LedgerHQ · b0l0k · Oct 17, 2023 · Oct 17, 2023 · Oct 17, 2023 · Oct 17, 2023
@@ -0,0 +1,54 @@
+name: _Build and publish Helm Chart
+
+on:
+  workflow_call:
+    inputs:
+      chart-testing-config:
+        type: string
+        required: false
+        default: ".github/ct.yaml"
+      charts-path:
+        type: string
+        required: false
+        default: "./helm/charts/"
+
+jobs:
+  lint-chart:
+    runs-on: [shared]
+    steps:
+      - name: Register dependencies repository
+        shell: bash
+        run: |
+          if [ ! -z "${{ secrets.DEV_CHARTMUSEUM_URL }}" ]; then
+            helm repo add dev-chartmuseum --username ${{ secrets.DEV_CHARTMUSEUM_USER }} --password ${{ secrets.DEV_CHARTMUSEUM_PASSWORD }} ${{ secrets.DEV_CHARTMUSEUM_URL }}
+            helm repo update
+          fi
+          if [ ! -z "${{ secrets.PROD_CHARTMUSEUM_URL }}" ]; then
+            helm repo add prd-chartmuseum --username ${{ secrets.PROD_CHARTMUSEUM_USER }} --password ${{ secrets.PROD_CHARTMUSEUM_PASSWORD }} ${{ secrets.PROD_CHARTMUSEUM_URL }}
+            helm repo update
+          fi
+      - name: Run Chart lint
+        uses: LedgerHQ/actions/helm/lint@add-reusable-workflow-helm
+        with:
+          chart-testing-config: ${{inputs.chart-testing-config}}
+
+  kubeconform-chart:
+    runs-on: [shared]
+    strategy:
+      matrix:
+        k8s:
+          - v1.23.0
+          - v1.24.0
+    steps:
+      - name: Register dependencies repository
+        shell: bash
+        run: |
+          if [ ! -z "${{ secrets.PROD_CHARTMUSEUM_URL }}" ]; then
+            helm repo add chartmuseum --username ${{ secrets.PROD_CHARTMUSEUM_USER }} --password ${{ secrets.PROD_CHARTMUSEUM_PASSWORD }} ${{ secrets.PROD_CHARTMUSEUM_URL }}
+            helm repo update
+          fi
+      - name: Run Kubeconform
+        uses: LedgerHQ/actions/helm/conform@add-reusable-workflow-helm
+        with:
+          kubernetes-version: ${{ matrix.k8s }}
+          charts-path: ${{inputs.charts-path}}
@@ -0,0 +1,39 @@
+name: _Build and publish Helm Chart
+
+on:
+  workflow_call:
+    inputs:
+      release:
+        type: boolean
+        required: false
+        default: false
+      version:
+        type: string
+        required: false
+      chart-testing-config:
+        type: string
+        required: false
+        default: ".github/ct.yaml"
+      charts-path:
+        type: string
+        required: false
+        default: "./helm/charts/"
+
+jobs:
+  lint:
+    name: "Lint & Kubeconform chart(s)"
+    uses: LedgerHQ/actions/.github/workflows/_helm_lint.yml@add-reusable-workflow-helm
+    with:
+      chart-testing-config: ${{ inputs.chart-testing-config }}
+      charts-path: ${{ inputs.charts-path }}
+    secrets: inherit
+
+  publish:
+    name: "Publish chart(s)"
+    needs: [lint]
+    uses: LedgerHQ/actions/.github/workflows/_helm_publish.yml@add-reusable-workflow-helm
+    with:
+      charts-path: ${{ inputs.charts-path }}
+      version: ${{ inputs.version }}
+      release: ${{ inputs.release }}
+    secrets: inherit
@@ -0,0 +1,58 @@
+name: _Build and publish Helm Chart
+
+on:
+  workflow_call:
+    inputs:
+      release:
+        type: boolean
+        required: false
+        default: false
+      version:
+        type: string
+        required: false
+      charts-path:
+        type: string
+        required: false
+        default: "./helm/charts/"
+
+jobs:
+  publish-chartmuseum-dev:
+    name: publish-chartmuseum-dev
+    environment: chartmuseum-dev
+    if: inputs.version != ''
+    runs-on: [shared]
+    steps:
+      - name: Checkout
+        uses: actions/checkout@v4
+        with:
+          fetch-depth: 0
+      - name: Push chart to chartmuseum-prd repo
+        uses: LedgerHQ/actions/helm/publish-cm@add-reusable-workflow-helm
+        with:
+          charts-path: ${{inputs.charts-path}}
+          version: ${{ inputs.version }}
+          chartmuseum-url: ${{ secrets.CHARTMUSEUM_DEV_URL }}
+          chartmuseum-user: ${{ secrets.CHARTMUSEUM_DEV_USER }}
+          chartmuseum-password: ${{ secrets.CHARTMUSEUM_DEV_PASSWORD }}
+          force: true
+
+  publish-chartmuseum-prd:
+    name: publish-chartmuseum-prd
+    environment: chartmuseum-prd
+    if: inputs.version != '' && inputs.release != false
+    runs-on: [shared]
+    needs: [publish-chartmuseum-dev]
+    steps:
+      - name: Checkout
+        uses: actions/checkout@v4
+        with:
+          fetch-depth: 0
+      - name: Push chart to chartmuseum-prd repo
+        uses: LedgerHQ/actions/helm/publish-cm@add-reusable-workflow-helm
+        with:
+          charts-path: ${{inputs.charts-path}}
+          version: ${{ inputs.version }}
+          chartmuseum-url: ${{ secrets.CHARTMUSEUM_PROD_URL }}
+          chartmuseum-user: ${{ secrets.CHARTMUSEUM_PROD_USER }}
+          chartmuseum-password: ${{ secrets.CHARTMUSEUM_PROD_PASSWORD }}
+          force: true
@@ -0,0 +1,60 @@
+name: "Run Kubeconform"
+description: "Run Kubeconform againt specified K8S version."
+
+inputs:
+  kubernetes-version:
+    description: "Specify the kubernetes version that you want to test."
+    required: true
+  charts-path:
+    description: "Specify the path where the charts are located."
+    required: false
+    default: "./helm/charts/"
+
+runs:
+  using: "composite"
+  steps:
+      - name: Checkout
+        uses: actions/checkout@v4
+        with:
+          fetch-depth: 0
+
+      - name: Run kubeconform
+        shell: bash
+        env:
+          KUBERNETES_VERSION: ${{ matrix.k8s }}
+          KUBECONFORM_VERSION: "v0.4.12"
+          KUBECONFORM_BASE_URL: "https://github.com/yannh/kubeconform/releases/download"
+          FILENAME_FORMAT: "{kind}-{group}-{version}"
+        run: |
+          set -o pipefail
+          OS=$(uname)
+          # install kubeconform
+          curl -sSfL "${KUBECONFORM_BASE_URL}/${KUBECONFORM_VERSION}/kubeconform-${OS}-amd64.tar.gz" |
+          tar -xzf - kubeconform
+          # validate changed charts
+          for chart in ${{ inputs.charts-path }}/*/; do
+            values=$(echo "${chart}" | sed "s/charts/values/g")
+            echo "Running kubeconform for this folder: '${chart}'"
+
+            # Test if the directory contains Chart.yaml
+            if [ ! -f "${chart}/Chart.yaml" ]; then
+                echo "Chart.yaml not present, skip."
+                continue
+            fi
+
+            # Test if the directory respects the convention  */charts & */values
+            if [ ${values} == ${chart} -o ! -d ${values} ]; then
+                echo "Chart/Values not present, skip."
+                continue
+            fi
+
+            helm dep up "${chart}" &&
+            for value in $(find "${values}" -type f -name "*.yaml"); do
+              echo -e "▶ Validating ${chart} with values from ${value}"
+              helm template --kube-version "${KUBERNETES_VERSION#v}" -f "${value}" "${chart}" |
+              ./kubeconform -strict -ignore-missing-schemas -exit-on-error \
+                -schema-location default -schema-location 'helm/k8s-crds-schemas/{{ .ResourceKind }}{{ .KindSuffix }}.json' \
+                -kubernetes-version "${KUBERNETES_VERSION#v}" -summary -verbose -schema-location default
+            done
+
+          done
@@ -0,0 +1,37 @@
+name: "Run Helm Chart Testing & Docs"
+description: "Run Helm Chart Testing & Docs"
+
+inputs:
+  chart-testing-config:
+    description: "Specify the path where the ct.yaml is located."
+    required: true
+    default: ".github/ct.yaml"
+
+runs:
+  using: "composite"
+  steps:
+      - name: Checkout
+        uses: actions/checkout@v4
+        with:
+          fetch-depth: 0
+
+      - name: Set up chart-testing
+        uses: helm/[email protected]
+
+      - name: Run chart-testing (lint)
+        shell: bash
+        run: ct lint --config ${{ inputs.chart-testing-config }} --check-version-increment=false
+
+      - name: Run helm-docs
+        shell: bash
+        env:
+          HELM_DOCS_VERSION: "1.11.0"
+          HELM_DOCS_BASE_URL: "https://github.com/norwoodj/helm-docs/releases/download"
+        run: |
+          OS=$(uname)
+          # install helm-docs
+          curl -sSfL "${HELM_DOCS_BASE_URL}/v${HELM_DOCS_VERSION}/helm-docs_${HELM_DOCS_VERSION}_${OS}_x86_64.tar.gz" |
+          tar -xzf - helm-docs
+          # validate docs
+          ./helm-docs
+          git diff --exit-code
@@ -0,0 +1,51 @@
+name: "Publish Helm Chart on chart museum"
+description: "Publish Helm Chart on chart museum."
+
+inputs:
+  version:
+    description: "Specify the chart version to publish."
+    required: true
+  charts-path:
+    description: "Specify the path where the charts are located."
+    required: false
+    default: "./helm/charts/"
+  chartmuseum-url:
+    description: "Specify the URL of Chart Museum"
+    required: true
+  chartmuseum-user:
+    description: "Specify the user of Chart Museum"
+    required: true
+  chartmuseum-password:
+    description: "Specify the password of Chart Museum"
+    required: true
+  force:
+    description: "Replace charts if it exists"
+    required: false
+
+runs:
+  using: "composite"
+  steps:
+      - name: Checkout
+        uses: actions/checkout@v4
+        with:
+          fetch-depth: 0
+
+      - name: Add chartmuseum helm repo
+        shell: bash
+        run: |
+          if ! helm plugin list | grep -q push; then
+            helm plugin install https://github.com/chartmuseum/helm-push.git
+          fi
+          helm repo add chartmuseum --username ${{ inputs.chartmuseum-user }} --password ${{ inputs.chartmuseum-password }} ${{ inputs.chartmuseum-url }} &&
+          helm repo update
+      - name: Push chart to chartmuseum repo
+        shell: bash
+        run: |
+          for chart in ${{ inputs.charts-path }}/*/; do
+            # Test if the directory contains Chart.yaml
+            if [ ! -f "${chart}/Chart.yaml" ]; then
+                echo "Chart.yaml not present, skip."
+                continue
+            fi
+            helm cm-push ${{ inputs.force && '-f'}} $chart chartmuseum --version ${{ inputs.version }}
+          done
@@ -34,6 +34,10 @@ inputs:
     description: "args to pass to docker build"
     required: false
     default: ""
+outputs:
+  semantic-version:
+    description: "Extracted Semantic version."
+    value: ${{ steps.docker.outputs.semantic-version }}
 
