AWS_S3_PLUGIN} - helm repo add ${AWS_S3_REPO_NAME} s3:/${AWS_S3_REPO_NAME}/charts + helm plugin install "${AWS_S3_PLUGIN}" + helm repo add "${AWS_S3_REPO_NAME}" "s3:/${AWS_S3_REPO_NAME}/charts" helm repo update fi # If the path provided is actually a file, just run hrval against this one file if test -f "${DIR}"; then - ${HRVAL} ${DIR} ${IGNORE_VALUES} ${KUBE_VER} ${HELM_VER} ${CACHEDIR} + ${HRVAL} "${DIR}" "${IGNORE_VALUES}" "${KUBE_VER}" "${HELM_VER}" "${CACHEDIR}" exit 0 fi @@ -41,7 +41,7 @@ if [ ! -d "$DIR" ]; then fi function isHelmRelease { - KIND=$(yq r ${1} kind) + KIND=$(yq r "${1}" kind) if [[ ${KIND} == "HelmRelease" ]]; then echo true else @@ -50,11 +50,10 @@ function isHelmRelease { } # Find yaml files in directory recursively -DIR_PATH=$(echo ${DIR} | sed "s/^\///;s/\/$//") FILES_TESTED=0 -for f in `find ${DIR} -type f -name '*.yaml' -or -name '*.yml'`; do - if [[ $(isHelmRelease ${f}) == "true" ]]; then - ${HRVAL} ${f} ${IGNORE_VALUES} ${KUBE_VER} ${HELM_VER} ${CACHEDIR} +for f in $(find "${DIR}" -type f -name '*.yaml' -or -name '*.yml'); do + if [[ $(isHelmRelease "${f}") == "true" ]]; then + ${HRVAL} "${f}" "${IGNORE_VALUES}" "${KUBE_VER}" "${HELM_VER}" "${CACHEDIR}" FILES_TESTED=$(( FILES_TESTED+1 )) else echo "Ignoring ${f} not a HelmRelease" From b1eddcf93f19f04d9ad3f65dfbff3d5c66bad6f8 Mon Sep 17 00:00:00 2001 From: Maksym Kulish Date: Thu, 8 Oct 2020 03:38:45 +0300 Subject: [PATCH 15/33] Fix lint errors in hrval.sh --- src/hrval.sh | 140 +++++++++++++++++++++++++-------------------------- 1 file changed, 70 insertions(+), 70 deletions(-) diff --git a/src/hrval.sh b/src/hrval.sh index 6dd013f..94b1481 100755 --- a/src/hrval.sh +++ b/src/hrval.sh @@ -2,11 +2,11 @@ set -o errexit -HELM_RELEASE=${1} -IGNORE_VALUES=${2} -KUBE_VER=${3-master} -HELM_VER=${4-v2} -CACHEDIR=${5-""} +HELM_RELEASE="${1}" +IGNORE_VALUES="${2}" +KUBE_VER="${3-master}" +HELM_VER="${4-v2}" +CACHEDIR="${5-""}" if test ! -f "${HELM_RELEASE}"; then echo "\"${HELM_RELEASE}\" Helm release file not found!" @@ -16,8 +16,8 @@ fi echo "Processing ${HELM_RELEASE}" function isHelmRelease { - KIND=$(yq r ${1} kind) - if [[ ${KIND} == "HelmRelease" ]]; then + KIND=$(yq r "${1}" kind) + if [[ "${KIND}" == "HelmRelease" ]]; then echo true else echo false @@ -26,41 +26,41 @@ function isHelmRelease { function download { - CHART_REPO=$(yq r ${1} spec.chart.repository) - CHART_NAME=$(yq r ${1} spec.chart.name) - CHART_VERSION=$(yq r ${1} spec.chart.version) + CHART_REPO="$(yq r "${1}" spec.chart.repository)" + CHART_NAME="$(yq r "${1}" spec.chart.name)" + CHART_VERSION="$(yq r "${1}" spec.chart.version)" CHART_DIR=${2}/${CHART_NAME} - CHART_REPO_MD5=`/bin/echo $CHART_REPO | /usr/bin/md5sum | cut -f1 -d" "` + CHART_REPO_MD5=$(/bin/echo "${CHART_REPO}" | /usr/bin/md5sum | cut -f1 -d" ") - if [[ ${HELM_VER} == "v3" ]]; then - helmv3 repo add ${CHART_REPO_MD5} ${CHART_REPO} + if [[ "${HELM_VER}" == "v3" ]]; then + helmv3 repo add "${CHART_REPO_MD5}" "${CHART_REPO}" helmv3 repo update - helmv3 fetch --version ${CHART_VERSION} --untar ${CHART_REPO_MD5}/${CHART_NAME} --untardir ${2} + helmv3 fetch --version "${CHART_VERSION}" --untar "${CHART_REPO_MD5}/${CHART_NAME}" --untardir "${2}" else - helm repo add ${CHART_REPO_MD5} ${CHART_REPO} + helm repo add "${CHART_REPO_MD5}" "${CHART_REPO}" helm repo update - helm fetch --version ${CHART_VERSION} --untar ${CHART_REPO_MD5}/${CHART_NAME} --untardir ${2} + helm fetch --version "${CHART_VERSION}" --untar "${CHART_REPO_MD5}/${CHART_NAME}" --untardir "${2}" fi - echo ${CHART_DIR} + echo "${CHART_DIR}" } function fetch { - cd ${1} + cd "${1}" git init -q - git remote add origin ${3} + git remote add origin "${3}" git fetch -q origin - git checkout -q ${4} - cd ${5} - echo ${2} + git checkout -q "${4}" + cd "${5}" + echo "${2}" } function clone { ORIGIN=$(git rev-parse --show-toplevel) - CHART_GIT_REPO=$(yq r ${1} spec.chart.git) + CHART_GIT_REPO=$(yq r "${1}" spec.chart.git) RELEASE_GIT_REPO=$(git remote get-url origin) CHART_BASE_URL=$(echo "${CHART_GIT_REPO}" | sed -e 's/ssh:\/\///' -e 's/http:\/\///' -e 's/https:\/\///' -e 's/git@//' -e 's/:/\//' -e 's/\.git$//') @@ -72,38 +72,38 @@ function clone { CHART_GIT_REPO="https://gitlab-ci-token:${GITLAB_CI_TOKEN}@${CHART_BASE_URL}" fi - GIT_REF=$(yq r ${1} spec.chart.ref) - CHART_PATH=$(yq r ${1} spec.chart.path) + GIT_REF=$(yq r "${1}" spec.chart.ref) + CHART_PATH=$(yq r "${1}" spec.chart.path) - if [ ! -z ${3} ]; then - if [[ "${CHART_BASE_URL}" == "${RELEASE_BASE_URL}" ]] && [[ ${GIT_REF} == "${4}" ]]; then + if [ -n "${3}" ]; then + if [[ "${CHART_BASE_URL}" == "${RELEASE_BASE_URL}" ]] && [[ "${GIT_REF}" == "${4}" ]]; then # Clone from the head repository branch/ref - fetch ${2} ${2}/${CHART_PATH} ${RELEASE_GIT_REPO} ${3} ${ORIGIN} + fetch "${2}" "${2}/${CHART_PATH}" "${RELEASE_GIT_REPO}" "${3}" "${ORIGIN}" else # Regular clone - fetch ${2} ${2}/${CHART_PATH} ${CHART_GIT_REPO} ${GIT_REF} ${ORIGIN} + fetch "${2}" "${2}/${CHART_PATH}" "${CHART_GIT_REPO}" "${GIT_REF}" "${ORIGIN}" fi else - fetch ${2} ${2}/${CHART_PATH} ${CHART_GIT_REPO} ${GIT_REF} ${ORIGIN} + fetch "${2}" "${2}/${CHART_PATH}" "${CHART_GIT_REPO}" "${GIT_REF}" "${ORIGIN}" fi } function retrieve_sources { - HELM_RELEASE=${1} - TMPDIR=${2} + HELM_RELEASE="${1}" + TMPDIR="${2}" - CHART_PATH=$(yq r ${HELM_RELEASE} spec.chart.path) + CHART_PATH=$(yq r "${HELM_RELEASE}" spec.chart.path) if [[ -z "${CACHEDIR}" ]]; then # Retrieve files directly into tempdir if [[ -z "${CHART_PATH}" ]]; then >&2 echo "Downloading to ${TMPDIR}" - CHART_DIR=$(download ${HELM_RELEASE} ${TMPDIR} ${HELM_VER}| tail -n1) + CHART_DIR=$(download "${HELM_RELEASE}" "${TMPDIR}" "${HELM_VER}" | tail -n1) else >&2 echo "Cloning to ${TMPDIR}" - CHART_DIR=$(clone ${HELM_RELEASE} ${TMPDIR} ${HRVAL_HEAD_BRANCH} ${HRVAL_BASE_BRANCH} | tail -n1) + CHART_DIR=$(clone "${HELM_RELEASE}" "${TMPDIR}" "${HRVAL_HEAD_BRANCH}" "${HRVAL_BASE_BRANCH}" | tail -n1) fi else @@ -112,89 +112,89 @@ function retrieve_sources { if [[ -z "${CHART_PATH}" ]]; then # Caches releases from Helm repos - CHART_REPO=$(yq r ${HELM_RELEASE} spec.chart.repository) - CHART_REPO_MD5=`/bin/echo $CHART_REPO | /usr/bin/md5sum | cut -f1 -d" "` - CHART_NAME=$(yq r ${HELM_RELEASE} spec.chart.name) - CHART_VERSION=$(yq r ${HELM_RELEASE} spec.chart.version) - CHART_LOCAL_PATH=${CACHEDIR}/${CHART_REPO_MD5}/${CHART_NAME}/${CHART_VERSION} + CHART_REPO=$(yq r "${HELM_RELEASE}" spec.chart.repository) + CHART_REPO_MD5=$(/bin/echo "${CHART_REPO}" | /usr/bin/md5sum | cut -f1 -d" ") + CHART_NAME=$(yq r "${HELM_RELEASE}" spec.chart.name) + CHART_VERSION=$(yq r "${HELM_RELEASE}" spec.chart.version) + CHART_LOCAL_PATH="${CACHEDIR}/${CHART_REPO_MD5}/${CHART_NAME}/${CHART_VERSION}" if [[ ! -d ${CHART_LOCAL_PATH} ]]; then - mkdir -p ${CHART_LOCAL_PATH} + mkdir -p "${CHART_LOCAL_PATH}" >&2 echo "Downloading to ${CHART_LOCAL_PATH}" - CHART_DIR=$(download ${HELM_RELEASE} ${CHART_LOCAL_PATH} ${HELM_VER}| tail -n1) + CHART_DIR=$(download "${HELM_RELEASE}" "${CHART_LOCAL_PATH}" "${HELM_VER}" | tail -n1) else >&2 echo "Using cached sources from ${CHART_LOCAL_PATH}" - CHART_DIR=${CHART_LOCAL_PATH}/${CHART_NAME} + CHART_DIR="${CHART_LOCAL_PATH}/${CHART_NAME}" fi else # Caches releases from Git repos - CHART_GIT_REPO=$(yq r ${1} spec.chart.git) - CHART_PATH=$(yq r ${1} spec.chart.path) - GIT_REF=$(yq r ${1} spec.chart.ref) + CHART_GIT_REPO=$(yq r "${1}" spec.chart.git) + CHART_PATH=$(yq r "${1}" spec.chart.path) + GIT_REF=$(yq r "${1}" spec.chart.ref) - CHART_LOCAL_PATH=${CACHEDIR}/${CHART_GIT_REPO}/${GIT_REF} + CHART_LOCAL_PATH="${CACHEDIR}/${CHART_GIT_REPO}/${GIT_REF}" - if [[ ! -d ${CHART_LOCAL_PATH} ]]; then - mkdir -p ${CHART_LOCAL_PATH} + if [[ ! -d "${CHART_LOCAL_PATH}" ]]; then + mkdir -p "${CHART_LOCAL_PATH}" >&2 echo "Cloning to ${CHART_LOCAL_PATH}" - CHART_DIR=$(clone ${HELM_RELEASE} ${CHART_LOCAL_PATH} ${HRVAL_HEAD_BRANCH} ${HRVAL_BASE_BRANCH} | tail -n1) + CHART_DIR=$(clone "${HELM_RELEASE}" "${CHART_LOCAL_PATH}" "${HRVAL_HEAD_BRANCH}" "${HRVAL_BASE_BRANCH}" | tail -n1) else >&2 echo "Using cached sources from ${CHART_LOCAL_PATH}" - CHART_DIR=${CHART_LOCAL_PATH}/${CHART_PATH} + CHART_DIR="${CHART_LOCAL_PATH}/${CHART_PATH}" fi fi fi - echo ${CHART_DIR} + echo "${CHART_DIR}" } function validate { - if [[ $(isHelmRelease ${HELM_RELEASE}) == "false" ]]; then + if [[ $(isHelmRelease "${HELM_RELEASE}") == "false" ]]; then echo "\"${HELM_RELEASE}\" is not of kind HelmRelease!" exit 1 fi TMPDIR="$(mktemp -d)" - CHART_DIR=$(retrieve_sources ${HELM_RELEASE} ${TMPDIR}) - CHART_PATH=$(yq r ${HELM_RELEASE} spec.chart.path) + CHART_DIR=$(retrieve_sources "${HELM_RELEASE}" "${TMPDIR}") + CHART_PATH=$(yq r "${HELM_RELEASE}" spec.chart.path) - HELM_RELEASE_NAME=$(yq r ${HELM_RELEASE} metadata.name) - HELM_RELEASE_NAMESPACE=$(yq r ${HELM_RELEASE} metadata.namespace) + HELM_RELEASE_NAME=$(yq r "${HELM_RELEASE}" metadata.name) + HELM_RELEASE_NAMESPACE=$(yq r "${HELM_RELEASE}" metadata.namespace) - if [[ ${IGNORE_VALUES} == "true" ]]; then + if [[ "${IGNORE_VALUES}" == "true" ]]; then echo "Ingnoring Helm release values" - echo "" > ${TMPDIR}/${HELM_RELEASE_NAME}.values.yaml + echo "" > "${TMPDIR}/${HELM_RELEASE_NAME}.values.yaml" else