Update recommendations in the documents #712
Workflow file for this run
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
name: Chart Testing and Kubeval | |
on: | |
pull_request: | |
branches: | |
- main | |
push: | |
branches: | |
- main | |
paths: | |
- "charts/**" | |
workflow_dispatch: | |
env: | |
HELM_VERSION: v3.11.3 | |
jobs: | |
lint-chart: | |
runs-on: ubuntu-latest | |
env: | |
PYTHON_VERSION: 3.11 | |
steps: | |
- name: Checkout | |
uses: actions/checkout@v3 | |
with: | |
fetch-depth: 0 | |
- name: Set up Helm | |
uses: azure/setup-helm@v3 | |
with: | |
version: ${{ env.HELM_VERSION }} | |
- name: Set up Python | |
uses: actions/setup-python@v4 | |
with: | |
python-version: ${{ env.PYTHON_VERSION }} | |
- name: Add Helm repos | |
run: | | |
helm repo add scalar https://scalar-labs.github.io/helm-charts | |
- name: Set up chart-testing | |
uses: helm/chart-testing-action@v2 | |
- name: Run chart-testing (lint) | |
run: ct lint --config .github/ct.yaml | |
kubeaudit-chart: | |
runs-on: ubuntu-latest | |
env: | |
KUBE_AUDIT_VERSION: 0.22.0 | |
steps: | |
- name: Checkout | |
uses: actions/checkout@v3 | |
with: | |
fetch-depth: 0 | |
- name: Set up Helm | |
uses: azure/setup-helm@v3 | |
with: | |
version: ${{ env.HELM_VERSION }} | |
- name: Set up kubeaudit | |
uses: supplypike/setup-bin@v3 | |
with: | |
uri: "https://github.com/Shopify/kubeaudit/releases/download/v${{ env.KUBE_AUDIT_VERSION }}/kubeaudit_${{ env.KUBE_AUDIT_VERSION }}_linux_amd64.tar.gz" | |
name: "kubeaudit" | |
version: ${{ env.KUBE_AUDIT_VERSION }} | |
- name: Add Helm repos | |
run: | | |
helm repo add scalar https://scalar-labs.github.io/helm-charts | |
- name: Run kubeaudit | |
run: | | |
# TODO If more charts are supported by kubeaudit, they should be added. | |
# Change to `ls charts` when all charts are supported. | |
chart_dirs=(envoy scalardb scalardl scalardl-audit scalardb-cluster) | |
for chart_dir in ${chart_dirs[@]}; do | |
echo "helm dependency build charts/${chart_dir} chart..." | |
helm dependency build charts/${chart_dir} | |
echo "kubeaudit charts/${chart_dir} chart..." | |
kubeaudit all -k .github/kube-audit.yaml -f <(helm template --generate-name "charts/${chart_dir}") -m error | |
done | |
kubeval-chart: | |
runs-on: ubuntu-latest | |
needs: lint-chart | |
strategy: | |
matrix: | |
k8s: | |
- v1.22.17 | |
- v1.23.17 | |
- v1.24.13 | |
- v1.25.9 | |
- v1.26.4 | |
- v1.27.2 | |
steps: | |
- name: Checkout | |
uses: actions/checkout@v3 | |
with: | |
fetch-depth: 0 | |
- name: Set up Helm | |
uses: azure/setup-helm@v3 | |
with: | |
version: ${{ env.HELM_VERSION }} | |
- name: Add Helm repos | |
run: | | |
helm repo add scalar https://scalar-labs.github.io/helm-charts | |
- name: Install helm-kubeval plugin | |
run: helm plugin install https://github.com/instrumenta/helm-kubeval | |
- name: Run kubeval | |
run: | | |
chart_dirs=$(ls charts) | |
for chart_dir in ${chart_dirs}; do | |
echo "helm dependency build charts/${chart_dir} chart..." | |
helm dependency build charts/${chart_dir} | |
echo "kubeval(idating) charts/${chart_dir} chart..." | |
helm kubeval "charts/${chart_dir}" -v "${KUBERNETES_VERSION#v}" | |
