Merge pull request #8 from aserto-dev/cicd

Add CI

.github/workflows/ci.yaml

@@ -0,0 +1,50 @@
+name: ci
+
+on:
+  # Run on all PRs
+  pull_request:
+
+env:
+  HELM_VERSION: v3.14.4
+  PYTHON_VERSION: 3.x
+
+jobs:
+  lint:
+    runs-on: ubuntu-latest
+    steps:
+      -
+        name: Read Configuration
+        uses: hashicorp/vault-action@v3
+        id: vault
+        with:
+          url: https://vault.eng.aserto.com/
+          token: ${{ secrets.VAULT_TOKEN }}
+          secrets: |
+            kv/data/github  "USERNAME"            | DOCKER_USERNAME;
+            kv/data/github  "READ_WRITE_TOKEN"    | READ_WRITE_TOKEN;
+      -
+        uses: actions/checkout@v4
+        with:
+          # Fetch the full history so that we can diff against the target branch
+          fetch-depth: 0
+      -
+        name: Set up Helm
+        uses: azure/setup-helm@v4
+        with:
+          version: ${{ env.HELM_VERSION }}
+      -
+        uses: actions/setup-python@v5
+        with:
+          python-version: ${{ env.PYTHON_VERSION }}
+          check-latest: true
+      -
+        name: Set up chart-testing
+        uses: helm/[email protected]
+        with:
+          version: v3.10.0
+      -
+        name: Lint ${{ matrix.chart.name }}
+        run: |
+          ct lint --config ct.yaml \
+            --target-branch ${{ github.event.repository.default_branch }} \
+            --helm-repo-extra-args "aserto-helm=-u gh -p ${READ_WRITE_TOKEN}"

aserto-lib/Chart.yaml → charts/aserto-lib/Chart.yaml

@@ -1,6 +1,11 @@
 apiVersion: v2
 name: aserto-lib
 description: Common helpers for aserto charts
+icon: https://www.aserto.com/images/aserto-logo.png
+
+maintainers:
+  - name: Aserto
+    url: https://github.com/aserto-dev
 
 # A chart can be either an 'application' or a 'library' chart.
 #

charts/aserto-lib/values.yaml

@@ -0,0 +1 @@
+# Library chart. No values

aserto/Chart.yaml → charts/aserto/Chart.yaml

@@ -1,6 +1,11 @@
 apiVersion: v2
 name: aserto
 description: A Helm chart for Kubernetes
+icon: https://www.aserto.com/images/aserto-logo.png
+
+maintainers:
+  - name: Aserto
+    url: https://github.com/aserto-dev
 
 # A chart can be either an 'application' or a 'library' chart.
 #

charts/aserto/ci/test-values.yaml

@@ -0,0 +1,18 @@
+global:
+  aserto:
+    oidc:
+      domain: oidc_domain
+      audience: oidc_audience
+discovery:
+  registries:
+    ghcr.io:
+      scheme: bearer
+      tokenSecretName: ghcr-token-secret
+directory:
+  rootDirectory:
+    tenantID: root-tenant-id
+    database:
+      host: root-db-host
+  tenantDirectory:
+    database:
+      host: tenant-db-host

charts/authorizer/ci/test-values.yaml

@@ -0,0 +1,5 @@
+rootDirectory:
+  tenantID: root-tenant-id
+oidc:
+  domain: oidc_domain
+  audience: oidc_audience

authorizer/values.yaml → charts/authorizer/values.yaml

@@ -47,8 +47,6 @@ grpc:
 #   of type kubernetes.io/tls
 #   certSecret: directory-rest-cert
 
-
-
 # Disable authorization
 # noAuthorization: false
 

charts/console/ci/test-values.yaml

@@ -0,0 +1,3 @@
+oidc:
+  domain: oidc_domain
+  audience: oidc_audience

charts/directory/ci/test-values.yaml

@@ -0,0 +1,7 @@
+rootDirectory:
+  tenantID: root-tenant-id
+  database:
+    host: root-db-host
+tenantDirectory:
+  database:
+    host: tenant-db-host