echo "Extracting values to ${TMPDIR}/${HELM_RELEASE_NAME}.values.yaml" - yq r ${HELM_RELEASE} spec.values > ${TMPDIR}/${HELM_RELEASE_NAME}.values.yaml + yq r "${HELM_RELEASE}" spec.values > "${TMPDIR}/${HELM_RELEASE_NAME}.values.yaml" fi echo "Writing Helm release to ${TMPDIR}/${HELM_RELEASE_NAME}.release.yaml" if [[ ${HELM_VER} == "v3" ]]; then if [[ "${CHART_PATH}" ]]; then - helmv3 dependency build ${CHART_DIR} + helmv3 dependency build "${CHART_DIR}" fi - helmv3 template ${HELM_RELEASE_NAME} ${CHART_DIR} \ - --namespace ${HELM_RELEASE_NAMESPACE} \ + helmv3 template "${HELM_RELEASE_NAME}" "${CHART_DIR}" \ + --namespace "${HELM_RELEASE_NAMESPACE}" \ --skip-crds=true \ - -f ${TMPDIR}/${HELM_RELEASE_NAME}.values.yaml > ${TMPDIR}/${HELM_RELEASE_NAME}.release.yaml + -f "${TMPDIR}/${HELM_RELEASE_NAME}.values.yaml" > "${TMPDIR}/${HELM_RELEASE_NAME}.release.yaml" else if [[ "${CHART_PATH}" ]]; then - helm dependency build ${CHART_DIR} + helm dependency build "${CHART_DIR}" fi - helm template ${CHART_DIR} \ - --name ${HELM_RELEASE_NAME} \ - --namespace ${HELM_RELEASE_NAMESPACE} \ - -f ${TMPDIR}/${HELM_RELEASE_NAME}.values.yaml > ${TMPDIR}/${HELM_RELEASE_NAME}.release.yaml + helm template "${CHART_DIR}" \ + --name "${HELM_RELEASE_NAME}" \ + --namespace "${HELM_RELEASE_NAMESPACE}" \ + -f "${TMPDIR}/${HELM_RELEASE_NAME}.values.yaml" > "${TMPDIR}/${HELM_RELEASE_NAME}.release.yaml" fi echo "Validating Helm release ${HELM_RELEASE_NAME}.${HELM_RELEASE_NAMESPACE} against Kubernetes ${KUBE_VER}" - kubeval --strict --ignore-missing-schemas --kubernetes-version ${KUBE_VER} ${TMPDIR}/${HELM_RELEASE_NAME}.release.yaml + kubeval --strict --ignore-missing-schemas --kubernetes-version "${KUBE_VER}" "${TMPDIR}/${HELM_RELEASE_NAME}.release.yaml" } validate From 747e505c2fe03707a1994a5cfd536bbe83fd3bf9 Mon Sep 17 00:00:00 2001 From: Maksym Kulish Date: Thu, 8 Oct 2020 04:10:34 +0300 Subject: [PATCH 16/33] Rewrite hrval-all for loop to satisfy linter --- src/hrval-all.sh | 7 ++++++- 1 file changed, 6 insertions(+), 1 deletion(-) diff --git a/src/hrval-all.sh b/src/hrval-all.sh index b22cb79..0e66a63 100755 --- a/src/hrval-all.sh +++ b/src/hrval-all.sh @@ -51,7 +51,12 @@ function isHelmRelease { # Find yaml files in directory recursively FILES_TESTED=0 -for f in $(find "${DIR}" -type f -name '*.yaml' -or -name '*.yml'); do +declare -a FOUND_FILES=() +while read -r file; do + FOUND_FILES+=( "$file" ) +done < <(find "${DIR}" -type f -name '*.yaml' -o -name '*.yml') + +for f in "${FOUND_FILES[@]}"; do if [[ $(isHelmRelease "${f}") == "true" ]]; then ${HRVAL} "${f}" "${IGNORE_VALUES}" "${KUBE_VER}" "${HELM_VER}" "${CACHEDIR}" FILES_TESTED=$(( FILES_TESTED+1 )) From fcddca64f10dc1d3f47a0b06f3557749a3782da6 Mon Sep 17 00:00:00 2001 From: Maksym Kulish Date: Thu, 8 Oct 2020 04:34:26 +0300 Subject: [PATCH 17/33] Pin base image to satisfy dockerfile linter --- Dockerfile | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/Dockerfile b/Dockerfile index 9074084..a414fa0 100644 --- a/Dockerfile +++ b/Dockerfile @@ -1,4 +1,4 @@ -FROM garethr/kubeval:latest +FROM garethr/kubeval:0.15.0 RUN apk --no-cache add curl bash git openssh-client From 2b169f47be9af05f124a91b1f6d3a2e6c61d36d9 Mon Sep 17 00:00:00 2001 From: Maksym Kulish Date: Thu, 8 Oct 2020 05:03:47 +0300 Subject: [PATCH 18/33] Pin versions in dockerfile to satisfy hadolint --- Dockerfile | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/Dockerfile b/Dockerfile index a414fa0..e9feb96 100644 --- a/Dockerfile +++ b/Dockerfile @@ -1,6 +1,6 @@ FROM garethr/kubeval:0.15.0 -RUN apk --no-cache add curl bash git openssh-client +RUN apk --no-cache add curl==7.67.0-r1 bash==5.0.11-r1 git==2.24.3-r0 openssh-client==8.1_p1-r0 COPY LICENSE README.md / From cadc14f7f66b34f5b9b888629942961cb356b5b2 Mon Sep 17 00:00:00 2001 From: mksh Date: Thu, 8 Oct 2020 05:26:21 +0300 Subject: [PATCH 19/33] Fix comment strings --- README.md | 2 +- src/hrval.sh | 3 ++- 2 files changed, 3 insertions(+), 2 deletions(-) diff --git a/README.md b/README.md index 911c28a..2c4972d 100644 --- a/README.md +++ b/README.md @@ -157,7 +157,7 @@ jobs: Sometimes single Helm release might be referenced multiple times in a single Flux repository, for example if staging branch of Helm chart repository is used as a release ref across all staging releases. A property named `helmSourcesCacheEnabled` enables caching for such releases, -so a single Helm repository chafrt version or Git repository ref +so a single Helm repository chart version or Git repository ref will be retrieved only once, and cached version