Skip to content

Commit

Permalink
OPSEXP-1851 Add alfresco-common and basic pre-commit (#1)
Browse files Browse the repository at this point in the history
  • Loading branch information
gionn authored Feb 13, 2023
1 parent 2eacf1c commit 0a78ab5
Show file tree
Hide file tree
Showing 16 changed files with 287 additions and 5 deletions.
5 changes: 5 additions & 0 deletions .checkov.yml
Original file line number Diff line number Diff line change
@@ -0,0 +1,5 @@
framework:
- helm
directory:
- charts
skip-check: ~
11 changes: 6 additions & 5 deletions .github/workflows/lint-test.yaml
Original file line number Diff line number Diff line change
@@ -1,6 +1,9 @@
name: Lint and Test Charts

on: pull_request
on:
pull_request:
branches:
- main

jobs:
lint-test:
Expand All @@ -18,8 +21,6 @@ jobs:
with:
version: v3.8.1

# Python is required because `ct lint` runs Yamale (https://github.com/23andMe/Yamale) and
# yamllint (https://github.com/adrienverge/yamllint) which require Python
- name: Set up Python
uses: actions/setup-python@v4
with:
Expand All @@ -33,9 +34,9 @@ jobs:
- name: Run chart-testing (list-changed)
id: list-changed
run: |
changed=$(ct list-changed --config ct.yaml)
changed=$(ct list-changed --config ct-lint.yaml)
if [[ -n "$changed" ]]; then
echo "::set-output name=changed::true"
echo "changed=true" >> $GITHUB_OUTPUT
fi
- name: Run chart-testing (lint)
Expand Down
19 changes: 19 additions & 0 deletions .github/workflows/pre-commit.yaml
Original file line number Diff line number Diff line change
@@ -0,0 +1,19 @@
---
name: Pre-commit

on:
pull_request:
branches:
- main
push:
branches:
- main

jobs:
pre_commit:
name: Run pre-commit
runs-on: ubuntu-latest
steps:
- uses: actions/checkout@v3
- uses: Alfresco/alfresco-build-tools/.github/actions/[email protected]
- uses: pre-commit/[email protected]
20 changes: 20 additions & 0 deletions .pre-commit-config.yaml
Original file line number Diff line number Diff line change
@@ -0,0 +1,20 @@
repos:
- repo: https://github.com/pre-commit/pre-commit-hooks
rev: v4.4.0
hooks:
- id: mixed-line-ending
args: ["--fix=lf"]
- id: end-of-file-fixer
exclude: README.md
- repo: https://github.com/norwoodj/helm-docs
rev: v1.11.0
hooks:
- id: helm-docs
- repo: https://github.com/bridgecrewio/checkov.git
rev: 2.3.3
hooks:
- id: checkov
files: \.yaml$
args:
- --quiet
- --compact
25 changes: 25 additions & 0 deletions charts/alfresco-common/.helmignore
Original file line number Diff line number Diff line change
@@ -0,0 +1,25 @@
# Patterns to ignore when building packages.
# This supports shell glob matching, relative path matching, and
# negation (prefixed with !). Only one pattern per line.
.DS_Store
# Helm unit tests
tests
# Common VCS dirs
.git/
.gitignore
.bzr/
.bzrignore
.hg/
.hgignore
.svn/
# Common backup files
*.swp
*.bak
*.tmp
*.orig
*~
# Various IDEs
.project
.idea/
*.tmproj
.vscode/
6 changes: 6 additions & 0 deletions charts/alfresco-common/Chart.lock
Original file line number Diff line number Diff line change
@@ -0,0 +1,6 @@
dependencies:
- name: common
repository: https://raw.githubusercontent.com/bitnami/charts/archive-full-index/bitnami/
version: 1.17.1
digest: sha256:f5dd11ccf8726befd217545b84a48b02c49d68f03a75e4e102b971ad2e4f0fec
generated: "2022-10-05T16:55:42.662007+02:00"
14 changes: 14 additions & 0 deletions charts/alfresco-common/Chart.yaml
Original file line number Diff line number Diff line change
@@ -0,0 +1,14 @@
---
apiVersion: v2
name: alfresco-common
description: |
A helper subchart to avoid duplication in alfresco charts and set common
external dependencies
type: library
version: 1.0.0
dependencies:
- name: common
repository: >-
https://raw.githubusercontent.com/bitnami/charts/archive-full-index/bitnami/
version: 1.x.x
icon: https://avatars0.githubusercontent.com/u/391127?s=200&v=4
15 changes: 15 additions & 0 deletions charts/alfresco-common/README.md
Original file line number Diff line number Diff line change
@@ -0,0 +1,15 @@
# alfresco-common