done | |
env: | |
KUBERNETES_VERSION: ${{ matrix.k8s }} | |
KUBEVAL_SCHEMA_LOCATION: https://raw.githubusercontent.com/yannh/kubernetes-json-schema/master | |
install-chart: | |
name: install-chart | |
runs-on: ubuntu-latest | |
needs: | |
- lint-chart | |
- kubeval-chart | |
- kubeaudit-chart | |
env: | |
DOCKER_REGISTRY_PASSWORD: ${{ secrets.CR_PAT }} | |
DOCKER_REGISTRY_USERNAME: scalar-git | |
DOCKER_REGISTRY_SERVER: ghcr.io | |
strategy: | |
matrix: | |
k8s: | |
- v1.22.17 | |
- v1.23.17 | |
- v1.24.13 | |
- v1.25.9 | |
- v1.26.4 | |
- v1.27.2 | |
steps: | |
- name: Checkout | |
uses: actions/checkout@v3 | |
with: | |
fetch-depth: 0 | |
- name: Set up chart-testing | |
uses: helm/chart-testing-action@v2 | |
- name: Add Helm repos | |
run: | | |
helm repo add scalar https://scalar-labs.github.io/helm-charts | |
- name: Run chart-testing (list-changed) | |
id: list-changed | |
run: | | |
changed=$(ct list-changed --config .github/ct.yaml) | |
if [[ -n "$changed" ]]; then | |
echo "changed=true" >> $GITHUB_OUTPUT | |
fi | |
- name: Create kind ${{ matrix.k8s }} cluster | |
uses: helm/[email protected] | |
with: | |
config: .github/kind-cluster.yaml | |
node_image: kindest/node:${{ matrix.k8s }} | |
kubectl_version: ${{ matrix.k8s }} | |
if: ${{ steps.list-changed.outputs.changed == 'true' || github.event_name == 'workflow_dispatch' }} | |
- name: Setup kubernetes (Kind) with registry, PostgreSQL and schema | |
run: | | |
kubectl cluster-info | |
kubectl create secret docker-registry reg-docker-secrets --docker-server=${DOCKER_REGISTRY_SERVER} --docker-username=${DOCKER_REGISTRY_USERNAME} --docker-password=${DOCKER_REGISTRY_PASSWORD} | |
kubectl create secret generic ledger-keys --from-file=private-key=.github/ledger-key.pem | |
kubectl create secret generic auditor-keys --from-file=certificate=.github/auditor-cert.pem --from-file=private-key=.github/auditor-key.pem | |
helm install postgresql oci://registry-1.docker.io/bitnamicharts/postgresql -f .github/postgresql.yaml | |
sleep 1 # Waiting for the StatefulSet creates a PostgreSQL pod. | |
kubectl wait --for=condition=Ready --timeout=120s pod/postgresql-0 | |
kubectl create -f .github/schema-loading.yaml # Create schema for ScalarDB GraphQL | |
kubectl wait --for=condition=complete --timeout=60s job/schema-loading | |
kubectl get pods,svc,endpoints,nodes -o wide | |
- name: Run chart-testing (updated chart) | |
if: ${{ github.event_name != 'workflow_dispatch' }} | |
run: ct install --config .github/ct.yaml --helm-extra-set-args "--wait-for-jobs" | |
- name: Run chart-testing (all charts) | |
if: ${{ github.event_name == 'workflow_dispatch' }} | |
run: ct install --config .github/ct-all.yaml --helm-extra-set-args "--wait-for-jobs" | |
verify-chart-docs: | |
runs-on: ubuntu-latest | |
steps: | |
- name: Checkout | |
uses: actions/checkout@v3 | |
- name: Verify chart docs | |
run: ./scripts/verify-chart-docs.sh | |
verify-values-schema-json: | |
runs-on: ubuntu-latest | |
steps: | |
- name: Checkout | |
uses: actions/checkout@v3 | |
- name: Verify values schema json | |
run: ./scripts/verify-values-schema-json.sh |