chore(deps): update dcarbone/install-yq-action action to v1.3.1 #2343
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
--- | |
name: Helm Charts test and docs | |
on: | |
pull_request: | |
branches: | |
- main | |
jobs: | |
# Only run tests and generate docs if Helm files have changed. | |
helm-change: | |
runs-on: 'ubuntu-latest' | |
if: ${{ ! startsWith(github.triggering_actor, 'akeyless') }} | |
permissions: | |
pull-requests: read | |
outputs: | |
charts-change: ${{ steps.filter.outputs.charts-change }} | |
steps: | |
- name: "Check charts files changes" | |
uses: dorny/paths-filter@v3 | |
id: filter | |
with: | |
filters: | | |
charts-change: | |
- 'charts/**/dockerfiles/**' | |
- 'charts/**/templates/**' | |
- 'charts/**/values.yaml' | |
- 'charts/**/Chart.yaml' | |
- 'charts-private/**/dockerfiles/**' | |
- 'charts-private/**/templates/**' | |
- 'charts-private/**/values.yaml' | |
- 'charts-private/**/Chart.yaml' | |
helm-test: | |
needs: helm-change | |
if: ${{ needs.helm-change.outputs.charts-change == 'true' && ! startsWith(github.triggering_actor, 'akeyless') }} | |
runs-on: 'ubuntu-latest' | |
env: | |
HELM_VERSION: "v3.14.1" | |
permissions: | |
contents: read | |
id-token: write | |
steps: | |
- name: "Checkout current PR" | |
uses: actions/checkout@v4 | |
with: | |
fetch-depth: 0 | |
- name: "Install Helm" | |
uses: azure/setup-helm@v4 | |
with: | |
version: "${{ env.HELM_VERSION }}" | |
- name: "Install Python 3" | |
uses: actions/setup-python@v5 | |
with: | |
python-version: '3.9' | |
check-latest: true | |
- name: "Set up chart-testing" | |
uses: helm/chart-testing-action@v2 | |
- name: "Run chart-testing (list-changed)" | |
id: list-changed | |
run: | | |
changed=$(ct list-changed --target-branch ${{ github.event.repository.default_branch }} --chart-dirs charts,charts-private) | |
if [[ -n "$changed" ]]; then | |
echo "changed=true" >> $GITHUB_OUTPUT | |
changed=$(echo $changed | tr '\n' ' ') | |
echo "changed_charts=$changed" >> $GITHUB_OUTPUT | |
fi | |
- name: "Run chart-testing (lint)" | |
if: steps.list-changed.outputs.changed == 'true' | |
run: ct lint --target-branch ${{ github.event.repository.default_branch }} --chart-dirs charts,charts-private | |
- name: "Create kind cluster" | |
if: steps.list-changed.outputs.changed == 'true' | |
uses: helm/[email protected] | |
- name: "Install dependencies - Kong CRDs" | |
if: steps.list-changed.outputs.changed == 'true' && contains(steps.list-changed.outputs.changed_charts, 'charts/kong-celo-fullnode') | |
# contains(join(steps.updated_files.outputs.all), 'charts/kong-celo-fullnode/') | |
run: | | |
kubectl apply -f https://raw.githubusercontent.com/Kong/kong-operator/main/helm-charts/kong/crds/custom-resource-definitions.yaml | |
- name: "Install dependencies - ConfigConnector CRDs" | |
if: steps.list-changed.outputs.changed == 'true' && contains(steps.list-changed.outputs.changed_charts, 'charts/blockscout') | |
run: | | |
dir=${PWD%/*} | |
mkdir /tmp/k8s-config-connector && cd /tmp/k8s-config-connector | |
git init | |
git remote add -f origin https://github.com/GoogleCloudPlatform/k8s-config-connector | |
git config core.sparseCheckout true | |
echo "crds/*" >> .git/info/sparse-checkout | |
git pull origin master | |
kubectl apply -f crds/ | |
cd $dir | |
