From ef427d5b27c2874aa2a8076dae1314373bbdae0e Mon Sep 17 00:00:00 2001 From: shubham-stepsecurity Date: Wed, 19 Jun 2024 21:20:08 +0530 Subject: [PATCH] initial release --- .github/workflows/actions_release.yml | 21 ++ .github/workflows/test.yml | 18 ++ .gitignore | 15 ++ Dockerfile | 8 + LICENSE | 201 ++++++++++++++++ README.md | 91 ++++++- SECURITY.md | 5 + action.yml | 77 ++++++ src/entrypoint.sh | 227 ++++++++++++++++++ testdata/README.md | 1 + testdata/notchart/README.md | 1 + testdata/test/.helmignore | 23 ++ testdata/test/Chart.yaml | 23 ++ testdata/test/templates/NOTES.txt | 21 ++ testdata/test/templates/_helpers.tpl | 63 +++++ testdata/test/templates/deployment.yaml | 61 +++++ testdata/test/templates/hpa.yaml | 28 +++ testdata/test/templates/ingress.yaml | 41 ++++ testdata/test/templates/service.yaml | 15 ++ testdata/test/templates/serviceaccount.yaml | 12 + .../test/templates/tests/test-connection.yaml | 15 ++ testdata/test/values.yaml | 79 ++++++ testdata/test1/.helmignore | 23 ++ testdata/test1/Chart.yaml | 23 ++ testdata/test1/templates/NOTES.txt | 21 ++ testdata/test1/templates/_helpers.tpl | 63 +++++ testdata/test1/templates/deployment.yaml | 61 +++++ testdata/test1/templates/hpa.yaml | 28 +++ testdata/test1/templates/ingress.yaml | 41 ++++ testdata/test1/templates/service.yaml | 15 ++ testdata/test1/templates/serviceaccount.yaml | 12 + .../templates/tests/test-connection.yaml | 15 ++ testdata/test1/values.yaml | 79 ++++++ 33 files changed, 1426 insertions(+), 1 deletion(-) create mode 100644 .github/workflows/actions_release.yml create mode 100644 .github/workflows/test.yml create mode 100644 .gitignore create mode 100644 Dockerfile create mode 100644 LICENSE create mode 100644 SECURITY.md create mode 100644 action.yml create mode 100644 src/entrypoint.sh create mode 100644 testdata/README.md create mode 100644 testdata/notchart/README.md create mode 100644 testdata/test/.helmignore create mode 100644 testdata/test/Chart.yaml create mode 100644 testdata/test/templates/NOTES.txt create mode 100644 testdata/test/templates/_helpers.tpl create mode 100644 testdata/test/templates/deployment.yaml create mode 100644 testdata/test/templates/hpa.yaml create mode 100644 testdata/test/templates/ingress.yaml create mode 100644 testdata/test/templates/service.yaml create mode 100644 testdata/test/templates/serviceaccount.yaml create mode 100644 testdata/test/templates/tests/test-connection.yaml create mode 100644 testdata/test/values.yaml create mode 100644 testdata/test1/.helmignore create mode 100644 testdata/test1/Chart.yaml create mode 100644 testdata/test1/templates/NOTES.txt create mode 100644 testdata/test1/templates/_helpers.tpl create mode 100644 testdata/test1/templates/deployment.yaml create mode 100644 testdata/test1/templates/hpa.yaml create mode 100644 testdata/test1/templates/ingress.yaml create mode 100644 testdata/test1/templates/service.yaml create mode 100644 testdata/test1/templates/serviceaccount.yaml create mode 100644 testdata/test1/templates/tests/test-connection.yaml create mode 100644 testdata/test1/values.yaml diff --git a/.github/workflows/actions_release.yml b/.github/workflows/actions_release.yml new file mode 100644 index 0000000..6082ace --- /dev/null +++ b/.github/workflows/actions_release.yml @@ -0,0 +1,21 @@ +name: Release GitHub Actions + +on: + workflow_dispatch: + inputs: + tag: + description: "Tag for the release" + required: true + +permissions: + contents: read + +jobs: + release: + permissions: + actions: read + id-token: write + contents: write + uses: step-security/reusable-workflows/.github/workflows/actions_release.yaml@v1 + with: + tag: "${{ github.event.inputs.tag }}" \ No newline at end of file diff --git a/.github/workflows/test.yml b/.github/workflows/test.yml new file mode 100644 index 0000000..c922076 --- /dev/null +++ b/.github/workflows/test.yml @@ -0,0 +1,18 @@ +name: test + +on: + push: + branch: + - 'main' + - 'helm-*' + +jobs: + release: + runs-on: ubuntu-latest + steps: + - uses: actions/checkout@v2 + - name: Publish helm chart + uses: ./ + with: + token: ${{ secrets.GITHUB_TOKEN }} + charts_dir: testdata diff --git a/.gitignore b/.gitignore new file mode 100644 index 0000000..66fd13c --- /dev/null +++ b/.gitignore @@ -0,0 +1,15 @@ +# Binaries for programs and plugins +*.exe +*.exe~ +*.dll +*.so +*.dylib + +# Test binary, built with `go test -c` +*.test + +# Output of the go coverage tool, specifically when used with LiteIDE +*.out + +# Dependency directories (remove the comment below to include it) +# vendor/ diff --git a/Dockerfile b/Dockerfile new file mode 100644 index 0000000..841c238 --- /dev/null +++ b/Dockerfile @@ -0,0 +1,8 @@ +FROM stefanprodan/alpine-base:latest + +RUN apk --no-cache add git + +COPY src/entrypoint.sh /entrypoint.sh +RUN chmod +x /entrypoint.sh + +ENTRYPOINT ["/entrypoint.sh"] diff --git a/LICENSE b/LICENSE new file mode 100644 index 0000000..261eeb9 --- /dev/null +++ b/LICENSE @@ -0,0 +1,201 @@ + Apache License + Version 2.0, January 2004 + http://www.apache.org/licenses/ + + TERMS AND CONDITIONS FOR USE, REPRODUCTION, AND DISTRIBUTION + + 1. Definitions. + + "License" shall mean the terms and conditions for use, reproduction, + and distribution as defined by Sections 1 through 9 of this document. + + "Licensor" shall mean the copyright owner or entity authorized by + the copyright owner that is granting the License. + + "Legal Entity" shall mean the union of the acting entity and all + other entities that control, are controlled by, or are under common + control with that entity. For the purposes of this definition, + "control" means (i) the power, direct or indirect, to cause the + direction or management of such entity, whether by contract or + otherwise, or (ii) ownership of fifty percent (50%) or more of the + outstanding shares, or (iii) beneficial ownership of such entity. + + "You" (or "Your") shall mean an individual or Legal Entity + exercising permissions granted by this License. + + "Source" form shall mean the preferred form for making modifications, + including but not limited to software source code, documentation + source, and configuration files. + + "Object" form shall mean any form resulting from mechanical + transformation or translation of a Source form, including but + not limited to compiled object code, generated documentation, + and conversions to other media types. + + "Work" shall mean the work of authorship, whether in Source or + Object form, made available under the License, as indicated by a + copyright notice that is included in or attached to the work + (an example is provided in the Appendix below). + + "Derivative Works" shall mean any