diff --git a/.github/workflows/helm_chart_build_and_push.yml b/.github/workflows/helm_chart_build_and_push.yml index 52ac559..144e3ea 100644 --- a/.github/workflows/helm_chart_build_and_push.yml +++ b/.github/workflows/helm_chart_build_and_push.yml @@ -106,17 +106,22 @@ jobs: CHART_NAME=$(yq eval '.name' "${{ steps.paths.outputs.chart-dir }}/Chart.yaml") CHART_VERSION=$(yq eval '.version' "${{ steps.paths.outputs.chart-dir }}/Chart.yaml") CHART_APP_VERSION=$(yq eval '.appVersion' "${{ steps.paths.outputs.chart-dir }}/Chart.yaml") + CHART_TYPE=$(yq eval '.type // "application"' "${{ steps.paths.outputs.chart-dir }}/Chart.yaml") { echo "chart-name=$CHART_NAME" echo "chart-version=$CHART_VERSION" echo "app-version=$CHART_APP_VERSION" + echo "chart-type=$CHART_TYPE" } >> "$GITHUB_OUTPUT" - name: Prepare chart run: | + echo "Chart type: ${{ steps.extract.outputs.chart-type }}" echo "Chart version: ${{ steps.extract.outputs.chart-version }}" - echo "Chart appVersion: ${{ steps.extract.outputs.app-version }}" + if [ "${{ steps.extract.outputs.chart-type }}" != "library" ]; then + echo "Chart appVersion: ${{ steps.extract.outputs.app-version }}" + fi echo "Packaging chart with existing versions..." - name: Setup GPG @@ -142,20 +147,45 @@ jobs: ls -la .helm-packages/ + - name: Check if chart version already exists + id: check + env: + REGISTRY: ${{ inputs.registry }} + REPOSITORY: ${{ inputs.repository }} + CHART_NAME: ${{ steps.extract.outputs.chart-name }} + CHART_VERSION: ${{ steps.extract.outputs.chart-version }} + run: | + if helm pull "oci://${REGISTRY}/${REPOSITORY}/${CHART_NAME}" --version "${CHART_VERSION}" --destination /tmp 2>/dev/null; then + echo "exists=true" >> "$GITHUB_OUTPUT" + echo "⚠️ Chart ${CHART_NAME}:${CHART_VERSION} already exists in registry" + else + echo "exists=false" >> "$GITHUB_OUTPUT" + echo "✅ Chart ${CHART_NAME}:${CHART_VERSION} does not exist, will push" + fi + - name: Push chart to OCI registry + if: steps.check.outputs.exists == 'false' env: REGISTRY: ${{ inputs.registry }} REPOSITORY: ${{ inputs.repository }} CHART_NAME: ${{ steps.extract.outputs.chart-name }} CHART_VERSION: ${{ steps.extract.outputs.chart-version }} run: | - CHART_PACKAGE=$(ls .helm-packages/${CHART_NAME}-${CHART_VERSION}.tgz) - helm push "$CHART_PACKAGE" oci://${REGISTRY}/${REPOSITORY} + CHART_PACKAGE=$(ls ".helm-packages/${CHART_NAME}-${CHART_VERSION}.tgz") + helm push "$CHART_PACKAGE" "oci://${REGISTRY}/${REPOSITORY}" echo "✅ Chart pushed successfully to ${REGISTRY}/${REPOSITORY}" + - name: Skip push (already exists) + if: steps.check.outputs.exists == 'true' + env: + CHART_NAME: ${{ steps.extract.outputs.chart-name }} + CHART_VERSION: ${{ steps.extract.outputs.chart-version }} + run: | + echo "⏭️ Skipping push - ${CHART_NAME}:${CHART_VERSION} already exists in registry" + - name: Generate artifact attestation - if: inputs.enable-provenance + if: inputs.enable-provenance && steps.check.outputs.exists == 'false' uses: actions/attest-build-provenance@v3 with: subject-path: .helm-packages/${{ steps.extract.outputs.chart-name }}-${{ steps.extract.outputs.chart-version }}.tgz diff --git a/.github/workflows/helm_chart_test.yml b/.github/workflows/helm_chart_test.yml index cac2e58..6a7f544 100644 --- a/.github/workflows/helm_chart_test.yml +++ b/.github/workflows/helm_chart_test.yml @@ -4,26 +4,26 @@ on: workflow_call: inputs: charts: - description: 'JSON array of chart directories [{dir}]' + description: "JSON array of chart directories [{dir}]" required: true type: string base-path: - description: 'Base path for Helm charts (prepended to chart dirs)' + description: "Base path for Helm charts (prepended to chart dirs)" required: false type: string - default: '' + default: "" helm-version: - description: 'Helm version to use' + description: "Helm version to use" required: false type: string - default: 'v3.16.3' + default: "v3.16.3" kubernetes-version: - description: 'Kubernetes version for testing' + description: "Kubernetes version for testing" required: false type: string - default: 'v1.34.0' + default: "v1.35.0" enable-kubeconform: - description: 'Enable kubeconform validation' + description: "Enable kubeconform validation (ignored for library charts)" required: false type: boolean default: true @@ -60,12 +60,30 @@ jobs: echo "chart-dir=$CHART_DIR" >> "$GITHUB_OUTPUT" echo "Chart directory: $CHART_DIR" + - name: Detect chart type + id: detect + run: | + CHART_TYPE=$(yq eval '.type // "application"' "${{ steps.paths.outputs.chart-dir }}/Chart.yaml") + echo "chart-type=$CHART_TYPE" >> "$GITHUB_OUTPUT" + echo "Chart type: $CHART_TYPE" + + - name: Update dependencies + run: | + cd "${{ steps.paths.outputs.chart-dir }}" + if [ -f "Chart.yaml" ] && yq eval '.dependencies' Chart.yaml > /dev/null 2>&1; then + echo "Updating chart dependencies..." + helm dependency update + else + echo "No dependencies found, skipping dependency update" + fi + - name: Helm lint run: | echo "Linting Helm chart..." helm lint ${{ steps.paths.outputs.chart-dir }} - name: Helm template + if: steps.detect.outputs.chart-type != 'library' run: | echo "Templating Helm chart..." helm template test ${{ steps.paths.outputs.chart-dir }} --debug @@ -102,7 +120,25 @@ jobs: fi echo "chart-dir=$CHART_DIR" >> "$GITHUB_OUTPUT" + - name: Detect chart type + id: detect + run: | + CHART_TYPE=$(yq eval '.type // "application"' "${{ steps.paths.outputs.chart-dir }}/Chart.yaml") + echo "chart-type=$CHART_TYPE" >> "$GITHUB_OUTPUT" + echo "Chart type: $CHART_TYPE" + + - name: Update dependencies + run: | + cd "${{ steps.paths.outputs.chart-dir }}" + if [ -f "Chart.yaml" ] && yq eval '.dependencies' Chart.yaml > /dev/null 2>&1; then + echo "Updating chart dependencies..." + helm dependency update + else + echo "No dependencies found, skipping dependency update" + fi + - name: Validate with kubeconform + if: steps.detect.outputs.chart-type != 'library' run: | echo "Validating with kubeconform..." K8S_VERSION="${{ inputs.kubernetes-version }}" @@ -113,6 +149,11 @@ jobs: -strict \ -summary + - name: Skip kubeconform for library chart + if: steps.detect.outputs.chart-type == 'library' + run: | + echo "⏭️ Skipping kubeconform validation for library chart" + install-test: name: Helm Install Test runs-on: ubuntu-latest @@ -130,12 +171,6 @@ jobs: with: version: ${{ inputs.helm-version }} - - name: Setup Kind - uses: helm/kind-action@v1 - with: - version: v0.25.0 - kubectl_version: ${{ inputs.kubernetes-version }} - - name: Resolve paths id: paths run: | @@ -145,17 +180,58 @@ jobs: fi echo "chart-dir=$CHART_DIR" >> "$GITHUB_OUTPUT" + - name: Detect chart type + id: detect + run: | + CHART_TYPE=$(yq eval '.type // "application"' "${{ steps.paths.outputs.chart-dir }}/Chart.yaml") + echo "chart-type=$CHART_TYPE" >> "$GITHUB_OUTPUT" + echo "Chart type: $CHART_TYPE" + + - name: Update dependencies + if: steps.detect.outputs.chart-type != 'library' + run: | + cd "${{ steps.paths.outputs.chart-dir }}" + if [ -f "Chart.yaml" ] && yq eval '.dependencies' Chart.yaml > /dev/null 2>&1; then + echo "Updating chart dependencies..." + helm dependency update + else + echo "No dependencies found, skipping dependency update" + fi + + - name: Setup Kind + if: steps.detect.outputs.chart-type != 'library' + uses: helm/kind-action@v1 + with: + version: v0.25.0 + kubectl_version: ${{ inputs.kubernetes-version }} + - name: Install chart + if: steps.detect.outputs.chart-type != 'library' run: | echo "Installing Helm chart in Kind cluster..." helm install test-release ${{ steps.paths.outputs.chart-dir }} \ --wait --timeout 5m --debug \ --dry-run + - name: Skip install test for library chart + if: steps.detect.outputs.chart-type == 'library' + run: | + echo "⏭️ Skipping install test for library chart (library charts cannot be installed independently)" + - name: Chart info run: | + CHART_NAME=$(yq eval '.name' "${{ steps.paths.outputs.chart-dir }}/Chart.yaml") + CHART_VERSION=$(yq eval '.version' "${{ steps.paths.outputs.chart-dir }}/Chart.yaml") + CHART_TYPE="${{ steps.detect.outputs.chart-type }}" + { - echo "### ⎈ Helm Chart Test Results" - echo "**Chart:** ${{ steps.paths.outputs.chart-dir }}" + if [ "$CHART_TYPE" = "library" ]; then + echo "### 📚 Helm Library Chart Test Results" + else + echo "### ⎈ Helm Chart Test Results" + fi + echo "**Chart:** $CHART_NAME" + echo "**Version:** $CHART_VERSION" + echo "**Type:** $CHART_TYPE" echo "**Status:** ✅ Passed" } >> "$GITHUB_STEP_SUMMARY" diff --git a/.github/workflows/workflow_validation.yml b/.github/workflows/workflow_validation.yml index 27431d9..b32175a 100644 --- a/.github/workflows/workflow_validation.yml +++ b/.github/workflows/workflow_validation.yml @@ -2,11 +2,15 @@ name: Workflow Validation on: pull_request: - branches: [main] + branches: + - main + - develop paths: - ".github/workflows/**" push: - branches: [main] + branches: + - main + - develop paths: - ".github/workflows/**" workflow_dispatch: