From 62d0254ff72fc97444635385b928804ca1476347 Mon Sep 17 00:00:00 2001
From: Stefan Schwarz <ssz@bitsbeats.com>
Date: Mon, 11 Jul 2022 16:09:43 +0200
Subject: [PATCH] add support for post_kustomize to modify deployments

---
 .Dockerignore                |  2 +-
 CHANGELOG.md                 |  5 +++++
 Dockerfile                   |  3 +++
 internal/helm/helm.go        | 18 ++++++++++++++++++
 kustomize/kustomization.yaml |  7 +++++++
 kustomize/kustomize.sh       |  6 ++++++
 main.go                      | 18 ++++++++++--------
 7 files changed, 50 insertions(+), 9 deletions(-)
 create mode 100644 kustomize/kustomization.yaml
 create mode 100755 kustomize/kustomize.sh

diff --git a/.Dockerignore b/.Dockerignore
index 1d1fe94..9414382 100644
--- a/.Dockerignore
+++ b/.Dockerignore
@@ -1 +1 @@
-Dockerfile
\ No newline at end of file
+Dockerfile
diff --git a/CHANGELOG.md b/CHANGELOG.md
index 65d49ba..94558ff 100644
--- a/CHANGELOG.md
+++ b/CHANGELOG.md
@@ -1,5 +1,10 @@
 # Changelog
 
+## v0.1.27
+
+- add `post_kustomize` support
+- add kustomize binary v3.8.7
+
 ## v0.1.26
 
 - update helm to v3.9.0
diff --git a/Dockerfile b/Dockerfile
index 268d308..2761b4c 100644
--- a/Dockerfile
+++ b/Dockerfile
@@ -28,10 +28,13 @@ FROM busybox:glibc
 
 COPY --from=downloader /usr/local/bin/helm /usr/local/bin/helm
 COPY --from=downloader /usr/local/bin/kubectl /usr/local/bin/kubectl
+COPY --from=k8s.gcr.io/kustomize/kustomize:v3.8.7 /app/kustomize /usr/local/bin/kustomize
 
 COPY --from=builder /etc/ssl/certs /etc/ssl/certs
 COPY --from=builder /tmp/build/drone-helm3 /usr/local/bin/drone-helm3
 
+ADD ./kustomize /kustomize
+
 RUN mkdir /root/.kube
 
 CMD /usr/local/bin/drone-helm3
diff --git a/internal/helm/helm.go b/internal/helm/helm.go
index a51be75..e1e958f 100644
--- a/internal/helm/helm.go
+++ b/internal/helm/helm.go
@@ -4,6 +4,7 @@ import (
 	"context"
 	"fmt"
 	"log"
+	"os"
 	"strings"
 	"time"
 
@@ -138,6 +139,23 @@ func WithDisableOpenAPIValidation(disable bool) HelmOption {
 	}
 }
 
+func WithPostKustomization(kustomization string) HelmOption {
+	return func(c *HelmCmd) error {
+		if kustomization != "" {
+			f, err := os.OpenFile("/kustomize/kustomization.yaml", os.O_APPEND|os.O_WRONLY, 0600)
+			if err != nil {
+				return fmt.Errorf("unable to create kustomization file: %w", err)
+			}
+			_, err = f.WriteString(kustomization)
+			if err != nil {
+				return fmt.Errorf("unable to write to kustomization file: %w", err)
+			}
+			c.Args = append(c.Args, "--post-renderer", "/kustomize/kustomize.sh")
+		}
+		return nil
+	}
+}
+
 func WithTimeout(timeout time.Duration) HelmOption {
 	return func(c *HelmCmd) error {
 		c.Args = append(c.Args, "--timeout", timeout.String())
diff --git a/kustomize/kustomization.yaml b/kustomize/kustomization.yaml
new file mode 100644
index 0000000..b951bf4
--- /dev/null
+++ b/kustomize/kustomization.yaml
@@ -0,0 +1,7 @@
+---
+
+resources:
+  - all.yaml
+
+# plugin configuration gets injected here:
+
diff --git a/kustomize/kustomize.sh b/kustomize/kustomize.sh
new file mode 100755
index 0000000..be52192
--- /dev/null
+++ b/kustomize/kustomize.sh
@@ -0,0 +1,6 @@
+#!/bin/sh
+
+umask 077
+cat > /kustomize/all.yaml
+kustomize build /kustomize
+rm /kustomize/all.yaml
diff --git a/main.go b/main.go
index 20f5beb..682bfae 100644
--- a/main.go
+++ b/main.go
@@ -35,14 +35,15 @@ type (
 		Release   string `envconfig:"RELEASE" required:"true"`       // helm release name
 		Namespace string `envconfig:"NAMESPACE" required:"true"`     // kubernets and helm namespace
 
-		Lint                     bool `envconfig:"LINT" default:"true"`                        // helm lint option
-		Atomic                   bool `envconfig:"ATOMIC" default:"true"`                      // helm atomic option
-		Wait                     bool `envconfig:"WAIT" default:"true"`                        // helm wait option
-		Force                    bool `envconfig:"FORCE" default:"false"`                      // helm force option
-		Cleanup                  bool `envconfig:"CLEANUP_ON_FAIL" default:"false"`            // helm cleanup option
-		DryRun                   bool `envconfig:"DRY_RUN" default:"false"`                    // helm dryrun option
-		HelmDebug                bool `envconfig:"HELM_DEBUG" default:"true"`                  // helm debug option
-		DisableOpenAPIValidation bool `envconfig:"DISABLE_OPENAPI_VALIDATION" default:"false"` // helm openapivalidation option
+		Lint                     bool   `envconfig:"LINT" default:"true"`                        // helm lint option
+		Atomic                   bool   `envconfig:"ATOMIC" default:"true"`                      // helm atomic option
+		Wait                     bool   `envconfig:"WAIT" default:"true"`                        // helm wait option
+		Force                    bool   `envconfig:"FORCE" default:"false"`                      // helm force option
+		Cleanup                  bool   `envconfig:"CLEANUP_ON_FAIL" default:"false"`            // helm cleanup option
+		DryRun                   bool   `envconfig:"DRY_RUN" default:"false"`                    // helm dryrun option
+		HelmDebug                bool   `envconfig:"HELM_DEBUG" default:"true"`                  // helm debug option
+		DisableOpenAPIValidation bool   `envconfig:"DISABLE_OPENAPI_VALIDATION" default:"false"` // helm openapivalidation option
+		PostKustomization        string `envconfig:"POST_KUSTOMIZATION" default:""`              // runs a customization of the generated output
 
 		HelmRepos          []string `envconfig:"HELM_REPOS"`                          // additonal helm repos
 		BuildDependencies  bool     `envconfig:"BUILD_DEPENDENCIES" default:"true"`   // helm dependency build option
@@ -172,6 +173,7 @@ func main() {
 		helm.WithDryRun(cfg.DryRun),
 		helm.WithDebug(cfg.HelmDebug),
 		helm.WithDisableOpenAPIValidation(cfg.DisableOpenAPIValidation),
+		helm.WithPostKustomization(cfg.PostKustomization),
 
 		helm.WithHelmRepos(cfg.HelmRepos),
 		helm.WithBuildDependencies(cfg.BuildDependencies, cfg.Chart),