- name: "Install dependencies - ExternalSecrets CRDs" | |
if: steps.list-changed.outputs.changed == 'true' && contains(steps.list-changed.outputs.changed_charts, 'charts/optics-keymaster') | |
run: | | |
kubectl apply --kustomize https://github.com/external-secrets/external-secrets.git/config/crds/bases\?ref\=main | |
- name: "Authenticate to Google Cloud" | |
if: steps.list-changed.outputs.changed == 'true' | |
uses: google-github-actions/auth@v2 | |
with: | |
workload_identity_provider: projects/1094498259535/locations/global/workloadIdentityPools/gh-charts/providers/github-by-repos | |
service_account: '[email protected]' | |
- name: "Set up Cloud SDK" | |
if: steps.list-changed.outputs.changed == 'true' | |
uses: google-github-actions/setup-gcloud@v2 | |
- name: "Login to Artifact Registry" | |
if: steps.list-changed.outputs.changed == 'true' | |
run: | | |
set -o errexit | |
# desired cluster name; default is "kind" | |
KIND_CLUSTER_NAME="chart-testing" | |
# create a temp file for the docker config | |
echo "Creating temporary docker client config directory ..." | |
DOCKER_CONFIG=$(mktemp -d) | |
export DOCKER_CONFIG | |
trap 'echo "Removing ${DOCKER_CONFIG}/*" && rm -rf ${DOCKER_CONFIG:?}' EXIT | |
echo "Creating a temporary config.json" | |
# This is to force the omission of credsStore, which is automatically | |
# created on supported system. With credsStore missing, "docker login" | |
# will store the password in the config.json file. | |
# https://docs.docker.com/engine/reference/commandline/login/#credentials-store | |
cat <<EOF >"${DOCKER_CONFIG}/config.json" | |
{ | |
"auths": { "gcr.io": {} } | |
} | |
EOF | |
# login to gcr in DOCKER_CONFIG using an access token | |
# https://cloud.google.com/container-registry/docs/advanced-authentication#access_token | |
echo "Logging in to GCR in temporary docker client config directory ..." | |
gcloud auth application-default print-access-token | \ | |
docker login -u oauth2accesstoken --password-stdin https://us-west1-docker.pkg.dev | |
# setup credentials on each node | |
echo "Moving credentials to kind cluster name='${KIND_CLUSTER_NAME}' nodes ..." | |
for node in $(kind get nodes --name "${KIND_CLUSTER_NAME}"); do | |
# the -oname format is kind/name (so node/name) we just want name | |
node_name=${node#node/} | |
# copy the config to where kubelet will look | |
docker cp "${DOCKER_CONFIG}/config.json" "${node_name}:/var/lib/kubelet/config.json" | |
# restart kubelet to pick up the config | |
docker exec "${node_name}" systemctl restart kubelet.service | |
done | |
echo "Done!" | |
- name: "Templating charts" | |
if: steps.list-changed.outputs.changed == 'true' | |
run: | | |
for chart in ${{ steps.list-changed.outputs.changed_charts }}; do | |
if [ -d ./${chart} ]; then | |
# Only template 'application' charts (libraries cannot be templated) | |
if cat "./${chart}/Chart.yaml" | grep -E '^type' | grep 'application' >/dev/null; then | |
# Skipping clean-pvcs as .Release.Namespace does not exist in helm template | |
if [ "${chart}" != "charts/clean-pvcs" ]; then | |
echo "Templating ${chart}." | |
helm template "./${chart}/" -f "./${chart}/values.yaml" | |
# Skipping celo-fullnode-backups as kind has not volumesnapshot and gemini cannot be installed | |
if [ "${chart}" != "charts/celo-fullnode-backups" ]; then | |
