From 40ffb6559df00df3212bd9a26220cc7eec4c08c8 Mon Sep 17 00:00:00 2001 From: Ludovic Ortega Date: Mon, 4 Nov 2024 21:13:26 +0100 Subject: [PATCH] feat: add helm chart github action (#2113) * feat: add helm chart github action Signed-off-by: Ludovic Ortega * fix: remove test branch Signed-off-by: Ludovic Ortega * fix: run helm-docs-built after syncing version Signed-off-by: Ludovic Ortega * fix: helm repo url --------- Signed-off-by: Ludovic Ortega --- .github/workflows/lint-helm-charts.yml | 47 ++++++++++ .github/workflows/release-helm-charts.yml | 31 ++++++ .github/workflows/sync_files.yml | 4 + .pre-commit-config.yaml | 6 ++ chart/stirling-pdf/README.md | 95 +++++++++++++++++++ chart/stirling-pdf/README.md.gotmpl | 25 +++++ chart/stirling-pdf/values.yaml | 109 +++++++++++----------- cr.yaml | 2 + 8 files changed, 264 insertions(+), 55 deletions(-) create mode 100644 .github/workflows/lint-helm-charts.yml create mode 100644 .github/workflows/release-helm-charts.yml create mode 100644 chart/stirling-pdf/README.md create mode 100644 chart/stirling-pdf/README.md.gotmpl create mode 100644 cr.yaml diff --git a/.github/workflows/lint-helm-charts.yml b/.github/workflows/lint-helm-charts.yml new file mode 100644 index 00000000000..3b0120917c9 --- /dev/null +++ b/.github/workflows/lint-helm-charts.yml @@ -0,0 +1,47 @@ +name: Lint and Test Helm Charts + +on: + push: + branches: ["main"] + pull_request: + branches: ["main"] + +jobs: + lint-test: + runs-on: ubuntu-latest + + permissions: + contents: read + + steps: + - uses: actions/checkout@v4 + with: + fetch-depth: 0 + + - name: Set up Helm + uses: azure/setup-helm@v4 + + - name: Set up python + uses: actions/setup-python@v5 + with: + python-version: '3.10' + + - name: Run pre-commit + uses: pre-commit/action@v3.0.1 + with: + extra_args: helm-docs-built + + - name: Set up chart-testing + uses: helm/chart-testing-action@v2 + + - name: Run chart-testing (list-changed) + id: list-changed + run: | + changed=$(ct list-changed --target-branch ${{ github.event.repository.default_branch }}) + if [[ -n "$changed" ]]; then + echo "changed=true" >> "$GITHUB_OUTPUT" + fi + + - name: Run chart-testing + if: steps.list-changed.outputs.changed == 'true' + run: ct lint --target-branch ${{ github.event.repository.default_branch }} --validate-maintainers=false diff --git a/.github/workflows/release-helm-charts.yml b/.github/workflows/release-helm-charts.yml new file mode 100644 index 00000000000..0dca6fb53cd --- /dev/null +++ b/.github/workflows/release-helm-charts.yml @@ -0,0 +1,31 @@ +name: Release Helm charts + +on: + push: + branches: + - main + +permissions: + contents: write + +jobs: + release: + runs-on: ubuntu-latest + + steps: + - uses: actions/checkout@v4 + with: + fetch-depth: 0 + + - name: Set up git config + run: | + git config --global user.name "github-actions[bot]" + git config --global user.email "github-actions[bot]@users.noreply.github.com" + + - name: Run chart-releaser + uses: helm/chart-releaser-action@v1.6.0 + with: + config: "./cr.yaml" + charts_dir: "chart" + env: + CR_TOKEN: "${{ secrets.GITHUB_TOKEN }}" diff --git a/.github/workflows/sync_files.yml b/.github/workflows/sync_files.yml index 07a82857486..486cad5fa65 100644 --- a/.github/workflows/sync_files.yml +++ b/.github/workflows/sync_files.yml @@ -26,6 +26,10 @@ jobs: run: pip install pyyaml - name: Sync versions run: python .github/scripts/gradle_to_chart.py + - name: Run pre-commit helm-docs-built + uses: pre-commit/action@v3.0.1 + with: + extra_args: helm-docs-built - name: Set up git config run: | git config --global user.name "github-actions[bot]" diff --git a/.pre-commit-config.yaml b/.pre-commit-config.yaml index 45ce3639e23..125f0b506c8 100644 --- a/.pre-commit-config.yaml +++ b/.pre-commit-config.yaml @@ -37,3 +37,9 @@ repos: language: python exclude: ^(src/main/resources/static/pdfjs|src/main/resources/static/pdfjs-legacy) files: ^.