will be used for validation of another releases which reuse same sources. diff --git a/src/hrval.sh b/src/hrval.sh index 94b1481..e529662 100755 --- a/src/hrval.sh +++ b/src/hrval.sh @@ -107,7 +107,8 @@ function retrieve_sources { fi else - # Retrieve existing resource from cache directory, or use new if it exists. + # Retrieve existing helm chart source from cache, + # or create new cache directory if it does not exist yet. if [[ -z "${CHART_PATH}" ]]; then # Caches releases from Helm repos From 2a44ee2f10df318c98fa6a646fde8e5ae1902017 Mon Sep 17 00:00:00 2001 From: Stefan Prodan Date: Thu, 8 Oct 2020 15:17:17 +0300 Subject: [PATCH 20/33] Use the latest version in docs --- README.md | 8 ++++---- 1 file changed, 4 insertions(+), 4 deletions(-) diff --git a/README.md b/README.md index 2c4972d..38b0196 100644 --- a/README.md +++ b/README.md @@ -31,17 +31,17 @@ jobs: steps: - uses: actions/checkout@v1 - name: Validate Helm Releases in test dir - uses: stefanprodan/hrval-action@v3.2.0 + uses: stefanprodan/hrval-action@master with: helmRelease: test/ - name: Validate Helm Release from Helm Repo - uses: stefanprodan/hrval-action@v3.2.0 + uses: stefanprodan/hrval-action@master with: helmRelease: test/flagger.yaml helmVersion: v2 kubernetesVersion: 1.17.0 - name: Validate Helm Release from Git Repo - uses: stefanprodan/hrval-action@v3.2.0 + uses: stefanprodan/hrval-action@master with: helmRelease: test/podinfo.yaml helmVersion: v3 @@ -90,7 +90,7 @@ jobs: steps: - uses: actions/checkout@v1 - name: Validate Helm Releases in test dir - uses: stefanprodan/hrval-action@v3.2.0 + uses: stefanprodan/hrval-action@master with: helmRelease: test/ env: From 3587ada129ddfc35316396fe68950db479ad5043 Mon Sep 17 00:00:00 2001 From: Stefan Prodan Date: Thu, 8 Oct 2020 15:19:00 +0300 Subject: [PATCH 21/33] Use latest image tag --- README.md | 8 ++++---- 1 file changed, 4 insertions(+), 4 deletions(-) diff --git a/README.md b/README.md index 38b0196..8c45129 100644 --- a/README.md +++ b/README.md @@ -109,7 +109,7 @@ jobs: steps: - uses: actions/checkout@v1 - name: Validate Helm Releases in test dir - uses: stefanprodan/hrval-action@v3.2.0 + uses: stefanprodan/hrval-action@master with: helmRelease: test/ awsS3Repo: true @@ -144,7 +144,7 @@ jobs: steps: - uses: actions/checkout@v1 - name: Validate Helm Releases in test dir - uses: stefanprodan/hrval-action@v3.2.0 + uses: stefanprodan/hrval-action@master with: helmRelease: test/ env: @@ -172,7 +172,7 @@ jobs: steps: - uses: actions/checkout@v1 - name: Validate Helm Releases in test dir - uses: stefanprodan/hrval-action@v3.2.0 + uses: stefanprodan/hrval-action@master with: helmRelease: test/ helmSourcesCacheEnabled: true @@ -190,7 +190,7 @@ version: 2.1 jobs: hrval: docker: - - image: stefanprodan/hrval + - image: stefanprodan/hrval:latest steps: - checkout - run: From 780c0c709ead9347aa3fd7c24ffd65def287e3dd Mon Sep 17 00:00:00 2001 From: Chris Minton Date: Fri, 20 Nov 2020 13:26:43 +0000 Subject: [PATCH 22/33] fix: allow YAML anchors to be interpreted in the values --- src/deps.sh | 2 +- src/hrval.sh | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) diff --git a/src/deps.sh b/src/deps.sh index 7885139..85edbf1 100755 --- a/src/deps.sh +++ b/src/deps.sh @@ -4,7 +4,7 @@ set -o errexit curl -sL https://storage.googleapis.com/kubernetes-release/release/$(curl -s https://storage.googleapis.com/kubernetes-release/release/stable.txt)/bin/linux/amd64/kubectl -o /usr/local/bin/kubectl && chmod +x /usr/local/bin/kubectl -curl -sL https://github.com/mikefarah/yq/releases/download/3.1.0/yq_linux_amd64 -o /usr/local/bin/yq && chmod +x /usr/local/bin/yq +curl -sL https://github.com/mikefarah/yq/releases/download/3.4.1/yq_linux_amd64 -o /usr/local/bin/yq && chmod +x /usr/local/bin/yq curl -sSL https://get.helm.sh/helm-v2.16.3-linux-amd64.tar.gz | tar xz && mv linux-amd64/helm /bin/helm && rm -rf linux-amd64 helm init --client-only --kubeconfig=$HOME/.kube/kubeconfig diff --git a/src/hrval.sh b/src/hrval.sh index e529662..6f5e6ba 100755 --- a/src/hrval.sh +++ b/src/hrval.sh @@ -172,7 +172,7 @@ function validate { echo "" > "${TMPDIR}/${HELM_RELEASE_NAME}.values.yaml" else echo "Extracting values to ${TMPDIR}/${HELM_RELEASE_NAME}.values.yaml" - yq r "${HELM_RELEASE}" spec.values > "${TMPDIR}/${HELM_RELEASE_NAME}.values.yaml" + yq r -X "${HELM_RELEASE}" spec.values > "${TMPDIR}/${HELM_RELEASE_NAME}.values.yaml" fi echo "Writing Helm release to ${TMPDIR}/${HELM_RELEASE_NAME}.release.yaml" From c11c4c6fa7ee45788dff90b446d658893f79d271 Mon Sep 17 00:00:00 2001 From: Chris Minton Date: Fri, 20 Nov 