echo "Validating ${chart} templates." | |
# Check against K8s API | |
helm template "./${chart}/" -f "./${chart}/values.yaml" --validate | |
fi | |
fi | |
fi | |
else | |
echo "Skipping ${chart} as it seems it has been deleted." | |
fi | |
done | |
- name: "Setup tmate session" | |
uses: mxschmitt/action-tmate@v3 | |
timeout-minutes: 30 | |
if: false | |
with: | |
limit-access-to-actor: true | |
- name: "Run chart-testing (install)" | |
if: steps.list-changed.outputs.changed == 'true' | |
run: > | |
ct install | |
--target-branch ${{ github.event.repository.default_branch }} | |
--chart-dirs charts,charts-private | |
--excluded-charts akeyless-gcp-producer,celo-fullnode-backups,common,daily-chain-backup | |
--excluded-charts blockscout,akeyless-gadmin-producer,ultragreen-dashboard,kong-celo-fullnode | |
--excluded-charts eigenda-proxy,nethermind,prysm,op-conductor | |
--chart-repos bitnami=https://charts.bitnami.com/bitnami,stakewise=https://charts.stakewise.io/ | |
helm-docs: | |
runs-on: 'ubuntu-latest' | |
if: ${{ ! startsWith(github.triggering_actor, 'akeyless') }} | |
needs: 'helm-test' | |
env: | |
HELM_DOCS_VERSION: "1.14.2" | |
permissions: | |
id-token: write | |
steps: | |
- name: "Get GitHub Token from Akeyless" | |
id: get_auth_token | |
uses: | |
docker://us-west1-docker.pkg.dev/devopsre/akeyless-public/akeyless-action:latest | |
with: | |
api-url: https://api.gateway.akeyless.celo-networks-dev.org | |
access-id: p-kf9vjzruht6l | |
dynamic-secrets: '{"/dynamic-secrets/keys/github/charts/contents=write,pull_requests=write":"PAT"}' | |
- name: "Checkout current PR" | |
uses: actions/checkout@v4 | |
with: | |
token: ${{ env.PAT }} | |
- name: "Install helm-docs" | |
run: | | |
cd /tmp | |
wget https://github.com/norwoodj/helm-docs/releases/download/v${{env.HELM_DOCS_VERSION}}/helm-docs_${{env.HELM_DOCS_VERSION}}_Linux_x86_64.tar.gz | |
tar -xvf helm-docs_${{env.HELM_DOCS_VERSION}}_Linux_x86_64.tar.gz | |
sudo mv helm-docs /usr/local/sbin | |
- name: "Run helm-docs in changed charts" | |
run: | | |
helm-docs | |
- name: Install YQ | |
uses: dcarbone/[email protected] | |
- name: "Regenerate list of charts" | |
run: | | |
# Function to generate the list of charts | |
generate_chart_list() { | |
local chart_list="" | |
for file in $(find ./charts -type d -maxdepth 1 ! -name 'charts' | sort); do | |
desc=$(cat "$file/Chart.yaml" | yq .description) | |
chart_list+="- [$(basename "$file")]($file/README.md) - $desc"$'\n' | |
done | |
echo "$chart_list" | |
} | |
# Main script | |
update_markdown() { | |
local markdown_file=$1 | |
START_HEADING="## List of charts" | |
END_HEADING="## Helm charts best practices" | |
# Generate chart list | |
chart_list=$(generate_chart_list) | |
TEMP_FILE=$(mktemp) | |
printf '%s\n' "$chart_list" > $TEMP_FILE | |
sed -i "/$START_HEADING/,/$END_HEADING/{//!d; /$START_HEADING/r $TEMP_FILE | |
}" $markdown_file | |
} | |
# Run the update_markdown function with the specified markdown file | |
update_markdown "README.md" | |
- name: "Commit updated README.md to the branch if changed" | |
uses: stefanzweifel/git-auto-commit-action@v5 | |
with: | |
commit_message: '[Automatic] - Update chart README.md' | |
file_pattern: 'README.md charts/**/README.md charts-private/**/README.md' |