From 249b5dcb1197dda70cd246ff063f89e15538b164 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Mariusz=20J=C3=B3zala?= Date: Thu, 10 Dec 2020 23:20:43 +0100 Subject: [PATCH] #54 Support for HTTP private Helm chart repositories --- README.md | 51 ++++++++++++++++++++++++++++++++++++++++++++++-- action.yml | 2 ++ src/hrval-all.sh | 28 ++++++++++++++++++++++++++ src/hrval.sh | 33 +++++++++++++++++++++++++------ 4 files changed, 106 insertions(+), 8 deletions(-) diff --git a/README.md b/README.md index 8c45129..2f1b96b 100644 --- a/README.md +++ b/README.md @@ -76,7 +76,8 @@ PASS - flagger/templates/deployment.yaml contains a valid Deployment ## Usage with private charts repositories -To allow the action to be able to clone private charts repositories, you must [create a GitHub private access token](https://help.github.com/en/github/authenticating-to-github/creating-a-personal-access-token-for-the-command-line) and [add it as a secret](https://help.github.com/en/actions/automating-your-workflow-with-github-actions/creating-and-using-encrypted-secrets#creating-encrypted-secrets) to the target repository. NOTE: secret names *cannot* start with `GITHUB_` as these are reserved. +### Private GitHub/GitLab repository +To allow the action to be able to clone charts from private GitHub repositories, you must [create a GitHub private access token](https://help.github.com/en/github/authenticating-to-github/creating-a-personal-access-token-for-the-command-line) and [add it as a secret](https://help.github.com/en/actions/automating-your-workflow-with-github-actions/creating-and-using-encrypted-secrets#creating-encrypted-secrets) to the target repository. NOTE: secret names *cannot* start with `GITHUB_` as these are reserved. You can then pass the secret (in this case, `GH_TOKEN`) into the action like so: ```yaml @@ -97,6 +98,10 @@ jobs: GITHUB_TOKEN: ${{ secrets.GH_TOKEN }} ``` +Gitlab CI Token is also possible using `GITLAB_CI_TOKEN`. + +### AWS S3 + If you set `awsS3Repo: true`, make sure you set the appropriate environment variables for helm s3 plugin to work. Example: ```yaml name: CI @@ -123,7 +128,49 @@ jobs: ``` -Gitlab CI Token is also possible using `GITLAB_CI_TOKEN`. +### HTTP(S) Helm chart repository + +To allow fetching Helm charts from private Helm chart repositories you need to +pass a list of Helm repositories in `HTTP_PRIVATE_CHART_REPOS` environment variable as JSON. + +```json +{ + "repositories": [ + { + "url": "https://raw.githubusercontent.com/username/helm-chart-repository/master/", + "username": "YOUR_USERNAME", + "password": "YOUR_PASSWORD" + }, + { + "url": "https://raw.githubusercontent.com/username/another-helm-chart-repository/master/", + "username": "YOUR_USERNAME", + "password": "YOUR_PASSWORD" + } + ] +} +``` + +It should be passed [as a secret](https://docs.github.com/en/free-pro-team@latest/actions/reference/encrypted-secrets#creating-encrypted-secrets) +to keep credentials secure. + +```yaml +name: CI + +on: [push, pull_request] + +jobs: + hrval: + runs-on: ubuntu-latest + steps: + - uses: actions/checkout@v1 + - name: Validate Helm Releases in test dir + uses: stefanprodan/hrval-action@master + with: + helmRelease: test/ + env: + HTTP_PRIVATE_CHART_REPOS: ${{ secrets.HTTP_PRIVATE_CHART_REPOS }} +``` + ## Usage with pull requests containing changes of Helm chart source located in