*(\.html|\.css|\.js)$ + - repo: https://github.com/norwoodj/helm-docs + rev: v1.14.2 + hooks: + - id: helm-docs-built + args: + - --chart-search-root=chart diff --git a/chart/stirling-pdf/README.md b/chart/stirling-pdf/README.md new file mode 100644 index 00000000000..7536c6f0e51 --- /dev/null +++ b/chart/stirling-pdf/README.md @@ -0,0 +1,95 @@ +# stirling-pdf-chart + +![Version: 1.0.0](https://img.shields.io/badge/Version-1.0.0-informational?style=flat-square) ![AppVersion: 0.30.1](https://img.shields.io/badge/AppVersion-0.30.1-informational?style=flat-square) + +locally hosted web application that allows you to perform various operations on PDF files + +**Homepage:** + +## Maintainers + +| Name | Email | Url | +| ---- | ------ | --- | +| Stirling-Tools | | | + +## Source Code + +* + +## Chart Repo + +Add the following repo to use the chart: + +```console +helm repo add stirling-pdf https://stirling-tools.github.io/Stirling-PDF +``` + +## Values + +| Key | Type | Default | Description | +|-----|------|---------|-------------| +| affinity | object | `{}` | | +| commonLabels | object | `{}` | Labels to apply to all resources | +| containerSecurityContext | object | `{}` | | +| deployment.annotations | object | `{}` | Stirling-pdf Deployment annotations | +| deployment.extraVolumeMounts | list | `[]` | Additional volumes to mount | +| deployment.extraVolumes | list | `[]` | Additional volumes | +| deployment.labels | object | `{}` | | +| deployment.sidecarContainers | object | `{}` | of the chart's content, send notifications... | +| envs | list | `[]` | | +| extraArgs | list | `[]` | | +| image.pullPolicy | string | `"IfNotPresent"` | | +| image.repository | string | `"frooodle/s-pdf"` | | +| image.tag | string | `nil` | | +| ingress | object | `{"annotations":{},"enabled":false,"hosts":[],"ingressClassName":null,"labels":{},"pathType":"ImplementationSpecific"}` | Ingress for load balancer | +| ingress.annotations | object | `{}` | Stirling-pdf Ingress annotations | +| ingress.hosts | list | `[]` | Must be provided if Ingress is enabled | +| ingress.ingressClassName | string | `nil` | See https://kubernetes.io/blog/2020/04/02/improvements-to-the-ingress-api-in-kubernetes-1.18/#specifying-the-class-of-an-ingress | +| ingress.labels | object | `{}` | Stirling-pdf Ingress labels | +| nodeSelector | object | `{}` | | +| persistence.accessMode | string | `"ReadWriteOnce"` | | +| persistence.enabled | bool | `false` | | +| persistence.labels | object | `{}` | | +| persistence.path | string | `"/tmp"` | | +| persistence.pv | object | `{"accessMode":"ReadWriteOnce","capacity":{"storage":"8Gi"},"enabled":false,"nfs":{"path":null,"server":null},"pvname":null}` | stirling-pdf data Persistent Volume Storage Class If defined, storageClassName: If set to "-", storageClassName: "", which disables dynamic provisioning If undefined (the default) or set to null, no storageClassName spec is set, choosing the default provisioner. (gp2 on AWS, standard on GKE, AWS & OpenStack) storageClass: "-" volumeName: | +| persistence.size | string | `"8Gi"` | | +| podAnnotations | object | `{}` | Read more about kube2iam to provide access to s3 https://github.com/jtblin/kube2iam | +| podLabels | object | `{}` | ref: https://kubernetes.io/docs/concepts/overview/working-with-objects/labels/ | +| priorityClassName | string | `""` | | +| probes.liveness.failureThreshold | int | `3` | | +| probes.liveness.initialDelaySeconds | int | `5` | | +| probes.liveness.periodSeconds | int | `10` | | +| probes.liveness.successThreshold | int | `1` | | +| probes.liveness.timeoutSeconds | int | `1` | | +| probes.livenessHttpGetConfig.scheme | string | `"HTTP"` | | +| probes.readiness.failureThreshold | int | `3` | | +| probes.readiness.initialDelaySeconds | int | `5` | | +| probes.readiness.periodSeconds | int | `10` | | +| probes.readiness.successThreshold | int | `1` | | +| probes.readiness.timeoutSeconds | int | `1` | | +| probes.readinessHttpGetConfig.scheme | string | `"HTTP"` | | +| replicaCount | int | `1` | | +| resources | object | `{}` | | +| rootPath | string | `"/"` | Rootpath for the application | +| secret.labels | object | `{}` | | +| securityContext | object | `{"enabled":true,"fsGroup":1000}` | does not allow this, try setting securityContext: {} | +| service.annotations | object | `{}` | | +| service.externalPort | int | `8080` | | +| service.externalTrafficPolicy | string | `"Local"` | | +| service.labels | object | `{}` | | +| service.loadBalancerIP | string | `nil` | Only valid if service.type: LoadBalancer | +| service.loadBalancerSourceRanges | list | `[]` | Only valid if service.type: LoadBalancer | +| service.nodePort | string | `nil` | | +| service.servicename | string | `nil` | | +| service.targetPort | string | `nil` | from deployment above. Leave empty to use stirling-pdf directly. | +| service.type | string | `"ClusterIP"` | | +| serviceAccount.annotations | object | `{}` | | +| serviceAccount.automountServiceAccountToken | bool | `false` | | +| serviceAccount.create | bool | `true` | | +| serviceAccount.name | string | `""` | | +| serviceMonitor.enabled | bool | `false` | | +| serviceMonitor.labels | object | `{}` | | +| serviceMonitor.metricsPath | string | `"/metrics"` | | +| strategy.type | string | `"RollingUpdate"` | | +| tolerations | list | `[]` | | +| volumePermissions | object | `{"image":{"pullPolicy":"Always","registry":"docker.io","repository":"bitnami/minideb","tag":"buster"}}` | volumePermissions: Change the owner of the persistent volume mountpoint to RunAsUser:fsGroup | diff --git a/chart/stirling-pdf/README.md.gotmpl b/chart/stirling-pdf/README.md.gotmpl new file mode 100644 index 00000000000..caaddb04f6d --- /dev/null +++ b/chart/stirling-pdf/README.md.gotmpl @@ -0,0 +1,25 @@ +{{ template "chart.header" . }} + +{{ template "chart.deprecationWarning" . }} + +{{ template "chart.badgesSection" . }} + +{{ template "chart.description" . }} + +{{ template "chart.homepageLine" . }} + +{{ template "chart.maintainersSection" . }} + +{{ template "chart.sourcesSection" . }} + +{{ template "chart.requirementsSection" . }} + +## Chart Repo + +Add the following repo to use the chart: + +```console +helm repo add stirling-pdf https://docs.stirlingpdf.com/Stirling-PDF/ +``` + +{{ template "chart.valuesSection" . }} diff --git a/chart/stirling-pdf/values.yaml b/chart/stirling-pdf/values.yaml index 3e3e560cc19..eec1856e3a6 100644 --- a/chart/stirling-pdf/values.yaml +++ b/chart/stirling-pdf/values.yaml @@ -1,4 +1,5 @@ -extraArgs: [] +extraArgs: + [] # - --storage-timestamp-tolerance 1s replicaCount: 1 strategy: @@ -10,12 +11,11 @@ image: pullPolicy: IfNotPresent secret: labels: {} -## Labels to apply to all resources -## +# -- Labels to apply to all resources commonLabels: {} # team_name: dev -# rootpath for the application +# -- Rootpath for the application rootPath: / envs: [] @@ -31,22 +31,22 @@ envs: [] # value: "en_GB" deployment: - ## stirling-pdf Deployment annotations + # -- Stirling-pdf Deployment annotations annotations: {} # name: value labels: {} # name: value - # additional volumes + # -- Additional volumes extraVolumes: [] # - name: nginx-config # secret: # secretName: nginx-config - # additional volumes to mount + # -- Additional volumes to mount extraVolumeMounts: [] - ## sidecarContainers for the stirling-pdf - # Can be used to add a proxy to the pod that does - # scanning for secrets, signing, authentication, validation - # of the chart's content, send notifications... + # -- sidecarContainers for the stirling-pdf + # -- Can be used to add a proxy to the pod that does + # -- scanning for secrets, signing, authentication, validation + # -- of the chart's content, send notifications... sidecarContainers: {} ## Example sidecarContainer which uses an extraVolume from above and ## a named port that can be referenced in the service as targetPort. @@ -60,33 +60,34 @@ deployment: # readOnly: true # mountPath: /etc/nginx -## Pod annotations -## ref: https://kubernetes.io/docs/concepts/overview/working-with-objects/annotations/ -## Read more about kube2iam to provide access to s3 https://github.com/jtblin/kube2iam -## -podAnnotations: {} +# -- Pod annotations +# -- ref: https://kubernetes.io/docs/concepts/overview/working-with-objects/annotations/ +# -- Read more about kube2iam to provide access to s3 https://github.com/jtblin/kube2iam +podAnnotations: + {} # iam.amazonaws.com/role: role-arn -## Pod labels -## ref: https://kubernetes.io/docs/concepts/overview/working-with-objects/labels/ -podLabels: {} +# -- Pod labels +# -- ref: https://kubernetes.io/docs/concepts/overview/working-with-objects/labels/ +podLabels: + {} # name: value service: servicename: type: ClusterIP externalTrafficPolicy: Local - ## Uses pre-assigned IP address from cloud provider - ## Only valid if service.type: LoadBalancer + # -- Uses pre-assigned IP address from cloud provider + # -- Only valid if service.type: LoadBalancer loadBalancerIP: - ## Limits which cidr blocks can connect to service's load