 runs:
   using: "composite"
@@ -52,7 +56,8 @@ runs:
         GOSS_IMAGE: goss_image:latest
         GOSS_FILES_PATH: .github/goss
 
-    - uses: LedgerHQ/actions/python-app/docker@main
+    - uses: LedgerHQ/actions/python-app/docker@add-reusable-workflow-helm
+      id: docker
       with:
         build-args: ${{ inputs.docker-build-args }}
 

@@ -6,6 +6,10 @@ inputs:
     description: "args to pass to docker build"
     required: false
     default: ""
+outputs:
+  semantic-version:
+    description: "Extracted Semantic version."
+    value: ${{ steps.extract-semantic-version.outputs.semantic-version }}
 
 runs:
   using: "composite"
@@ -32,19 +36,33 @@ runs:
         echo VERSION=$(git describe --tags) >> $GITHUB_ENV
       shell: bash
 
+    - if: ${{ steps.check-docker.outputs.is-docker-needed == 'true' }}
+      name: Semantic Version preparation
+      id: extract-semantic-version
+      env:
+        REF: ${{ github.event.pull_request && github.head_ref || github.ref_name }}
+      run: |
+        if [[ $REF =~ ^[0-9]+\.[0-9]+\.[0-9]+(.*)$ ]]; then
+          echo "semantic-version=$REF" >> ${GITHUB_OUTPUT}
+        else
+          echo "semantic-version=0.0.0-${REF//[\/_]/-}" >> ${GITHUB_OUTPUT}
+        fi
+      shell: bash
+
     - if: ${{ steps.check-docker.outputs.is-docker-needed == 'true' }}
       name: Docker meta
       id: meta
       uses: docker/metadata-action@v3
       with:
         images: ${{ env.IMAGE }}
         flavor: |
-            latest=false
+          latest=false
         tags: |
-            type=raw,value=latest,enable=${{ github.ref == 'refs/heads/main' }}
-            type=ref,event=branch
-            type=ref,event=tag
-            type=ref,event=pr
+          type=raw,value=latest,enable=${{ github.ref == 'refs/heads/main' }}
+          type=ref,event=branch
+          type=ref,event=tag
+          type=ref,event=pr
+          type=semver,pattern={{version}},value=${{steps.extract-semantic-version.outputs.semantic-version}}
 
     - if: ${{ steps.check-docker.outputs.is-docker-needed == 'true' }}
       name: Set up QEMU