OPSEXP-2390: add an example chart for educational purpose (#1084)

.github/workflows/helm-community.yml

@@ -19,9 +19,40 @@ concurrency:
   group: helm-com-${{ github.head_ref || github.ref_name }}
   cancel-in-progress: true
 jobs:
+  build_vars:
+    runs-on: ubuntu-latest
+    outputs:
+      ver_json: ${{ steps.app_versions.outputs.json }}
+    steps:
+      - uses: actions/checkout@v4
+        with:
+          fetch-depth: 0
+      - name: Get charts
+        id: getcharts
+        uses: ./.github/actions/charts-as-json
+        with:
+          charts-root: helm
+      - name: Keep only ACS enterprise
+        id: app_versions
+        env:
+          JSON: ${{ toJSON(fromJSON(steps.getcharts.outputs.all)) }}
+          JQ_FILTER: >-
+            [inputs | .charts[] | {name: .name, values: .values[]}
+            | select(.values=="community_values.yaml" or .name=="acs-sso-example")]
+        run: |
+          echo "${JSON}" | jq -nc '${{ env.JQ_FILTER }}'
+          VERS=$(echo "${JSON}" | jq -nc '${{ env.JQ_FILTER }}')
+          echo "json=$VERS" >> $GITHUB_OUTPUT
+
   community_charts:
     runs-on: ubuntu-latest
     timeout-minutes: 10
+    needs:
+      - build_vars
+    strategy:
+      fail-fast: false
+      matrix:
+        include: ${{ fromJSON(needs.build_vars.outputs.ver_json) }}
     steps:
       - uses: actions/checkout@v4
 
@@ -55,14 +86,15 @@ jobs:
 
       - name: Helm install
         run: |
-          helm dep up ./helm/alfresco-content-services
-          helm install acs ./helm/alfresco-content-services \
+          helm dep up .
+          helm install ${{ matrix.name }} . \
             --set global.search.sharedSecret="$(openssl rand -hex 24)" \
             --set global.known_urls=http://localhost \
             --set global.alfrescoRegistryPullSecrets=regcred \
             --wait --timeout 5m0s \
-            --values helm/alfresco-content-services/community_values.yaml \
-            --values test/community-integration-test-values.yaml
+            --values ${{ matrix.values }} \
+            --values ../../test/community-integration-test-values.yaml
+        working-directory: helm/${{ matrix.name }}
 
       - name: Spit cluster status
         if: always()
@@ -76,6 +108,7 @@ jobs:
 
       - uses: nick-fields/retry@v2
         id: newman
+        if: matrix.name == 'alfresco-content-services'
         with:
           timeout_minutes: 1
           retry_wait_seconds: 30

.github/workflows/helm-enterprise.yml

@@ -28,34 +28,28 @@ jobs:
         && github.actor != 'dependabot[bot]'
       )
     outputs:
-      app_json: ${{ steps.getcharts.outputs.app }}
       ver_json: ${{ steps.app_versions.outputs.json }}
-      chart_names: ${{ steps.chart_names.outputs.json}}
     steps:
       - uses: actions/checkout@v4
         with:
           fetch-depth: 0
-      - id: getcharts
+      - name: Get charts
+        id: getcharts
         uses: ./.github/actions/charts-as-json
         with:
           charts-root: helm
-      - id: app_versions
+      - name: Keep only ACS enterprise
+        id: app_versions
         env:
           JSON: ${{ toJSON(fromJSON(steps.getcharts.outputs.all)) }}
           JQ_FILTER: >-
-            [inputs | .charts[] | {name: .name, values: .values[]}]
-            | del(.[] | select(.values=="community_values.yaml"))
+            [inputs | .charts[] | {name: .name, values: .values[]}
+            | del(. | select(.values=="community_values.yaml"))
+            | select(.name=="alfresco-content-services")]
         run: |
           echo "${JSON}" | jq -nc '${{ env.JQ_FILTER }}'
           VERS=$(echo "${JSON}" | jq -nc '${{ env.JQ_FILTER }}')
           echo "json=$VERS" >> $GITHUB_OUTPUT
-      - id: chart_names
-        env:
-          JSON: ${{ toJSON(fromJSON(steps.getcharts.outputs.all)) }}
-          JQ_FILTER: $json | [.charts[].name]
-        run: |
-          CHARTS=$(jq -nc --argjson json '${{ env.JSON }}' '${{ env.JQ_FILTER }}')
-          echo "json=$CHARTS" >> $GITHUB_OUTPUT
 
   helm_integration:
     runs-on: alfrescoPub-ubuntu2204-16G-4CPU

.github/workflows/helm-static-checks.yml

@@ -46,8 +46,11 @@ jobs:
           Alfresco/alfresco-build-tools/.github/actions/[email protected]
         with:
           plugin_url: https://github.com/helm-unittest/helm-unittest
-      - run: |
-          helm unittest helm/${{ matrix.charts.name }}
+      - name: Run Helm unit tests if present
+        run: |
+          if [ -d "helm/${{ matrix.charts.name }}/tests" ]; then helm unittest helm/${{ matrix.charts.name }}
+          else echo "${{ matrix.charts.name }} chart has no unit tests... skipping."
+          fi
   helm_yaml_lint:
     needs:
       - build_vars
@@ -65,4 +68,6 @@ jobs:
           Alfresco/alfresco-build-tools/.github/actions/[email protected]
         with:
           chart-dir: helm/${{ matrix.charts.name }}
-          helm-options: --values tests/values/test_values.yaml
+          helm-options: >-
+            --set global.search.sharedSecret=dummy
+            --set global.search.alfrescoRegistryPullSecrets=dummy