balancer - ## Only valid if service.type: LoadBalancer + # -- Limits which cidr blocks can connect to service's load balancer + # -- Only valid if service.type: LoadBalancer loadBalancerSourceRanges: [] # clusterIP: None externalPort: 8080 - ## targetPort of the container to use. If a sidecar should handle the - ## requests first, use the named port from the sidecar. See sidecar example - ## from deployment above. Leave empty to use stirling-pdf directly. + # -- targetPort of the container to use. If a sidecar should handle the + # -- requests first, use the named port from the sidecar. See sidecar example + # -- from deployment above. Leave empty to use stirling-pdf directly. targetPort: nodePort: annotations: {} @@ -133,10 +134,10 @@ serviceAccount: ## Annotations for the Service Account annotations: {} -# UID/GID 1000 is the default user "stirling-pdf" used in -# the container image starting in v0.8.0 and above. This -# is required for local persistent storage. If your cluster -# does not allow this, try setting securityContext: {} +# -- UID/GID 1000 is the default user "stirling-pdf" used in +# -- the container image starting in v0.8.0 and above. This +# -- is required for local persistent storage. If your cluster +# -- does not allow this, try setting securityContext: {} securityContext: enabled: true fsGroup: 1000 @@ -159,7 +160,8 @@ persistence: enabled: false accessMode: ReadWriteOnce size: 8Gi - labels: {} + labels: + {} # name: value path: /tmp ## A manually managed Persistent Volume and Claim @@ -167,13 +169,12 @@ persistence: ## If defined, PVC must be created manually before volume will be bound # existingClaim: - ## stirling-pdf data Persistent Volume Storage Class - ## If defined, storageClassName: - ## If set to "-", storageClassName: "", which disables dynamic provisioning - ## If undefined (the default) or set to null, no storageClassName spec is - ## set, choosing the default provisioner. (gp2 on AWS, standard on - ## GKE, AWS & OpenStack) - ## + # -- stirling-pdf data Persistent Volume Storage Class + # If defined, storageClassName: + # If set to "-", storageClassName: "", which disables dynamic provisioning + # If undefined (the default) or set to null, no storageClassName spec is + # set, choosing the default provisioner. (gp2 on AWS, standard on + # GKE, AWS & OpenStack) # storageClass: "-" # volumeName: pv: @@ -186,9 +187,8 @@ persistence: server: path: -## Init containers parameters: -## volumePermissions: Change the owner of the persistent volume mountpoint to RunAsUser:fsGroup -## +# -- Init containers parameters: +# -- volumePermissions: Change the owner of the persistent volume mountpoint to RunAsUser:fsGroup volumePermissions: image: registry: docker.io @@ -202,25 +202,25 @@ volumePermissions: # pullSecrets: # - myRegistryKeySecretName -## Ingress for load balancer +# -- Ingress for load balancer ingress: enabled: false pathType: "ImplementationSpecific" - ## stirling-pdf Ingress labels - ## - labels: {} + # -- Stirling-pdf Ingress labels + labels: + {} # dns: "route53" - ## stirling-pdf Ingress annotations - ## - annotations: {} + # -- Stirling-pdf Ingress annotations + annotations: + {} # kubernetes.io/ingress.class: nginx # kubernetes.io/tls-acme: "true" - ## stirling-pdf Ingress hostnames - ## Must be provided if Ingress is enabled - ## - hosts: [] + # -- Stirling-pdf Ingress hostnames + # -- Must be provided if Ingress is enabled + hosts: + [] # - name: stirling-pdf.domain1.com # path: / # tls: false @@ -234,7 +234,6 @@ ingress: # ## Secrets must be added manually to the namespace # tlsSecret: stirling-pdf.domain2-tls - # For Kubernetes >= 1.18 you should specify the ingress-controller via the field ingressClassName - # See https://kubernetes.io/blog/2020/04/02/improvements-to-the-ingress-api-in-kubernetes-1.18/#specifying-the-class-of-an-ingress + # -- For Kubernetes >= 1.18 you should specify the ingress-controller via the field ingressClassName + # -- See https://kubernetes.io/blog/2020/04/02/improvements-to-the-ingress-api-in-kubernetes-1.18/#specifying-the-class-of-an-ingress ingressClassName: - diff --git a/cr.yaml b/cr.yaml new file mode 100644 index 00000000000..7a948c73979 --- /dev/null +++ b/cr.yaml @@ -0,0 +1,2 @@ +skip-existing: true +generate-release-notes: true \ No newline at end of file