2020 13:36:27 +0000 Subject: [PATCH 23/33] ci: update deps.sh to pass shellcheck warnings --- src/deps.sh | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/src/deps.sh b/src/deps.sh index 85edbf1..26feea2 100755 --- a/src/deps.sh +++ b/src/deps.sh @@ -2,12 +2,12 @@ set -o errexit -curl -sL https://storage.googleapis.com/kubernetes-release/release/$(curl -s https://storage.googleapis.com/kubernetes-release/release/stable.txt)/bin/linux/amd64/kubectl -o /usr/local/bin/kubectl && chmod +x /usr/local/bin/kubectl +curl -sL "https://storage.googleapis.com/kubernetes-release/release/$(curl -s https://storage.googleapis.com/kubernetes-release/release/stable.txt)/bin/linux/amd64/kubectl" -o /usr/local/bin/kubectl && chmod +x /usr/local/bin/kubectl curl -sL https://github.com/mikefarah/yq/releases/download/3.4.1/yq_linux_amd64 -o /usr/local/bin/yq && chmod +x /usr/local/bin/yq curl -sSL https://get.helm.sh/helm-v2.16.3-linux-amd64.tar.gz | tar xz && mv linux-amd64/helm /bin/helm && rm -rf linux-amd64 -helm init --client-only --kubeconfig=$HOME/.kube/kubeconfig +helm init --client-only --kubeconfig="${HOME}/.kube/kubeconfig" curl -sSL https://get.helm.sh/helm-v3.1.1-linux-amd64.tar.gz | tar xz && mv linux-amd64/helm /bin/helmv3 && rm -rf linux-amd64 helmv3 version From 3af7b8f4173121f575a5563f16f9a990c2364017 Mon Sep 17 00:00:00 2001 From: maorgo Date: Thu, 10 Dec 2020 09:49:32 +0200 Subject: [PATCH 24/33] fixed broken install in docker file --- Dockerfile | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/Dockerfile b/Dockerfile index e9feb96..5d9d5fa 100644 --- a/Dockerfile +++ b/Dockerfile @@ -1,6 +1,6 @@ FROM garethr/kubeval:0.15.0 -RUN apk --no-cache add curl==7.67.0-r1 bash==5.0.11-r1 git==2.24.3-r0 openssh-client==8.1_p1-r0 +RUN apk --no-cache add curl==7.67.0-r2 bash==5.0.11-r1 git==2.24.3-r0 openssh-client==8.1_p1-r0 COPY LICENSE README.md / From e0491b3f6995e7831d295656e6c7e42e2e8a139b Mon Sep 17 00:00:00 2001 From: maorgo Date: Thu, 10 Dec 2020 13:02:43 +0200 Subject: [PATCH 25/33] Removed version pinning for all packages --- Dockerfile | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/Dockerfile b/Dockerfile index 5d9d5fa..a414fa0 100644 --- a/Dockerfile +++ b/Dockerfile @@ -1,6 +1,6 @@ FROM garethr/kubeval:0.15.0 -RUN apk --no-cache add curl==7.67.0-r2 bash==5.0.11-r1 git==2.24.3-r0 openssh-client==8.1_p1-r0 +RUN apk --no-cache add curl bash git openssh-client COPY LICENSE README.md / From 445e0351cdb83dd1203bf06805926fa5429fafea Mon Sep 17 00:00:00 2001 From: Maor Goldberg <47694802+maorgoldberg@users.noreply.github.com> Date: Thu, 10 Dec 2020 15:32:29 +0200 Subject: [PATCH 26/33] Update linter.yml --- .github/workflows/linter.yml | 1 + 1 file changed, 1 insertion(+) diff --git a/.github/workflows/linter.yml b/.github/workflows/linter.yml index fdcf412..8ba436f 100644 --- a/.github/workflows/linter.yml +++ b/.github/workflows/linter.yml @@ -48,5 +48,6 @@ jobs: uses: github/super-linter@v3 env: VALIDATE_ALL_CODEBASE: false + LINTER_RULES_PATH: / DEFAULT_BRANCH: master GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} From 8778696323897ca6215d8b664cba282095427dca Mon Sep 17 00:00:00 2001 From: maorgo Date: Thu, 10 Dec 2020 15:50:22 +0200 Subject: [PATCH 27/33] Added config file to ignore Dockerfile lint pinned versions --- .hadolint.yml | 2 ++ 1 file changed, 2 insertions(+) create mode 100644 .hadolint.yml diff --git a/.hadolint.yml b/.hadolint.yml new file mode 100644 index 0000000..0464523 --- /dev/null +++ b/.hadolint.yml @@ -0,0 +1,2 @@ +ignored: + - DL3018 From 249b5dcb1197dda70cd246ff063f89e15538b164 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Mariusz=20J=C3=B3zala?= Date: Thu, 10 Dec 2020 23:20:43 +0100 Subject: [PATCH 28/33] #54 Support for HTTP private Helm chart repositories --- README.md | 51 ++++++++++++++++++++++++++++++++++++++++++++++-- action.yml | 2 ++ src/hrval-all.sh | 28 ++++++++++++++++++++++++++ src/hrval.sh | 33 +++++++++++++++++++++++++------ 4 files changed, 106 insertions(+), 8 deletions(-) diff --git a/README.md b/README.md index 8c45129..2f1b96b 100644 --- a/README.md +++ b/README.md @@ -76,7 +76,8 @@ PASS - flagger/templates/deployment.yaml contains a valid Deployment ## Usage with private charts repositories -To allow the action to be able to clone private charts repositories, you must [create a GitHub private access token](https://help.github.com/en/github/authenticating-to-github/creating-a-personal-access-token-for-the-command-line) and [add it as a secret](https://help.github.com/en/actions/automating-your-workflow-with-github-actions/creating-and-using-encrypted-secrets#creating-encrypted-secrets) to