work, whether in Source or Object + form, that is based on (or derived from) the Work and for which the + editorial revisions, annotations, elaborations, or other modifications + represent, as a whole, an original work of authorship. For the purposes + of this License, Derivative Works shall not include works that remain + separable from, or merely link (or bind by name) to the interfaces of, + the Work and Derivative Works thereof. + + "Contribution" shall mean any work of authorship, including + the original version of the Work and any modifications or additions + to that Work or Derivative Works thereof, that is intentionally + submitted to Licensor for inclusion in the Work by the copyright owner + or by an individual or Legal Entity authorized to submit on behalf of + the copyright owner. For the purposes of this definition, "submitted" + means any form of electronic, verbal, or written communication sent + to the Licensor or its representatives, including but not limited to + communication on electronic mailing lists, source code control systems, + and issue tracking systems that are managed by, or on behalf of, the + Licensor for the purpose of discussing and improving the Work, but + excluding communication that is conspicuously marked or otherwise + designated in writing by the copyright owner as "Not a Contribution." + + "Contributor" shall mean Licensor and any individual or Legal Entity + on behalf of whom a Contribution has been received by Licensor and + subsequently incorporated within the Work. + + 2. Grant of Copyright License. Subject to the terms and conditions of + this License, each Contributor hereby grants to You a perpetual, + worldwide, non-exclusive, no-charge, royalty-free, irrevocable + copyright license to reproduce, prepare Derivative Works of, + publicly display, publicly perform, sublicense, and distribute the + Work and such Derivative Works in Source or Object form. + + 3. Grant of Patent License. Subject to the terms and conditions of + this License, each Contributor hereby grants to You a perpetual, + worldwide, non-exclusive, no-charge, royalty-free, irrevocable + (except as stated in this section) patent license to make, have made, + use, offer to sell, sell, import, and otherwise transfer the Work, + where such license applies only to those patent claims licensable + by such Contributor that are necessarily infringed by their + Contribution(s) alone or by combination of their Contribution(s) + with the Work to which such Contribution(s) was submitted. If You + institute patent litigation against any entity (including a + cross-claim or counterclaim in a lawsuit) alleging that the Work + or a Contribution incorporated within the Work constitutes direct + or contributory patent infringement, then any patent licenses + granted to You under this License for that Work shall terminate + as of the date such litigation is filed. + + 4. Redistribution. You may reproduce and distribute copies of the + Work or Derivative Works thereof in any medium, with or without + modifications, and in Source or Object form, provided that You + meet the following conditions: + + (a) You must give any other recipients of the Work or + Derivative Works a copy of this License; and + + (b) You must cause any modified files to carry prominent notices + stating that You changed the files; and + + (c) You must retain, in the Source form of any Derivative Works + that You distribute, all copyright, patent, trademark, and + attribution notices from the Source form of the Work, + excluding those notices that do not pertain to any part of + the Derivative Works; and + + (d) If the Work includes a "NOTICE" text file as part of its + distribution, then any Derivative Works that You distribute must + include a readable copy of the attribution notices contained + within such NOTICE file, excluding those notices that do not + pertain to any part of the Derivative Works, in at least one + of the following places: within a NOTICE text file distributed + as part of the Derivative Works; within the Source form or + documentation, if provided along with the Derivative Works; or, + within a display generated by the Derivative Works, if and + wherever such third-party notices normally appear. The contents + of the NOTICE file are for informational purposes only and + do not modify the License. You may add Your own attribution + notices within Derivative Works that You distribute, alongside + or as an addendum to the NOTICE text from the Work, provided + that such additional attribution notices cannot be construed + as modifying the License. + + You may add Your own copyright statement to Your modifications and + may provide additional or different license terms and conditions + for use, reproduction, or distribution of Your modifications, or + for any such Derivative Works as a whole, provided Your use, + reproduction, and distribution of the Work otherwise complies with + the conditions stated in this License. + + 5. Submission of Contributions. Unless You explicitly state otherwise, + any Contribution intentionally submitted for inclusion in the Work + by You to the Licensor shall be under the terms and conditions of + this License, without any additional terms or conditions. + Notwithstanding the above, nothing herein shall supersede or modify + the terms of any separate license agreement you may have executed + with Licensor regarding such Contributions. + + 6. Trademarks. This License does not grant permission to use the trade + names, trademarks, service marks, or product names of the Licensor, + except as required for reasonable and customary use in describing the + origin of the Work and reproducing the content of the NOTICE file. + + 7. Disclaimer of Warranty. Unless required by applicable law or + agreed to in writing, Licensor provides the Work (and each + Contributor provides its Contributions) on an "AS IS" BASIS, + WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or + implied, including, without limitation, any warranties or conditions + of TITLE, NON-INFRINGEMENT, MERCHANTABILITY, or FITNESS FOR A + PARTICULAR PURPOSE. You are solely responsible for determining the + appropriateness of using or redistributing the Work and assume any + risks associated with Your exercise of permissions under this License. + + 8. Limitation of Liability. In no event and under no legal theory, + whether in tort (including negligence), contract, or otherwise, + unless required by applicable law (such as deliberate and grossly + negligent acts) or agreed to in writing, shall any Contributor be + liable to You for damages, including any direct, indirect, special, + incidental, or