.github/workflows/pre-commit-helm.yml

@@ -27,11 +27,15 @@ jobs:
     name: Run pre-commit
     runs-on: ubuntu-latest
     steps:
-      - uses: actions/checkout@v4
+      - uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11  # 4.1.1
       - uses: Alfresco/alfresco-build-tools/.github/actions/[email protected]
       - name: Add dependency chart repos
         run: |
-          helm repo add alfresco-helm-charts https://alfresco.github.io/alfresco-helm-charts
-          helm repo add activiti-cloud-helm-charts https://activiti.github.io/activiti-cloud-helm-charts
-          helm repo add elasticsearch https://helm.elastic.co
-      - uses: pre-commit/[email protected]
+          for repo in $(yq eval-all \
+          '. as $item ireduce ({}; . *+ $item ) | [.dependencies[].repository | select(. == "http*")] | unique | .[]' \
+          ./helm/*/Chart.yaml); do repo_name=$(echo "$repo" | awk -F/ '{print $3}')
+            helm repo add "$repo_name" "$repo"
+          done
+
+      - name: Run  Pre-commit hooks
+        uses: pre-commit/action@646c83fcd040023954eafda54b4db0192ce70507  # v3.0.0

.gitignore

@@ -1,7 +1,7 @@
 *.class
 
-war/overlays
-alfresco/*
+# vim
+.*.swp
 
 # Eclipse
 .classpath

.pre-commit-config.yaml

@@ -31,10 +31,12 @@ repos:
     rev: 2.3.288
     hooks:
       - id: checkov
-        files: \.yaml$
+        types: [yaml]
         args:
           - --quiet
           - --compact
+          - --config-file
+          - .checkov.yaml
   # Docker Compose hooks section (excluded in pre-commit-helm workflow)
   - repo: https://github.com/IamTheFij/docker-pre-commit
     rev: v2.1.1

helm/acs-sso-example/.helmignore

@@ -0,0 +1,23 @@
+# Patterns to ignore when building packages.
+# This supports shell glob matching, relative path matching, and
+# negation (prefixed with !). Only one pattern per line.
+.DS_Store
+# Common VCS dirs
+.git/
+.gitignore
+.bzr/
+.bzrignore
+.hg/
+.hgignore
+.svn/
+# Common backup files
+*.swp
+*.bak
+*.tmp
+*.orig
+*~
+# Various IDEs
+.project
+.idea/
+*.tmproj
+.vscode/

helm/acs-sso-example/Chart.lock

@@ -0,0 +1,21 @@
+dependencies:
+- name: postgresql
+  repository: oci://registry-1.docker.io/bitnamicharts
+  version: 13.4.0
+- name: keycloakx
+  repository: https://codecentric.github.io/helm-charts
+  version: 2.3.0
+- name: alfresco-repository
+  repository: https://alfresco.github.io/alfresco-helm-charts/
+  version: 0.1.3
+- name: activemq
+  repository: https://alfresco.github.io/alfresco-helm-charts/
+  version: 3.4.1
+- name: alfresco-share
+  repository: https://alfresco.github.io/alfresco-helm-charts/
+  version: 0.3.0
+- name: common
+  repository: https://activiti.github.io/activiti-cloud-helm-charts
+  version: 8.2.0
+digest: sha256:ace366990857f02b8ea2848d2f7ac9c6fa7825e5b0176dc061bcd35e623ac318
+generated: "2024-01-25T23:34:16.851973+01:00"

helm/acs-sso-example/Chart.yaml

@@ -0,0 +1,50 @@
+apiVersion: v2
+name: acs-sso-example
+description: |
+  An example Chart to demonstrate how to compose your own Alfresco platform
+  with SSO on kubernetes using a nthrid party Keycloak.
+  if you're familiar with [Helm](ttps://helm.sh) &
+  [Kubernetes](https://kubernetes.io) taking a look at the `values.yaml` should
+  be enough but the principals are also documented in two differents steps:
+
+  * Composing your ACS from individual component charts we provide.
+    Check the [step by step documentation](./docs/step-by-step-guide.md)
+  * SSO integration, to add keycloak and configure Alfresco applications
+    accordingly: [SSO guide](./docs/step-by-step-guide.md)
+
+  > Note: this chart is just an example that can run on a localhost only.
+  > It ships ACS repo, the repository database, the message broker, the
+  > Keycloak IdP and front end applications (Share and Content app) & no other
+  > component.
+
+  :warning: All components have persistence disabled so all data is lost after a
+  deployment is destroyed or rolled back!
+
+type: application
+version: 0.1.0
+appVersion: 23.2.0-A12
+home: https://www.alfresco.com
+sources:
+  - https://github.com/Alfresco/acs-deployment/helm/acs-sso-example
+dependencies:
+  - name: postgresql
+    repository: oci://registry-1.docker.io/bitnamicharts
+    version: 13.4.0
+    alias: repository-database
+  - name: keycloakx
+    repository: https://codecentric.github.io/helm-charts
+    version: 2.3.0
+  - name: alfresco-repository
+    repository: https://alfresco.github.io/alfresco-helm-charts/
+    version: 0.1.3
+  - name: activemq
+    repository: https://alfresco.github.io/alfresco-helm-charts/
+    version: 3.4.1
+  - name: alfresco-share
+    repository: https://alfresco.github.io/alfresco-helm-charts/
+    version: 0.3.0
+  - name: common
+    alias: alfresco-content-app
+    repository: https://activiti.github.io/activiti-cloud-helm-charts
+    version: 8.2.0
+icon: https://avatars0.githubusercontent.com/u/391127?s=200&v=4