base repository branch diff --git a/action.yml b/action.yml index 0b3693a..e4fe5f4 100644 --- a/action.yml +++ b/action.yml @@ -45,3 +45,5 @@ runs: - ${{ inputs.awsS3RepoName }} - ${{ inputs.awsS3RepoPlugin }} - ${{ inputs.helmSourcesCacheEnabled }} + env: + HTTP_PRIVATE_CHART_REPOS: ${{ secrets.HTTP_PRIVATE_CHART_REPOS }} diff --git a/src/hrval-all.sh b/src/hrval-all.sh index 0e66a63..446b0d1 100755 --- a/src/hrval-all.sh +++ b/src/hrval-all.sh @@ -12,6 +12,34 @@ AWS_S3_REPO_NAME=${6-""} AWS_S3_PLUGIN="${7-""}" HELM_SOURCES_CACHE_ENABLED=${8-""} +function configurePrivateChartRepositories() { + + local tempDir="$(mktemp -d)" + echo $HTTP_PRIVATE_CHART_REPOS > $tempDir/repositories.json + local numberOfRepositories=$(yq r $tempDir/repositories.json --length repositories) + + for (( i = 0; i < $numberOfRepositories; i++ )); do + local url=$(yq r $tempDir/repositories.json repositories[$i].url) + local username=$(yq r $tempDir/repositories.json repositories[$i].username) + local password=$(yq r $tempDir/repositories.json repositories[$i].password) + local repoMD5=$(/bin/echo $url | /usr/bin/md5sum | cut -f1 -d" ") + + >&2 echo "Adding Helm chart repository '$url'" + if [[ ${HELM_VER} == "v3" ]]; then + helmv3 repo add "$repoMD5" "${url}" --username "${username}" --password "${password}" + helmv3 repo update + else + helm repo add "$repoMD5" "${url}" --username "${username}" --password "${password}" + helm repo update + fi + done +} + +if [[ -v HTTP_PRIVATE_CHART_REPOS ]]; then + echo "Configuring Helm chart repositories" + configurePrivateChartRepositories +fi + if [ "${HELM_SOURCES_CACHE_ENABLED}" == "true" ]; then CACHEDIR=$(mktemp -d) else diff --git a/src/hrval.sh b/src/hrval.sh index 6f5e6ba..1134fa8 100755 --- a/src/hrval.sh +++ b/src/hrval.sh @@ -33,13 +33,34 @@ function download { CHART_REPO_MD5=$(/bin/echo "${CHART_REPO}" | /usr/bin/md5sum | cut -f1 -d" ") - if [[ "${HELM_VER}" == "v3" ]]; then - helmv3 repo add "${CHART_REPO_MD5}" "${CHART_REPO}" - helmv3 repo update + + if [[ ${HELM_VER} == "v3" ]]; then + if [[ $(helmv3 repo list -o yaml | yq r - "[*].name" | grep $CHART_REPO_MD5) == $CHART_REPO_MD5 ]]; then + CHART_REPO_ALREADY_ADDED=true + else + CHART_REPO_ALREADY_ADDED=false + fi + else + if [[ $(helm repo list -o yaml | yq r - "[*].Name" | grep $CHART_REPO_MD5) == $CHART_REPO_MD5 ]]; then + CHART_REPO_ALREADY_ADDED=true + else + CHART_REPO_ALREADY_ADDED=false + fi + fi + + if [[ "$CHART_REPO_ALREADY_ADDED" = false ]]; then + if [[ "${HELM_VER}" == "v3" ]]; then + helmv3 repo add "${CHART_REPO_MD5}" "${CHART_REPO}" + helmv3 repo update + else + helm repo add "${CHART_REPO_MD5}" "${CHART_REPO}" + helm repo update + fi + fi + + if [[ ${HELM_VER} == "v3" ]]; then helmv3 fetch --version "${CHART_VERSION}" --untar "${CHART_REPO_MD5}/${CHART_NAME}" --untardir "${2}" else - helm repo add "${CHART_REPO_MD5}" "${CHART_REPO}" - helm repo update helm fetch --version "${CHART_VERSION}" --untar "${CHART_REPO_MD5}/${CHART_NAME}" --untardir "${2}" fi @@ -168,7 +189,7 @@ function validate { HELM_RELEASE_NAMESPACE=$(yq r "${HELM_RELEASE}" metadata.namespace) if [[ "${IGNORE_VALUES}" == "true" ]]; then - echo "Ingnoring Helm release values" + echo "Ignoring Helm release values" echo "" > "${TMPDIR}/${HELM_RELEASE_NAME}.values.yaml" else echo "Extracting values to ${TMPDIR}/${HELM_RELEASE_NAME}.values.yaml"