consequential damages of any character arising as a + result of this License or out of the use or inability to use the + Work (including but not limited to damages for loss of goodwill, + work stoppage, computer failure or malfunction, or any and all + other commercial damages or losses), even if such Contributor + has been advised of the possibility of such damages. + + 9. Accepting Warranty or Additional Liability. While redistributing + the Work or Derivative Works thereof, You may choose to offer, + and charge a fee for, acceptance of support, warranty, indemnity, + or other liability obligations and/or rights consistent with this + License. However, in accepting such obligations, You may act only + on Your own behalf and on Your sole responsibility, not on behalf + of any other Contributor, and only if You agree to indemnify, + defend, and hold each Contributor harmless for any liability + incurred by, or claims asserted against, such Contributor by reason + of your accepting any such warranty or additional liability. + + END OF TERMS AND CONDITIONS + + APPENDIX: How to apply the Apache License to your work. + + To apply the Apache License to your work, attach the following + boilerplate notice, with the fields enclosed by brackets "[]" + replaced with your own identifying information. (Don't include + the brackets!) The text should be enclosed in the appropriate + comment syntax for the file format. We also recommend that a + file or class name and description of purpose be included on the + same "printed page" as the copyright notice for easier + identification within third-party archives. + + Copyright [yyyy] [name of copyright owner] + + Licensed under the Apache License, Version 2.0 (the "License"); + you may not use this file except in compliance with the License. + You may obtain a copy of the License at + + http://www.apache.org/licenses/LICENSE-2.0 + + Unless required by applicable law or agreed to in writing, software + distributed under the License is distributed on an "AS IS" BASIS, + WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + See the License for the specific language governing permissions and + limitations under the License. diff --git a/README.md b/README.md index 1d4d930..a04e620 100644 --- a/README.md +++ b/README.md @@ -1 +1,90 @@ -# helm-gh-pages \ No newline at end of file +# Helm Publisher + +A GitHub Action for publishing Helm charts with Github Pages. + +## Usage + +Inputs: +* `token` The GitHub token with write access to the target repository +* `charts_dir` The charts directory, defaults to `charts` +* `charts_url` The GitHub Pages URL, defaults to `https://.github.io/` +* `owner` The GitHub user or org that owns this repository, defaults to the owner in `GITHUB_REPOSITORY` env var +* `repository` The GitHub repository, defaults to the `GITHUB_REPOSITORY` env var +* `branch` The branch to publish charts, defaults to `gh-pages` +* `target_dir` The target directory to store the charts, defaults to `.` +* `helm_version` The Helm CLI version, defaults to the latest release +* `linting` Toggle Helm linting, can be disabled by setting it to `off` +* `commit_username` Explicitly specify username for commit back, default to `GITHUB_ACTOR` +* `commit_email` Explicitly specify email for commit back, default to `GITHUB_ACTOR@users.noreply.github.com` +* `app_version` Explicitly specify app version in package. If not defined then used chart values. +* `chart_version` Explicitly specify chart version in package. If not defined then used chart values. +* `index_dir` The location of `index.yaml` file in the repo, defaults to the same value as `target_dir` +* `enterprise_url` The URL of enterprise github server in the format `/` +* `dependencies` A list of helm repositories required to verify dependencies in the format `,;,` or if using private repositories `,,,;,,,`. Combinations are allowed. + +## Examples + +Package and push all charts in `./charts` dir to `gh-pages` branch: + +```yaml +name: release +on: + push: + tags: '*' + +jobs: + release: + runs-on: ubuntu-latest + steps: + - uses: actions/checkout@v2 + - name: Publish Helm charts + uses: step-security/helm-gh-pages@main + with: + token: ${{ secrets.GITHUB_TOKEN }} +``` + +Package and push charts in `./chart` dir to `gh-pages` branch in a different repository: + +```yaml +name: release-chart +on: + push: + tags: 'chart-*' + +jobs: + release-chart: + runs-on: ubuntu-latest + steps: + - uses: actions/checkout@v2 + - name: Publish Helm chart + uses: step-security/helm-gh-pages@main + with: + token: ${{ secrets.BOT_GITHUB_TOKEN }} + charts_dir: chart + charts_url: https://charts.fluxcd.io + owner: fluxcd + repository: charts + branch: gh-pages + target_dir: charts + commit_username: johndoe + commit_email: johndoe@example.com +``` +Package chart with specified chart & app versions and push all charts in `./charts` dir to `gh-pages` branch: +```yaml +name: release +on: + push: + tags: '*' + +jobs: + release: + runs-on: ubuntu-latest + steps: + - uses: actions/checkout@v2 + - name: Publish Helm charts + uses: step-security/helm-gh-pages@main + with: + token: ${{ secrets.GITHUB_TOKEN }} + app_version: 1.16.0 + chart_version: 0.1.0 +``` diff --git a/SECURITY.md b/SECURITY.md new file mode 100644 index 0000000..77568b2 --- /dev/null +++ b/SECURITY.md @@ -0,0 +1,5 @@ +# Security Policy + +## Reporting a Vulnerability + +Please report security vulnerabilities to security@stepsecurity.io diff --git a/action.yml b/action.yml new file mode 100644 index 0000000..946063d --- /dev/null +++ b/action.yml @@ -0,0 +1,77 @@ +name: 'Helm Publisher' +description: 'A GitHub Action for publishing Helm charts with Github Pages' +author: 'Stefan Prodan' +branding: + icon: 'command' + color: 'blue' +inputs: + token: + description: "GitHub token" + required: true + charts_dir: + description: "The charts directory, defaults to `charts`" + required: false + charts_url: + description: "The GitHub Pages URL, defaults to `https://.github.io/`" + required: false + owner: + description: "The GitHub user or org that owns this repository, defaults to `GITHUB_REPOSITORY`" + required: false + repository: + description: "The GitHub repository name, defaults to `GITHUB_REPOSITORY`" + required: false + branch: + description: "The branch to publish charts, defaults to `gh-pages`" + required: false + target_dir: + description: "The target directory to store the charts, defaults to `.