directory/templates/config.yaml → charts/directory/templates/config.yaml

@@ -50,7 +50,7 @@ stringData:
     {{- with .Values.tenantDirectory.database -}}
     db:
       writer:
-        host: "{{ .host | required ".Values.tenantDirectory.host is required." }}"
+        host: "{{ .host | required ".Values.tenantDirectory.database.host is required." }}"
         port: {{ .port | default 5432 }}
         db_name: {{ .dbName | default "aserto-ds" }}
         ssl_mode: {{ .sslMode | default "require" }}
@@ -59,7 +59,7 @@ stringData:
         {{ toYaml .admin.options | nindent 8 }}
         {{ end }}
       reader:
-        host: "{{ .host | required ".Values.tenantDirectory.host is required." }}"
+        host: "{{ .host | required ".Values.tenantDirectory.database.host is required." }}"
         port: {{ .port | default 5432 }}
         db_name: {{ .dbName | default "aserto-ds" }}
         ssl_mode: {{ .sslMode | default "require" }}

charts/discovery/ci/test-values.yaml

@@ -0,0 +1,9 @@
+oidc:
+  domain: oidc_domain
+  audience: oidc_audience
+rootDirectory:
+  tenantID: root-tenant-id
+registries:
+  ghcr.io:
+    scheme: bearer
+    tokenSecretName: ghcr-token-secret

discovery/values.yaml → charts/discovery/values.yaml

@@ -33,7 +33,7 @@ bundleDefaults:
 cacheSettings:
   type: "bigcache"
   cacheConfig:
-    ttl: 900000000000 # 15 minutes
+    ttl: 900000000000  # 15 minutes
 
 
 # Set the service log level (trace/debug/info/warn/error)

ct.yaml

@@ -0,0 +1,5 @@
+# See https://github.com/helm/chart-testing#configuration
+remote: origin
+target-branch: main
+chart-repos:
+  - aserto-helm=oci://ghcr.io/aserto-dev/helm

makefile

@@ -11,33 +11,41 @@ CHART_REPO		:= "oci://ghcr.io/aserto-dev/helm"
 ifndef CHART
 $(error CHART must be set)
 endif
-CHART_VERSION   := $(shell cat $(CHART)/Chart.yaml | yq '.version')
+
+CHART_DIR		:= charts/${CHART}
+CHART_VERSION   := $(shell cat ${CHART_DIR}/Chart.yaml | yq '.version')
 
 .PHONY: clean
 clean:
-	@echo -e "$(ATTN_COLOR)==> clean $(CHART) $(NO_COLOR)"
-	@rm -rf $(CHART)/build
+	@echo -e "$(ATTN_COLOR)==> $@ ${CHART} $(NO_COLOR)"
+	@rm -rf ${CHART_DIR}/build
 
 .PHONY: update
 update:
-	@echo -e "$(ATTN_COLOR)==> update $(CHART) $(NO_COLOR)"
-	@helm dependency update $(CHART)
+	@echo -e "$(ATTN_COLOR)==> $@ ${CHART} $(NO_COLOR)"
+	@helm dependency update ${CHART_DIR}
 
 .PHONY: build
 build:
-	@echo -e "$(ATTN_COLOR)==> build $(CHART) $(NO_COLOR)"
-	@helm dependency build $(CHART)
+	@echo -e "$(ATTN_COLOR)==> $@ ${CHART} $(NO_COLOR)"
+	@helm dependency build ${CHART_DIR}
 
 .PHONY: package
 package:
-	@echo -e "$(ATTN_COLOR)==> package $(CHART) $(NO_COLOR)"
-	@mkdir -p $(CHART)/build
-	@helm package $(CHART) -u -d $(CHART)/build
+	@echo -e "$(ATTN_COLOR)==> $@ ${CHART} $(NO_COLOR)"
+	@mkdir -p ${CHART_DIR}/build
+	@helm package ${CHART_DIR} -u -d ${CHART_DIR}/build
 
 .PHONY: push
 push:
-	@echo -e "$(ATTN_COLOR)==> push $(CHART):$(CHART_VERSION) $(NO_COLOR)"
-	@helm push $(CHART)/build/$(CHART)-$(CHART_VERSION).tgz $(CHART_REPO)
+	@echo -e "$(ATTN_COLOR)==> $@ ${CHART}:$(CHART_VERSION) $(NO_COLOR)"
+	@helm push ${CHART_DIR}/build/${CHART}-$(CHART_VERSION).tgz $(CHART_REPO)
+
+.PHONY: lint
+lint:
+	@echo -e "$(ATTN_COLOR)==> $@ $(NO_COLOR)"
+	@ct lint --config ct.yaml --helm-repo-extra-args "aserto-helm=-u gh -p ${GITHUB_TOKEN}"
+
 
 .PHONY: release
 release: build package push