![Version: 1.0.0](https://img.shields.io/badge/Version-1.0.0-informational?style=flat-square) ![Type: library](https://img.shields.io/badge/Type-library-informational?style=flat-square)

A helper subchart to avoid duplication in alfresco charts and set common
external dependencies

Please refer to the [documentation](https://github.com/Alfresco/acs-deployment/blob/master/docs/helm/README.md) for information on the Helm charts and deployment instructions.

## Requirements

| Repository | Name | Version |
|------------|------|---------|
| https://raw.githubusercontent.com/bitnami/charts/archive-full-index/bitnami/ | common | 1.x.x |

18 changes: 18 additions & 0 deletions charts/alfresco-common/README.md.gotmpl
Original file line number Diff line number Diff line change
@@ -0,0 +1,18 @@
{{ template "chart.header" . }}
{{ template "chart.deprecationWarning" . }}

{{ template "chart.badgesSection" . }}

{{ template "chart.description" . }}

Please refer to the [documentation](https://github.com/Alfresco/acs-deployment/blob/master/docs/helm/README.md) for information on the Helm charts and deployment instructions.

{{ template "chart.homepageLine" . }}

{{ template "chart.maintainersSection" . }}

{{ template "chart.sourcesSection" . }}

{{ template "chart.requirementsSection" . }}

{{ template "chart.valuesSection" . }}
25 changes: 25 additions & 0 deletions charts/alfresco-common/templates/_helpers-activemq.tpl
Original file line number Diff line number Diff line change
@@ -0,0 +1,25 @@
{{/*
Create a default fully qualified name.
We truncate at 63 chars because some Kubernetes name fields are limited to this (by the DNS naming spec).
*/}}
{{- define "activemq.fullname" -}}
{{- printf "%s-activemq" .Release.Name | trunc 63 | trimSuffix "-" -}}
{{- end -}}

{{- define "activemq.env" -}}
- name: ACTIVEMQ_URL
value: $(BROKER_URL)
- name: ACTIVEMQ_USER
value: $(BROKER_USERNAME)
- name: ACTIVEMQ_PASSWORD
value: $(BROKER_PASSWORD)
{{- end -}}

{{- define "spring.activemq.env" -}}
- name: SPRING_ACTIVEMQ_BROKERURL
value: $(BROKER_URL)
- name: SPRING_ACTIVEMQ_USER
value: $(BROKER_USERNAME)
- name: SPRING_ACTIVEMQ_PASSWORD
value: $(BROKER_PASSWORD)
{{- end -}}
Original file line number Diff line number Diff line change
@@ -0,0 +1,6 @@
{{- define "alfresco-content-services.imagePullSecrets" }}
{{- if .Values.global.alfrescoRegistryPullSecrets }}
imagePullSecrets:
- name: {{ .Values.global.alfrescoRegistryPullSecrets }}
{{- end }}
{{- end }}
41 changes: 41 additions & 0 deletions charts/alfresco-common/templates/_helpers-persistence.tpl
Original file line number Diff line number Diff line change
@@ -0,0 +1,41 @@
{{- define "data_volume" -}}
- name: data
{{- $svc_name := .service.name }}
{{- with .persistence }}
{{- if .enabled }}
{{- $sc_name := .storageClass | default "default" }}
persistentVolumeClaim:
claimName: >-
{{ .existingClaim | default (printf "%s-%s-pvc" $svc_name $sc_name ) }}
{{- else }}
emptyDir:
sizeLimit: {{ .baseSize | default "20Gi" | quote }}
{{- end }}
{{- end }}
{{- end -}}