`" + required: false + helm_version: + description: "The Helm CLI version" + required: false + linting: + description: "Toggle Helm linting, can be disabled by setting it to 'off'" + required: false + commit_username: + description: "The user name used for the commit user" + required: false + default: ${{ github.actor }} + commit_email: + description: "The email used for the commit user" + required: false + default: ${{ github.actor }}@users.noreply.github.com + app_version: + description: "Set the appVersion on the chart to this version" + required: false + chart_version: + description: "Set the version on the chart to this version" + required: false + index_dir: + description: "The location of `index.yaml` file in the repo, defaults to the same value as `target_dir`" + required: false + enterprise_url: + description: "The URL of enterprise github server in the format '/'" + required: false + dependencies: + description: "A list of helm repositories required to verify dependencies in the format ',;,'" + required: false +runs: + using: 'docker' + image: 'Dockerfile' + args: + - ${{ inputs.token }} + - ${{ inputs.charts_dir }} + - ${{ inputs.charts_url }} + - ${{ inputs.owner }} + - ${{ inputs.repository }} + - ${{ inputs.branch }} + - ${{ inputs.target_dir }} + - ${{ inputs.helm_version }} + - ${{ inputs.linting }} + - ${{ inputs.commit_username }} + - ${{ inputs.commit_email }} + - ${{ inputs.app_version }} + - ${{ inputs.chart_version }} + - ${{ inputs.index_dir }} + - ${{ inputs.enterprise_url }} + - ${{ inputs.dependencies }} diff --git a/src/entrypoint.sh b/src/entrypoint.sh new file mode 100644 index 0000000..0e88e4c --- /dev/null +++ b/src/entrypoint.sh @@ -0,0 +1,227 @@ +#!/usr/bin/env bash + +# Copyright 2020 Stefan Prodan. All rights reserved. +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +set -o errexit +set -o pipefail + +GITHUB_TOKEN=$1 +CHARTS_DIR=$2 +CHARTS_URL=$3 +OWNER=$4 +REPOSITORY=$5 +BRANCH=$6 +TARGET_DIR=$7 +HELM_VERSION=$8 +LINTING=$9 +COMMIT_USERNAME=${10} +COMMIT_EMAIL=${11} +APP_VERSION=${12} +CHART_VERSION=${13} +INDEX_DIR=${14} +ENTERPRISE_URL=${15} +DEPENDENCIES=${16} + +CHARTS=() +CHARTS_TMP_DIR=$(mktemp -d) +REPO_ROOT=$(git rev-parse --show-toplevel) +REPO_URL="" + +main() { + validateSubscription + + if [[ -z "$HELM_VERSION" ]]; then + HELM_VERSION="3.10.0" + fi + + if [[ -z "$CHARTS_DIR" ]]; then + CHARTS_DIR="charts" + fi + + if [[ -z "$OWNER" ]]; then + OWNER=$(cut -d '/' -f 1 <<< "$GITHUB_REPOSITORY") + fi + + if [[ -z "$REPOSITORY" ]]; then + REPOSITORY=$(cut -d '/' -f 2 <<< "$GITHUB_REPOSITORY") + fi + + if [[ -z "$BRANCH" ]]; then + BRANCH="gh-pages" + fi + + if [[ -z "$TARGET_DIR" ]]; then + TARGET_DIR="." + fi + + if [[ -z "$CHARTS_URL" ]]; then + CHARTS_URL="https://${OWNER}.github.io/${REPOSITORY}" + fi + + if [[ "$TARGET_DIR" != "." && "$TARGET_DIR" != "docs" ]]; then + CHARTS_URL="${CHARTS_URL}/${TARGET_DIR}" + fi + + if [[ -z "$REPO_URL" ]]; then + if [[ -z "$ENTERPRISE_URL" ]]; then + REPO_URL="https://x-access-token:${GITHUB_TOKEN}@github.com/${OWNER}/${REPOSITORY}" + else + REPO_URL="https://x-access-token:${GITHUB_TOKEN}@${ENTERPRISE_URL}/${REPOSITORY}" + fi + fi + + if [[ -z "$COMMIT_USERNAME" ]]; then + COMMIT_USERNAME="${GITHUB_ACTOR}" + fi + + if [[ -z "$COMMIT_EMAIL" ]]; then + COMMIT_EMAIL="${GITHUB_ACTOR}@users.noreply.github.com" + fi + + if [[ -z "$INDEX_DIR" ]]; then + INDEX_DIR=${TARGET_DIR} + fi + + locate + download + get_dependencies + dependencies + if [[ "$LINTING" != "off" ]]; then + lint + fi + package + upload +} + +validateSubscription() { + API_URL="https://agent.api.stepsecurity.io/v1/github/$GITHUB_REPOSITORY/actions/subscription" + + # Set a timeout for the curl command (3 seconds) + RESPONSE=$(curl --max-time 3 -s -w "%{http_code}" "$API_URL" -o /dev/null) || true + CURL_EXIT_CODE=${?} + + # Check if the response code is not 200 + if [ $CURL_EXIT_CODE -ne 0 ] || [ "$RESPONSE" != "200" ]; then + if [ -z "$RESPONSE" ] || [ "$RESPONSE" == "000" ] || [ $CURL_EXIT_CODE -ne 0 ]; then + echo "Timeout or API not reachable. Continuing to next step." + else + echo "Subscription is not valid. Reach out to support@stepsecurity.io" + exit 1 + fi + fi +} + +locate() { + for dir in $(find "${CHARTS_DIR}" -type d -mindepth 1 -maxdepth 1); do + if [[ -f "${dir}/Chart.yaml" ]]; then + CHARTS+=("${dir}") + echo "Found chart directory ${dir}" + else + echo "Ignoring non-chart directory ${dir}" + fi + done +} + +download() { + tmpDir=$(mktemp -d) + + pushd $tmpDir >& /dev/null + + curl -sSL https://get.helm.sh/helm-v${HELM_VERSION}-linux-amd64.tar.gz | tar xz + cp linux-amd64/helm /usr/local/bin/helm + + popd >& /dev/null + rm -rf $tmpDir +} + +get_dependencies() { + IFS=';' read -ra dependency <<< "$DEPENDENCIES" + for repos in ${dependency[@]}; do + result=$( echo $repos|awk -F',' '{print NF}' ) + if [[ $result -gt 2 ]]; then + name=$(cut -f 1 -d, <<< "$repos") + username=$(cut -f 2 -d, <<< "$repos") + password=$(cut -f 3 -d, <<< "$repos") + url=$(cut -f 4 -d, <<< "$repos") + helm repo add ${name} --username ${username} --password ${password} ${url} + else + name=$(cut -f 1 -d, <<< "$repos") + url=$(cut -f 2 -d, <<< "$repos") + helm repo add ${name} ${url} + fi + done +} + +dependencies() { + for chart in ${CHARTS[@]}; do + helm dependency update "${chart}" + done +} + +lint() { + helm lint ${CHARTS[*]} +} + +package() { + if [[ ! -z "$APP_VERSION" ]]; then + APP_VERSION_CMD=" --app-version $APP_VERSION" + fi + + if [[ ! -z "$CHART_VERSION" ]]; then + CHART_VERSION_CMD=" --version $CHART_VERSION" + fi + + helm package ${CHARTS[*]} --destination ${CHARTS_TMP_DIR} $APP_VERSION_CMD$CHART_VERSION_CMD +} + +upload() { + tmpDir=$(mktemp -d) + pushd $tmpDir >& /dev/null + + git clone ${REPO_URL} + cd ${REPOSITORY} + git config user.name "${COMMIT_USERNAME}" + git config user.email "${COMMIT_EMAIL}" + git remote set-url origin ${REPO_URL} + git checkout ${BRANCH} + + charts=$(cd ${CHARTS_TMP_DIR} && ls *.tgz | xargs) + + mkdir -p ${INDEX_DIR} + mkdir -p ${TARGET_DIR} + + if [[ -f "${INDEX_DIR}/index.yaml" ]]; then + echo "Found index, merging changes" + helm repo index ${CHARTS_TMP_DIR} --url ${CHARTS_URL} --merge "${INDEX_DIR}/index.yaml" + mv -f ${CHARTS_TMP_DIR}/*.tgz ${TARGET_DIR} + mv -f ${CHARTS_TMP_DIR}/index.yaml ${INDEX_DIR}/index.yaml + else + echo "No index found, generating a new one" + helm repo index ${CHARTS_TMP_DIR} --url ${CHARTS_URL} + mv -f ${CHARTS_TMP_DIR}/*.tgz ${TARGET_DIR} + mv -f ${CHARTS_TMP_DIR}/index.yaml ${INDEX_DIR} + fi + + git add ${TARGET_DIR} + git add ${INDEX_DIR}/index.yaml + + git commit -m "Publish $charts" + git push origin ${BRANCH} + + popd >& /dev/null + rm -rf $tmpDir +} + +main diff --git a/testdata/README.md b/testdata/README.md new file mode 100644 index 0000000..30d74d2 --- /dev/null +++ b/testdata/README.md @@ -0,0 +1 @@ +test \ No newline at end of file diff --git a/testdata/notchart/README.md