the target repository. NOTE: secret names *cannot* start with `GITHUB_` as these are reserved. +### Private GitHub/GitLab repository +To allow the action to be able to clone charts from private GitHub repositories, you must [create a GitHub private access token](https://help.github.com/en/github/authenticating-to-github/creating-a-personal-access-token-for-the-command-line) and [add it as a secret](https://help.github.com/en/actions/automating-your-workflow-with-github-actions/creating-and-using-encrypted-secrets#creating-encrypted-secrets) to the target repository. NOTE: secret names *cannot* start with `GITHUB_` as these are reserved. You can then pass the secret (in this case, `GH_TOKEN`) into the action like so: ```yaml @@ -97,6 +98,10 @@ jobs: GITHUB_TOKEN: ${{ secrets.GH_TOKEN }} ``` +Gitlab CI Token is also possible using `GITLAB_CI_TOKEN`. + +### AWS S3 + If you set `awsS3Repo: true`, make sure you set the appropriate environment variables for helm s3 plugin to work. Example: ```yaml name: CI @@ -123,7 +128,49 @@ jobs: ``` -Gitlab CI Token is also possible using `GITLAB_CI_TOKEN`. +### HTTP(S) Helm chart repository + +To allow fetching Helm charts from private Helm chart repositories you need to +pass a list of Helm repositories in `HTTP_PRIVATE_CHART_REPOS` environment variable as JSON. + +```json +{ + "repositories": [ + { + "url": "https://raw.githubusercontent.com/username/helm-chart-repository/master/", + "username": "YOUR_USERNAME", + "password": "YOUR_PASSWORD" + }, + { + "url": "https://raw.githubusercontent.com/username/another-helm-chart-repository/master/", + "username": "YOUR_USERNAME", + "password": "YOUR_PASSWORD" + } + ] +} +``` + +It should be passed [as a secret](https://docs.github.com/en/free-pro-team@latest/actions/reference/encrypted-secrets#creating-encrypted-secrets) +to keep credentials secure. + +```yaml +name: CI + +on: [push, pull_request] + +jobs: + hrval: + runs-on: ubuntu-latest + steps: + - uses: actions/checkout@v1 + - name: Validate Helm Releases in test dir + uses: stefanprodan/hrval-action@master + with: + helmRelease: test/ + env: + HTTP_PRIVATE_CHART_REPOS: ${{ secrets.HTTP_PRIVATE_CHART_REPOS }} +``` + ## Usage with pull requests containing changes of Helm chart source located in base repository branch diff --git a/action.yml b/action.yml index 0b3693a..e4fe5f4 100644 --- a/action.yml +++ b/action.yml @@ -45,3 +45,5 @@ runs: - ${{ inputs.awsS3RepoName }} - ${{ inputs.awsS3RepoPlugin }} - ${{ inputs.helmSourcesCacheEnabled }} + env: + HTTP_PRIVATE_CHART_REPOS: ${{ secrets.HTTP_PRIVATE_CHART_REPOS }} diff --git a/src/hrval-all.sh b/src/hrval-all.sh index 0e66a63..446b0d1 100755 --- a/src/hrval-all.sh +++ b/src/hrval-all.sh @@ -12,6 +12,34 @@ AWS_S3_REPO_NAME=${6-""} AWS_S3_PLUGIN="${7-""}" HELM_SOURCES_CACHE_ENABLED=${8-""} +function configurePrivateChartRepositories() { + + local tempDir="$(mktemp -d)" + echo $HTTP_PRIVATE_CHART_REPOS > $tempDir/repositories.json + local numberOfRepositories=$(yq r $tempDir/repositories.json --length repositories) + + for (( i = 0; i < $numberOfRepositories; i++ )); do + local url=$(yq r $tempDir/repositories.json repositories[$i].url) + local username=$(yq r $tempDir/repositories.json repositories[$i].username) + local password=$(yq r $tempDir/repositories.json repositories[$i].password) + local repoMD5=$(/bin/echo $url | /usr/bin/md5sum | cut -f1 -d" ") + + >&2 echo "Adding Helm chart repository '$url'" + if [[ ${HELM_VER} == "v3" ]]; then + helmv3 repo add "$repoMD5" "${url}" --username "${username}" --password "${password}" + helmv3 repo update + else + helm repo add "$repoMD5" "${url}" --username "${username}" --password "${password}" + helm repo update + fi + done +} + +if [[ -v HTTP_PRIVATE_CHART_REPOS ]]; then + echo "Configuring Helm chart repositories" + configurePrivateChartRepositories +fi + if [ "${HELM_SOURCES_CACHE_ENABLED}" == "true" ]; then CACHEDIR=$(mktemp -d) else diff --git a/src/hrval.sh b/src/hrval.sh index 6f5e6ba..1134fa8 100755 --- a/src/hrval.sh +++ b/src/hrval.sh @@ -33,13 +33,34 @@ function download { CHART_REPO_MD5=$(/bin/echo "${CHART_REPO}" | /usr/bin/md5sum | cut -f1 -d" ") - if [[ "${HELM_VER}" == "v3" ]]; then - helmv3 repo add "${CHART_REPO_MD5}" "${CHART_REPO}" - helmv3 repo update + + if [[ ${HELM_VER} == "v3" ]]; then + if [[ $(helmv3 repo list -o yaml | yq r - "[*].name" | grep $CHART_REPO_MD5) == $CHART_REPO_MD5 ]]; then + CHART_REPO_ALREADY_ADDED=true + else + CHART_REPO_ALREADY_ADDED=false + fi + else + if [[ $(helm repo list -o