{{- define "component_pvc" -}}
{{ $svc_name := .service.name }}
{{- with .persistence }}
{{- $sc_name := .storageClass | default "default" -}}
---
kind: PersistentVolumeClaim
apiVersion: v1
metadata:
name: {{ printf "%s-%s-pvc" $svc_name $sc_name }}
spec:
{{- if .storageClass }}
storageClassName: {{ .storageClass | quote }}
{{- end }}
{{- if .accessModes }}
accessModes:
{{- range .accessModes }}
- {{ . }}
{{- end }}
{{- end }}
volumeMode: {{ .volumeMode | default "Filesystem" }}
resources:
requests:
storage: {{ .baseSize | default "20Gi" | quote }}
{{- end }}
{{- end -}}
46 changes: 46 additions & 0 deletions charts/alfresco-common/templates/_helpers-search.tpl
Original file line number Diff line number Diff line change
@@ -0,0 +1,46 @@
{{/*
Create a default fully qualified name.
*/}}
{{- define "alfresco-search.fullName" -}}
{{- printf "%s-alfresco-search" .Release.Name | trunc 63 | trimSuffix "-" -}}
{{- end -}}

{{/*
Alfresco Search2 Host
*/}}
{{- define "alfresco-search.host" -}}
{{- if index $.Values "alfresco-search" "enabled" -}}
{{ printf "%s-solr" (include "alfresco-search.fullName" .) -}}
{{- else -}}
{{ index $.Values "alfresco-search" "external" "host" | default "localhost" -}}
{{- end -}}
{{- end -}}

{{/*
Get Alfresco Search Port
*/}}
{{- define "alfresco-search.port" -}}
{{- if index $.Values "alfresco-search" "enabled" -}}
{{ print (index .Values "alfresco-search" "service" "externalPort") -}}
{{- else -}}
{{ index $.Values "alfresco-search" "external" "port" | default "8983" -}}
{{- end -}}
{{- end -}}

{{/*
Get Alfresco Solr context
*/}}
{{- define "alfresco-search.baseurl" -}}
{{- if index $.Values "alfresco-search" "enabled" -}}
/solr
{{- else -}}
{{ index $.Values "alfresco-search" "external" "context" | default "/solr" -}}
{{- end -}}
{{- end -}}

{{/*
Required Solr secret
*/}}
{{- define "tracking-shared-secret" -}}
{{- required "You need to provide a shared secret for Solr/repo authentication , see https://github.com/Alfresco/acs-deployment/tree/master/docs/helm" .Values.global.tracking.sharedsecret -}}
{{- end }}
32 changes: 32 additions & 0 deletions charts/alfresco-common/templates/_helpers-security.tpl
Original file line number Diff line number Diff line change
@@ -0,0 +1,32 @@
{{- define "default-pod-security-context" }}
runAsNonRoot: true
runAsUser: 33099
fsGroupChangePolicy: OnRootMismatch
{{- end }}

{{- define "default-security-context" }}
runAsNonRoot: true
allowPrivilegeEscalation: false
capabilities:
drop:
- NET_RAW
- ALL
{{- end }}

{{- define "component-pod-security-context" }}
securityContext:
{{- if .podSecurityContext }}
{{- .podSecurityContext | toYaml | nindent 4 }}
{{- else }}
{{- include "default-pod-security-context" . }}
{{- end }}
{{- end }}

{{- define "component-security-context" }}
securityContext:
{{- if .securityContext }}
{{- .securityContext | toYaml | nindent 4 }}
{{- else }}
{{- include "default-security-context" . }}
{{- end }}
{{- end }}
9 changes: 9 additions & 0 deletions charts/alfresco-common/templates/_helpers.tpl
Original file line number Diff line number Diff line change
@@ -0,0 +1,9 @@
{{- define "content-services.shortname" -}}
{{- $name := (.Values.NameOverride | default "alfresco-cs") -}}
{{- printf "%s-%s" .Release.Name $name | trunc 63 | trimSuffix "-" -}}
{{- end -}}

{{- define "alfresco.shortname" -}}
{{- $name := (.Values.NameOverride | default "alfresco-") -}}
{{- printf "%s-%s" .Release.Name $name | trunc 63 | trimSuffix "-" -}}
{{- end -}}
Empty file.

0 comments on commit 0a78ab5

Please sign in to comment.