b/testdata/notchart/README.md new file mode 100644 index 0000000..8542472 --- /dev/null +++ b/testdata/notchart/README.md @@ -0,0 +1 @@ +This folder is not a chart and should be skipped diff --git a/testdata/test/.helmignore b/testdata/test/.helmignore new file mode 100644 index 0000000..0e8a0eb --- /dev/null +++ b/testdata/test/.helmignore @@ -0,0 +1,23 @@ +# Patterns to ignore when building packages. +# This supports shell glob matching, relative path matching, and +# negation (prefixed with !). Only one pattern per line. +.DS_Store +# Common VCS dirs +.git/ +.gitignore +.bzr/ +.bzrignore +.hg/ +.hgignore +.svn/ +# Common backup files +*.swp +*.bak +*.tmp +*.orig +*~ +# Various IDEs +.project +.idea/ +*.tmproj +.vscode/ diff --git a/testdata/test/Chart.yaml b/testdata/test/Chart.yaml new file mode 100644 index 0000000..6e99aa1 --- /dev/null +++ b/testdata/test/Chart.yaml @@ -0,0 +1,23 @@ +apiVersion: v2 +name: test +description: A Helm chart for Kubernetes + +# A chart can be either an 'application' or a 'library' chart. +# +# Application charts are a collection of templates that can be packaged into versioned archives +# to be deployed. +# +# Library charts provide useful utilities or functions for the chart developer. They're included as +# a dependency of application charts to inject those utilities and functions into the rendering +# pipeline. Library charts do not define any templates and therefore cannot be deployed. +type: application + +# This is the chart version. This version number should be incremented each time you make changes +# to the chart and its templates, including the app version. +# Versions are expected to follow Semantic Versioning (https://semver.org/) +version: 0.1.0 + +# This is the version number of the application being deployed. This version number should be +# incremented each time you make changes to the application. Versions are not expected to +# follow Semantic Versioning. They should reflect the version the application is using. +appVersion: 1.16.0 diff --git a/testdata/test/templates/NOTES.txt b/testdata/test/templates/NOTES.txt new file mode 100644 index 0000000..64ad643 --- /dev/null +++ b/testdata/test/templates/NOTES.txt @@ -0,0 +1,21 @@ +1. Get the application URL by running these commands: +{{- if .Values.ingress.enabled }} +{{- range $host := .Values.ingress.hosts }} + {{- range .paths }} + http{{ if $.Values.ingress.tls }}s{{ end }}://{{ $host.host }}{{ . }} + {{- end }} +{{- end }} +{{- else if contains "NodePort" .Values.service.type }} + export NODE_PORT=$(kubectl get --namespace {{ .Release.Namespace }} -o jsonpath="{.spec.ports[0].nodePort}" services {{ include "test.fullname" . }}) + export NODE_IP=$(kubectl get nodes --namespace {{ .Release.Namespace }} -o jsonpath="{.items[0].status.addresses[0].address}") + echo http://$NODE_IP:$NODE_PORT +{{- else if contains "LoadBalancer" .Values.service.type }} + NOTE: It may take a few minutes for the LoadBalancer IP to be available. + You can watch the status of by running 'kubectl get --namespace {{ .Release.Namespace }} svc -w {{ include "test.fullname" . }}' + export SERVICE_IP=$(kubectl get svc --namespace {{ .Release.Namespace }} {{ include "test.fullname" . }} --template "{{"{{ range (index .status.loadBalancer.ingress 0) }}{{.}}{{ end }}"}}") + echo http://$SERVICE_IP:{{ .Values.service.port }} +{{- else if contains "ClusterIP" .Values.service.type }} + export POD_NAME=$(kubectl get pods --namespace {{ .Release.Namespace }} -l "app.kubernetes.io/name={{ include "test.name" . }},app.kubernetes.io/instance={{ .Release.Name }}" -o jsonpath="{.items[0].metadata.name}") + echo "Visit http://127.0.0.1:8080 to use your application" + kubectl --namespace {{ .Release.Namespace }} port-forward $POD_NAME 8080:80 +{{- end }} diff --git a/testdata/test/templates/_helpers.tpl b/testdata/test/templates/_helpers.tpl new file mode 100644 index 0000000..2e8fae9 --- /dev/null +++ b/testdata/test/templates/_helpers.tpl @@ -0,0 +1,63 @@ +{{/* vim: set filetype=mustache: */}} +{{/* +Expand the name of the chart. +*/}} +{{- define "test.name" -}} +{{- default .Chart.Name .Values.nameOverride | trunc 63 | trimSuffix "-" }} +{{- end }} + +{{/* +Create a default fully qualified app name. +We truncate at 63 chars because some Kubernetes name fields are limited to this (by the DNS naming spec). +If release name contains chart name it will be used as a full name. +*/}} +{{- define "test.fullname" -}} +{{- if .Values.fullnameOverride }} +{{- .Values.fullnameOverride | trunc 63 | trimSuffix "-" }} +{{- else }} +{{- $name := default .Chart.Name .Values.nameOverride }} +{{- if contains $name .Release.Name }} +{{- .Release.Name | trunc 63 | trimSuffix "-" }} +{{- else }} +{{- printf "%s-%s" .Release.Name $name | trunc 63 | trimSuffix "-" }} +{{- end }} +{{- end }} +{{- end }} + +{{/* +Create chart name and version as used by the chart label. +*/}} +{{- define "test.chart" -}} +{{- printf "%s-%s" .Chart.Name .Chart.Version | replace "+" "_" | trunc 63 | trimSuffix "-" }} +{{- end }} + +{{/* +Common labels +*/}} +{{- define "test.labels" -}} +helm.sh/chart: {{ include "test.chart" . }} +{{ include "test.selectorLabels" . }} +{{- if .Chart.AppVersion }} +app.kubernetes.io/version: {{ .Chart.AppVersion | quote }} +{{- end }} +app.kubernetes.io/managed-by: {{ .Release.Service }} +{{- end }} + +{{/* +Selector labels +*/}} +{{- define "test.selectorLabels" -}} +app.kubernetes.io/name: {{ include "test.name" . }} +app.kubernetes.io/instance: {{ .Release.Name }} +{{- end }} + +{{/* +Create the name of the service account to use +*/}} +{{- define "test.serviceAccountName" -}} +{{- if .Values.serviceAccount.create }} +{{- default (include "test.fullname" .) .Values.serviceAccount.name }} +{{- else }} +{{- default "default" .Values.serviceAccount.name }} +{{- end }} +{{- end }} diff --git a/testdata/test/templates/deployment.yaml b/testdata/test/templates/deployment.yaml new file mode 100644 index 0000000..83bba8a --- /dev/null +++ b/testdata/test/templates/deployment.yaml @@ -0,0 +1,61 @@ +apiVersion: apps/v1 +kind: Deployment +metadata: + name: {{ include "test.fullname" . }} + labels: + {{- include "test.labels" . | nindent 4 }} +spec: +{{- if not .Values.autoscaling.enabled }} + replicas: {{ .Values.replicaCount }} +{{- end }} + selector: + matchLabels: + {{- include "test.selectorLabels" . | nindent 6 }} + template: + metadata: + {{- with .Values.podAnnotations }} + annotations: + {{- toYaml . | nindent 8 }} + {{- end }} + labels: + {{- include "test.selectorLabels" . | nindent 8 }} + spec: + {{- with .Values.imagePullSecrets }} + imagePullSecrets: + {{- toYaml . | nindent 8 }} + {{- end }} + serviceAccountName: {{ include "test.serviceAccountName" . }} + securityContext: + {{- toYaml .Values.podSecurityContext | nindent 8 }} + containers: + - name: {{ .Chart.Name }} + securityContext: + {{- toYaml .Values.securityContext | nindent 12 }} + image: "{{ .Values.image.repository }}:{{ .Values.image.tag | default .Chart.AppVersion }}" + imagePullPolicy: {{ .Values.image.pullPolicy }} + ports: + - name: http + containerPort: 80 + protocol: TCP + livenessProbe: + httpGet: + path: / + port: http + readinessProbe: + httpGet: + path: / + port: http + resources: + {{- toYaml .Values.resources | nindent 12 }} + {{- with .Values.nodeSelector }} + nodeSelector: + {{- toYaml . | nindent 8 }} + {{- end }} + {{- with .Values.affinity }} + affinity: + {{- toYaml . | nindent 8 }} + {{- end }} + {{- with .Values.tolerations }} + tolerations: + {{- toYaml . | nindent 8 }} + {{- end }} diff --git a/testdata/test/templates/hpa.yaml b/testdata/test/templates/hpa.yaml new file mode 100644 index 0000000..525524d --- /dev/null +++ b/testdata/test/templates/hpa.yaml @@ -0,0 +1,28 @@ +{{- if .Values.autoscaling.enabled }} +apiVersion: autoscaling/v2beta1 +kind: HorizontalPodAutoscaler +metadata: + name: {{ include "test.fullname" . }} + labels: + {{- include "test.labels" . | nindent 4 }} +spec: + scaleTargetRef: + apiVersion: apps/v1 + kind: Deployment + name: {{ include "test.fullname" . }} + minReplicas: {{ .Values.autoscaling.minReplicas }} + maxReplicas: {{ .Values.autoscaling.maxReplicas }} + metrics: + {{- if .Values.autoscaling.targetCPUUtilizationPercentage }} + - type: Resource + resource: + name: cpu + targetAverageUtilization: {{ .Values.autoscaling.targetCPUUtilizationPercentage }} + {{- end }} + {{- if .Values.autoscaling.targetMemoryUtilizationPercentage }} + - type: Resource + resource: + name: memory + targetAverageUtilization: {{ .Values.autoscaling.targetMemoryUtilizationPercentage }} + {{- end }} +{{- end }} diff --git a/testdata/test/templates/ingress.yaml b/testdata/test/templates/ingress.yaml new file mode 100644 index 0000000..f27da7f --- /dev/null +++ b/testdata/test/templates/ingress.yaml @@ -0,0 +1,41 @@ +{{- if .Values.ingress.enabled -}} +{{- $fullName := include "test.fullname" . -}} +{{- $svcPort := .Values.service.port -}} +{{- if semverCompare ">=1.14-0" .Capabilities.KubeVersion.GitVersion -}} +apiVersion: networking.k8s.io/v1beta1 +{{- else -}} +apiVersion: extensions/v1beta1 +{{- end }} +kind: Ingress +metadata: + name: {{ $fullName }} + labels: + {{- include "test.labels" . | nindent 4 }} + {{- with .Values.ingress.annotations }} + annotations: + {{- toYaml . | nindent 4 }} + {{- end }} +spec: + {{- if .Values.ingress.tls }} + tls: + {{- range .Values.ingress.tls }} + - hosts: + {{- range .hosts }} + - {{ . | quote }} + {{- end }} + secretName: {{ .secretName }} + {{- end }} + {{- end }} + rules: + {{- range .Values.ingress.hosts }} + - host: {{ .host | quote }} + http: + paths: + {{- range .paths }} + - path: {{ . }} + backend: + serviceName: {{ $fullName }} + servicePort: {{ $svcPort }} + {{- end }} + {{- end }} + {{- end }} diff --git a/testdata/test/templates/service.yaml b/testdata/test/templates/service.yaml new file mode 100644 index 0000000..af7828a --- /dev/null +++ b/testdata/test/templates/service.yaml @@ -0,0 +1,15 @@ +apiVersion: v1 +kind: Service +metadata: + name: {{ include "test.fullname" . }} + labels: + {{- include "test.labels" . | nindent 4 }} +spec: + type: {{ .Values.service.type }} + ports: + - port: {{ .Values.service.port }} + targetPort: http + protocol: TCP + name: http + selector: + {{- include "test.selectorLabels" . | nindent 4 }} diff --git a/testdata/test/templates/serviceaccount.yaml b/testdata/test/templates/serviceaccount.yaml new file mode 100644 index 0000000..6ac0256 --- /dev/null +++ b/testdata/test/templates/serviceaccount.yaml @@ -0,0 +1,12 @@ +{{- if .Values.serviceAccount.create -}} +apiVersion: v1 +kind: ServiceAccount +metadata: + name: {{ include "test.serviceAccountName" . }} + labels: + {{- include "test.labels" . | nindent 4 }} + {{- with .Values.serviceAccount.annotations }} + annotations: + {{- toYaml . | nindent 4 }} + {{- end }} +{{- end }} diff --git a/testdata/test/templates/tests/test-connection.yaml b/testdata/test/templates/tests/test-connection.yaml new file mode 100644 index 0000000..cd42d51 --- /dev/null +++ b/testdata/test/templates/tests/test-connection.yaml @@ -0,0 +1,15 @@ +apiVersion: v1 +kind: Pod +metadata: + name: "{{ include "test.fullname" . }}-test-connection" + labels: + {{- include "test.labels" . | nindent 4 }} + annotations: + "helm.sh/hook": test-success +spec: + containers: + - name: wget + image: busybox + command: ['wget'] + args: ['{{ include "test.fullname" . }}:{{ .Values.service.port }}'] + restartPolicy: Never diff --git a/testdata/test/values.yaml b/testdata/test/values.yaml new file mode 100644 index 0000000..6ae05ec --- /dev/null +++ b/testdata/test/values.yaml @@ -0,0 +1,79 @@ +# Default values for test. +# This is a YAML-formatted file. +# Declare variables to be passed into your templates. + +replicaCount: 1 + +image: + repository: nginx + pullPolicy: IfNotPresent + # Overrides the image tag whose default is the chart appVersion. + tag: "" + +imagePullSecrets: [] +nameOverride: "" +fullnameOverride: "" + +serviceAccount: + # Specifies whether a service account should be created + create: true + # Annotations to add to the service account + annotations: {} + # The name of the service account to use. + # If not set and create is true, a name is generated using the fullname template + name: "" + +podAnnotations: {} + +podSecurityContext: {} + # fsGroup: 2000 + +securityContext: {} + # capabilities: + # drop: + # - ALL + # readOnlyRootFilesystem: true + # runAsNonRoot: true + # runAsUser: 1000 + +service: + type: ClusterIP + port: 80 + +ingress: + enabled: false + annotations: {} + # kubernetes.io/ingress.class: nginx + # kubernetes.io/tls-acme: "true" + hosts: + - host: chart-example.local + paths: [] + tls: [] + # - secretName: chart-example-tls + # hosts: + # - chart-example.local + +resources: {} + # We usually recommend not to specify default resources and to leave this as a conscious + # choice for the user. This also increases chances charts run on environments with little + # resources, such as Minikube. If you do want to specify resources, uncomment the following + # lines, adjust them as necessary, and remove the curly braces after 'resources:'. + # limits: + # cpu: 100m + # memory: 128Mi + # requests: + # cpu: 100m + # memory: 128Mi + +autoscaling: + enabled: false + minReplicas: 1 + maxReplicas: 100 + targetCPUUtilizationPercentage: 80 + # targetMemoryUtilizationPercentage: 