yaml | yq r - "[*].Name" | grep $CHART_REPO_MD5) == $CHART_REPO_MD5 ]]; then + CHART_REPO_ALREADY_ADDED=true + else + CHART_REPO_ALREADY_ADDED=false + fi + fi + + if [[ "$CHART_REPO_ALREADY_ADDED" = false ]]; then + if [[ "${HELM_VER}" == "v3" ]]; then + helmv3 repo add "${CHART_REPO_MD5}" "${CHART_REPO}" + helmv3 repo update + else + helm repo add "${CHART_REPO_MD5}" "${CHART_REPO}" + helm repo update + fi + fi + + if [[ ${HELM_VER} == "v3" ]]; then helmv3 fetch --version "${CHART_VERSION}" --untar "${CHART_REPO_MD5}/${CHART_NAME}" --untardir "${2}" else - helm repo add "${CHART_REPO_MD5}" "${CHART_REPO}" - helm repo update helm fetch --version "${CHART_VERSION}" --untar "${CHART_REPO_MD5}/${CHART_NAME}" --untardir "${2}" fi @@ -168,7 +189,7 @@ function validate { HELM_RELEASE_NAMESPACE=$(yq r "${HELM_RELEASE}" metadata.namespace) if [[ "${IGNORE_VALUES}" == "true" ]]; then - echo "Ingnoring Helm release values" + echo "Ignoring Helm release values" echo "" > "${TMPDIR}/${HELM_RELEASE_NAME}.values.yaml" else echo "Extracting values to ${TMPDIR}/${HELM_RELEASE_NAME}.values.yaml" From 36b4656077cbb878819b551d8dfbfda81c0f6df6 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Mariusz=20J=C3=B3zala?= Date: Thu, 10 Dec 2020 23:43:01 +0100 Subject: [PATCH 29/33] Fixing problems found by linter and action definition --- README.md | 4 +++- action.yml | 2 -- src/hrval-all.sh | 24 +++++++++++++++--------- src/hrval.sh | 4 ++-- 4 files changed, 20 insertions(+), 14 deletions(-) diff --git a/README.md b/README.md index 2f1b96b..c95cb05 100644 --- a/README.md +++ b/README.md @@ -77,7 +77,9 @@ PASS - flagger/templates/deployment.yaml contains a valid Deployment ## Usage with private charts repositories ### Private GitHub/GitLab repository -To allow the action to be able to clone charts from private GitHub repositories, you must [create a GitHub private access token](https://help.github.com/en/github/authenticating-to-github/creating-a-personal-access-token-for-the-command-line) and [add it as a secret](https://help.github.com/en/actions/automating-your-workflow-with-github-actions/creating-and-using-encrypted-secrets#creating-encrypted-secrets) to the target repository. NOTE: secret names *cannot* start with `GITHUB_` as these are reserved. +To allow the action to be able to clone charts from private GitHub repositories, +you must [create a GitHub private access token](https://help.github.com/en/github/authenticating-to-github/creating-a-personal-access-token-for-the-command-line) +and [add it as a secret](https://help.github.com/en/actions/automating-your-workflow-with-github-actions/creating-and-using-encrypted-secrets#creating-encrypted-secrets) to the target repository. NOTE: secret names *cannot* start with `GITHUB_` as these are reserved. You can then pass the secret (in this case, `GH_TOKEN`) into the action like so: ```yaml diff --git a/action.yml b/action.yml index e4fe5f4..0b3693a 100644 --- a/action.yml +++ b/action.yml @@ -45,5 +45,3 @@ runs: - ${{ inputs.awsS3RepoName }} - ${{ inputs.awsS3RepoPlugin }} - ${{ inputs.helmSourcesCacheEnabled }} - env: - HTTP_PRIVATE_CHART_REPOS: ${{ secrets.HTTP_PRIVATE_CHART_REPOS }} diff --git a/src/hrval-all.sh b/src/hrval-all.sh index 446b0d1..eea89b5 100755 --- a/src/hrval-all.sh +++ b/src/hrval-all.sh @@ -14,15 +14,21 @@ HELM_SOURCES_CACHE_ENABLED=${8-""} function configurePrivateChartRepositories() { - local tempDir="$(mktemp -d)" - echo $HTTP_PRIVATE_CHART_REPOS > $tempDir/repositories.json - local numberOfRepositories=$(yq r $tempDir/repositories.json --length repositories) - - for (( i = 0; i < $numberOfRepositories; i++ )); do - local url=$(yq r $tempDir/repositories.json repositories[$i].url) - local username=$(yq r $tempDir/repositories.json repositories[$i].username) - local password=$(yq r $tempDir/repositories.json repositories[$i].password) - local repoMD5=$(/bin/echo $url | /usr/bin/md5sum | cut -f1 -d" ") + local tempDir + tempDir="$(mktemp -d)" + echo "$HTTP_PRIVATE_CHART_REPOS" > "$tempDir/repositories.json" + local numberOfRepositories + numberOfRepositories=$(yq r "$tempDir/repositories.json" --length repositories) + + for (( i = 0; i < numberOfRepositories; i++ )); do + local url + url=$(yq r "$tempDir/repositories.json" repositories[$i].url) + local username + username=$(yq r "$tempDir/repositories.json" repositories[$i].username) + local password + password=$(yq r "$tempDir/repositories.json" repositories[$i].password) + local repoMD5 + repoMD5=$(/bin/echo "$url" | /usr/bin/md5sum | cut -f1 -d" ") >&2 echo "Adding Helm chart repository '$url'" if [[ ${HELM_VER} == "v3" ]]; then diff --git a/src/hrval.sh b/src/hrval.sh index 1134fa8..4c533bc 100755 --- a/src/hrval.sh +++ b/src/hrval.sh @@ -35,13 +35,13 @@ function download { if [[ ${HELM_VER} == "v3" ]]; then - if [[ $(helmv3 repo list -o yaml | yq r - "[*].name" | grep $CHART_REPO_MD5) == $CHART_REPO_MD5 ]]; then + if [[ $(helmv3 repo list -o yaml | yq r - "[*].name" | grep "$CHART_REPO_MD5") == "$CHART_REPO_MD5" ]]; then CHART_REPO_ALREADY_ADDED=true else CHART_REPO_ALREADY_ADDED=false fi else - if [[ $(helm repo list -o yaml | yq r - "[*].Name" | grep $CHART_REPO_MD5) == $CHART_REPO_MD5 ]]; then + if [[ $(helm repo list -o yaml | yq r - "[*].Name" | grep "$CHART_REPO_MD5") == "$CHART_REPO_MD5" ]]; then CHART_REPO_ALREADY_ADDED=true else CHART_REPO_ALREADY_ADDED=false From 42d73bae30dcf54297cc27f0e33b9993152d1dbc Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Mariusz=20J=C3=B3zala?= Date: Thu, 10 Dec 2020 23:49:50 +0100 Subject: [PATCH 30/33] Fixing problem found by linter in README.md --- README.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/README.md b/README.md index c95cb05..45106f3 100644 --- a/README.md +++ b/README.md @@ -77,7 +77,7 @@ PASS - flagger/templates/deployment.yaml contains a valid Deployment ## Usage with private charts repositories ### Private GitHub/GitLab repository -To allow the action to be able to clone charts from private GitHub repositories, +To allow the action to be able to clone charts from private GitHub repositories, you must [create a GitHub private access token](https://help.github.com/en/github/authenticating-to-github/creating-a-personal-access-token-for-the-command-line) and [add it as a secret](https://help.github.com/en/actions/automating-your-workflow-with-github-actions/creating-and-using-encrypted-secrets#creating-encrypted-secrets) to the target repository. NOTE: secret names *cannot* start with `GITHUB_` as these are reserved. From 3f472077121d4dfdb188087ca91b47a665dcb2b2 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Mariusz=20J=C3=B3zala?= Date: Thu, 10 Dec 2020 23:54:06 +0100 Subject: [PATCH 31/33] Fixing one more problem found by linter in README.md --- README.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/README.md b/README.md index 45106f3..f5f1868 100644 --- a/README.md +++ b/README.md @@ -78,7 +78,7 @@ PASS - flagger/templates/deployment.yaml contains a valid Deployment ### Private GitHub/GitLab repository To allow the action to be able to clone charts from private GitHub repositories, -you must [create a GitHub private access token](https://help.github.com/en/github/authenticating-to-github/creating-a-personal-access-token-for-the-command-line) +you must [create a GitHub private access token](https://help.github.com/en/github/authenticating-to-github/creating-a-personal-access-token-for-the-command-line) and [add it as a secret](https://help.github.com/en/actions/automating-your-workflow-with-github-actions/creating-and-using-encrypted-secrets#creating-encrypted-secrets) to the target repository. NOTE: secret names *cannot* start with `GITHUB_` as these are reserved. You can then pass the secret (in this case, `GH_TOKEN`) into the action like so: From 4bb03301cf745e07414731842a24fe15cc8fd399 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Mariusz=20J=C3=B3zala?= Date: Thu, 10 Dec 2020 23:59:20 +0100 Subject: [PATCH 32/33] Fixing one more problem found by linter in README.md --- README.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/README.md b/README.md index f5f1868..06b0ff6 100644 --- a/README.md +++ b/README.md @@ -132,7 +132,7 @@ jobs: ### HTTP(S) Helm chart repository -To allow fetching Helm charts from private Helm chart repositories you need to +To allow fetching Helm charts from private Helm chart repositories you need to pass a list of Helm repositories in `HTTP_PRIVATE_CHART_REPOS` environment variable as JSON. ```json From c51e7543b0ed1b4e452b7c14eabd910cbccae7d9 Mon Sep 17 00:00:00 2001 From: Lars Gohr Date: Wed, 29 Mar 2023 02:26:08 +0200 Subject: [PATCH 33/33] Updated elgohr/Publish-Docker-Github-Action to a supported version (v5) --- .github/workflows/push.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/workflows/push.yml b/.github/workflows/push.yml index 20657c1..5e26057 100644 --- a/.github/workflows/push.yml +++ b/.github/workflows/push.yml @@ -8,7 +8,7 @@ jobs: steps: - uses: actions/checkout@v1 - name: Publish to Docker Hub - uses: elgohr/Publish-Docker-Github-Action@2.7 + uses: elgohr/Publish-Docker-Github-Action@v5 with: name: stefanprodan/hrval username: ${{ secrets.DOCKER_USERNAME }}