80 + +nodeSelector: {} + +tolerations: [] + +affinity: {} diff --git a/testdata/test1/.helmignore b/testdata/test1/.helmignore new file mode 100644 index 0000000..0e8a0eb --- /dev/null +++ b/testdata/test1/.helmignore @@ -0,0 +1,23 @@ +# Patterns to ignore when building packages. +# This supports shell glob matching, relative path matching, and +# negation (prefixed with !). Only one pattern per line. +.DS_Store +# Common VCS dirs +.git/ +.gitignore +.bzr/ +.bzrignore +.hg/ +.hgignore +.svn/ +# Common backup files +*.swp +*.bak +*.tmp +*.orig +*~ +# Various IDEs +.project +.idea/ +*.tmproj +.vscode/ diff --git a/testdata/test1/Chart.yaml b/testdata/test1/Chart.yaml new file mode 100644 index 0000000..2b7685b --- /dev/null +++ b/testdata/test1/Chart.yaml @@ -0,0 +1,23 @@ +apiVersion: v2 +name: test1 +description: A Helm chart for Kubernetes + +# A chart can be either an 'application' or a 'library' chart. +# +# Application charts are a collection of templates that can be packaged into versioned archives +# to be deployed. +# +# Library charts provide useful utilities or functions for the chart developer. They're included as +# a dependency of application charts to inject those utilities and functions into the rendering +# pipeline. Library charts do not define any templates and therefore cannot be deployed. +type: application + +# This is the chart version. This version number should be incremented each time you make changes +# to the chart and its templates, including the app version. +# Versions are expected to follow Semantic Versioning (https://semver.org/) +version: 0.2.0 + +# This is the version number of the application being deployed. This version number should be +# incremented each time you make changes to the application. Versions are not expected to +# follow Semantic Versioning. They should reflect the version the application is using. +appVersion: 1.17.0 diff --git a/testdata/test1/templates/NOTES.txt b/testdata/test1/templates/NOTES.txt new file mode 100644 index 0000000..64ad643 --- /dev/null +++ b/testdata/test1/templates/NOTES.txt @@ -0,0 +1,21 @@ +1. Get the application URL by running these commands: +{{- if .Values.ingress.enabled }} +{{- range $host := .Values.ingress.hosts }} + {{- range .paths }} + http{{ if $.Values.ingress.tls }}s{{ end }}://{{ $host.host }}{{ . }} + {{- end }} +{{- end }} +{{- else if contains "NodePort" .Values.service.type }} + export NODE_PORT=$(kubectl get --namespace {{ .Release.Namespace }} -o jsonpath="{.spec.ports[0].nodePort}" services {{ include "test.fullname" . }}) + export NODE_IP=$(kubectl get nodes --namespace {{ .Release.Namespace }} -o jsonpath="{.items[0].status.addresses[0].address}") + echo http://$NODE_IP:$NODE_PORT +{{- else if contains "LoadBalancer" .Values.service.type }} + NOTE: It may take a few minutes for the LoadBalancer IP to be available. + You can watch the status of by running 'kubectl get --namespace {{ .Release.Namespace }} svc -w {{ include "test.fullname" . }}' + export SERVICE_IP=$(kubectl get svc --namespace {{ .Release.Namespace }} {{ include "test.fullname" . }} --template "{{"{{ range (index .status.loadBalancer.ingress 0) }}{{.}}{{ end }}"}}") + echo http://$SERVICE_IP:{{ .Values.service.port }} +{{- else if contains "ClusterIP" .Values.service.type }} + export POD_NAME=$(kubectl get pods --namespace {{ .Release.Namespace }} -l "app.kubernetes.io/name={{ include "test.name" . }},app.kubernetes.io/instance={{ .Release.Name }}" -o jsonpath="{.items[0].metadata.name}") + echo "Visit http://127.0.0.1:8080 to use your application" + kubectl --namespace {{ .Release.Namespace }} port-forward $POD_NAME 8080:80 +{{- end }} diff --git a/testdata/test1/templates/_helpers.tpl b/testdata/test1/templates/_helpers.tpl new file mode 100644 index 0000000..2e8fae9 --- /dev/null +++ b/testdata/test1/templates/_helpers.tpl @@ -0,0 +1,63 @@ +{{/* vim: set filetype=mustache: */}} +{{/* +Expand the name of the chart. +*/}} +{{- define "test.name" -}} +{{- default .Chart.Name .Values.nameOverride | trunc 63 | trimSuffix "-" }} +{{- end }} + +{{/* +Create a default fully qualified app name. +We truncate at 63 chars because some Kubernetes name fields are limited to this (by the DNS naming spec). +If release name contains chart name it will be used as a full name. +*/}} +{{- define "test.fullname" -}} +{{- if .Values.fullnameOverride }} +{{- .Values.fullnameOverride | trunc 63 | trimSuffix "-" }} +{{- else }} +{{- $name := default .Chart.Name .Values.nameOverride }} +{{- if contains $name .Release.Name }} +{{- .Release.Name | trunc 63 | trimSuffix "-" }} +{{- else }} +{{- printf "%s-%s" .Release.Name $name | trunc 63 | trimSuffix "-" }} +{{- end }} +{{- end }} +{{- end }} + +{{/* +Create chart name and version as used by the chart label. +*/}} +{{- define "test.chart" -}} +{{- printf "%s-%s" .Chart.Name .Chart.Version | replace "+" "_" | trunc 63 | trimSuffix "-" }} +{{- end }} + +{{/* +Common labels +*/}} +{{- define "test.labels" -}} +helm.sh/chart: {{ include "test.chart" . }} +{{ include "test.selectorLabels" . }} +{{- if .Chart.AppVersion }} +app.kubernetes.io/version: {{ .Chart.AppVersion | quote }} +{{- end }} +app.kubernetes.io/managed-by: {{ .Release.Service }} +{{- end }} + +{{/* +Selector labels +*/}} +{{- define "test.selectorLabels" -}} +app.kubernetes.io/name: {{ include "test.name" . }} +app.kubernetes.io/instance: {{ .Release.Name }} +{{- end }} + +{{/* +Create the name of the service account to use +*/}} +{{- define "test.serviceAccountName" -}} +{{- if .Values.serviceAccount.create }} +{{- default (include "test.fullname" .) .Values.serviceAccount.name }} +{{- else }} +{{- default "default" .Values.serviceAccount.name }} +{{- end }} +{{- end }} diff --git a/testdata/test1/templates/deployment.yaml b/testdata/test1/templates/deployment.yaml new file mode 100644 index 0000000..83bba8a --- /dev/null +++ b/testdata/test1/templates/deployment.yaml @@ -0,0 +1,61 @@ +apiVersion: apps/v1 +kind: Deployment +metadata: + name: {{ include "test.fullname" . }} + labels: + {{- include "test.labels" . | nindent 4 }} +spec: +{{- if not .Values.autoscaling.enabled }} + replicas: {{ .Values.replicaCount }} +{{- end }} + selector: + matchLabels: + {{- include "test.selectorLabels" . | nindent 6 }} + template: + metadata: + {{- with .Values.podAnnotations }} + annotations: + {{- toYaml . | nindent 8 }} + {{- end }} + labels: + {{- include "test.selectorLabels" . | nindent 8 }} + spec: + {{- with .Values.imagePullSecrets }} + imagePullSecrets: + {{- toYaml . | nindent 8 }} + {{- end }} + serviceAccountName: {{ include "test.serviceAccountName" . }} + securityContext: + {{- toYaml .Values.podSecurityContext | nindent 8 }} + containers: + - name: {{ .Chart.Name }} + securityContext: + {{- toYaml .Values.securityContext | nindent 12 }} + image: "{{ .Values.image.repository }}:{{ .Values.image.tag | default .Chart.AppVersion }}" + imagePullPolicy: {{ .Values.image.pullPolicy }} + ports: + - name: http + containerPort: 80 + protocol: TCP + livenessProbe: + httpGet: + path: / + port: http + readinessProbe: + httpGet: + path: / + port: http + resources: + {{- toYaml .Values.resources | nindent 12 }} + {{- with .Values.nodeSelector }} + nodeSelector: + {{- toYaml . | nindent 8 }} + {{- end }} + {{- with .Values.affinity }} + affinity: + {{- toYaml . | nindent 8 }} + {{- end }} + {{- with .Values.tolerations }} + tolerations: + {{- toYaml . | nindent 8 }} + {{- end }} diff --git a/testdata/test1/templates/hpa.yaml b/testdata/test1/templates/hpa.yaml new file mode 100644 index 0000000..525524d --- /dev/null +++ b/testdata/test1/templates/hpa.yaml @@ -0,0 +1,28 @@ +{{- if .Values.autoscaling.enabled }} +apiVersion: autoscaling/v2beta1 +kind: HorizontalPodAutoscaler +metadata: + name: {{ include "test.fullname" . }} + labels: + {{- include "test.labels" . | nindent 4 }} +spec: + scaleTargetRef: + apiVersion: apps/v1 + kind: Deployment + name: {{ include "test.fullname" . }} + minReplicas: {{ .Values.autoscaling.minReplicas }} + maxReplicas: {{ .Values.autoscaling.maxReplicas }} + metrics: + {{- if .Values.autoscaling.targetCPUUtilizationPercentage }} + - type: Resource + resource: + name: cpu + targetAverageUtilization: {{ .Values.autoscaling.targetCPUUtilizationPercentage }} + {{- end }} + {{- if .Values.autoscaling.targetMemoryUtilizationPercentage }} + - type: Resource + resource: + name: memory + targetAverageUtilization: {{ .Values.autoscaling.targetMemoryUtilizationPercentage }} + {{- end }} +{{- end }} diff --git a/testdata/test1/templates/ingress.yaml b/testdata/test1/templates/ingress.yaml new file mode 100644 index 0000000..f27da7f --- /dev/null +++ b/testdata/test1/templates/ingress.yaml @@ -0,0 +1,41 @@ +{{- if .Values.ingress.enabled -}} +{{- $fullName := include "test.fullname" . -}} +{{- $svcPort := .Values.service.port -}} +{{- if semverCompare ">=1.14-0" .Capabilities.KubeVersion.GitVersion -}} +apiVersion: networking.k8s.io/v1beta1 +{{- else -}} +apiVersion: extensions/v1beta1 +{{- end }} +kind: Ingress +metadata: + name: {{ $fullName }} + labels: + {{- include "test.labels" . | nindent 4 }} + {{- with .Values.ingress.annotations }} + annotations: + {{- toYaml . | nindent 4 }} + {{- end }} +spec: + {{- if .Values.ingress.tls }} + tls: + {{- range .Values.ingress.tls }} + - hosts: + {{- range .hosts }} + - {{ . | quote }} + {{- end }} + secretName: {{ .secretName }} + {{- end }} + {{- end }} + rules: + {{- range .Values.ingress.hosts }} + - host: {{ .host | quote }} + http: + paths: + {{- range .paths }} + - path: {{ . }} + backend: + serviceName: {{ $fullName }} + servicePort: {{ $svcPort }} + {{- end }} + {{- end }} + {{- end }} diff --git a/testdata/test1/templates/service.yaml b/testdata/test1/templates/service.yaml new file mode 100644 index 0000000..af7828a --- /dev/null +++ b/testdata/test1/templates/service.yaml @@ -0,0 +1,15 @@ +apiVersion: v1 +kind: Service +metadata: + name: {{ include "test.fullname" . }} + labels: + {{- include "test.labels" . | nindent 4 }} +spec: + type: {{ .Values.service.type }} + ports: + - port: {{ .Values.service.port }} + targetPort: http + protocol: TCP + name: http + selector: + {{- include "test.selectorLabels" . | nindent 4 }} diff --git a/testdata/test1/templates/serviceaccount.yaml b/testdata/test1/templates/serviceaccount.yaml new file mode 100644 index 0000000..6ac0256 --- /dev/null +++ b/testdata/test1/templates/serviceaccount.yaml @@ -0,0 +1,12 @@ +{{- if .Values.serviceAccount.create -}} +apiVersion: v1 +kind: ServiceAccount +metadata: + name: {{ include "test.serviceAccountName" . }} + labels: + {{- include "test.labels" . | nindent 4 }} + {{- with .Values.serviceAccount.annotations }} + annotations: + {{- toYaml . | nindent 4 }} + {{- end }} +{{- end }} diff --git a/testdata/test1/templates/tests/test-connection.yaml b/testdata/test1/templates/tests/test-connection.yaml new file mode 100644 index 0000000..cd42d51 --- /dev/null +++ b/testdata/test1/templates/tests/test-connection.yaml @@ -0,0 +1,15 @@ +apiVersion: v1 +kind: Pod +metadata: + name: "{{ include "test.fullname" . }}-test-connection" + labels: + {{- include "test.labels" . | nindent 4 }} + annotations: + "helm.sh/hook": test-success +spec: + containers: + - name: wget + image: busybox + command: ['wget'] + args: ['{{ include "test.fullname" . }}:{{ .Values.service.port }}'] + restartPolicy: Never diff --git a/testdata/test1/values.yaml b/testdata/test1/values.yaml new file mode 100644 index 0000000..6ae05ec --- /dev/null +++ b/testdata/test1/values.yaml @@ -0,0 +1,79 @@ +# Default values for test. +# This is a YAML-formatted file. +# Declare variables to be passed into your templates. + +replicaCount: 1 + +image: + repository: nginx + pullPolicy: IfNotPresent + # Overrides the image tag whose default is the chart appVersion. + tag: "" + +imagePullSecrets: [] +nameOverride: "" +fullnameOverride: "" + +serviceAccount: + # Specifies whether a service account should be created + create: true + # Annotations to add to the service account + annotations: {} + # The name of the service account to use. + # If not set and create is true, a name is generated using the fullname template + name: "" + +podAnnotations: {} + +podSecurityContext: {} + # fsGroup: 2000 + +securityContext: {} + # capabilities: + # drop: + # - ALL + # readOnlyRootFilesystem: true + # runAsNonRoot: true + # runAsUser: 1000 + +service: + type: ClusterIP + port: 80 + +ingress: + enabled: false + annotations: {} + # kubernetes.io/ingress.class: nginx + # kubernetes.io/tls-acme: "true" + hosts: + - host: chart-example.local + paths: [] + tls: [] + # - secretName: chart-example-tls + # hosts: + # - chart-example.local + +resources: {} + # We usually recommend not to specify default resources and to leave this as a conscious + # choice for the user. This also increases chances charts run on environments with little + # resources, such as Minikube. If you do want to specify resources, uncomment the following + # lines, adjust them as necessary, and remove the curly braces after 'resources:'. + # limits: + # cpu: 100m + # memory: 128Mi + # requests: + # cpu: 100m + # memory: 128Mi + +autoscaling: + enabled: false + minReplicas: 1 + maxReplicas: 100 + targetCPUUtilizationPercentage: 80 + # targetMemoryUtilizationPercentage: 80 + +nodeSelector: {} + +tolerations: [] + +affinity: {}