Support for HTTP private Helm chart repositories

README.md

@@ -76,7 +76,10 @@ PASS - flagger/templates/deployment.yaml contains a valid Deployment
 
 ## Usage with private charts repositories
 
-To allow the action to be able to clone private charts repositories, you must [create a GitHub private access token](https://help.github.com/en/github/authenticating-to-github/creating-a-personal-access-token-for-the-command-line) and [add it as a secret](https://help.github.com/en/actions/automating-your-workflow-with-github-actions/creating-and-using-encrypted-secrets#creating-encrypted-secrets) to the target repository. NOTE: secret names *cannot* start with `GITHUB_` as these are reserved.
+### Private GitHub/GitLab repository
+To allow the action to be able to clone charts from private GitHub repositories,
+you must [create a GitHub private access token](https://help.github.com/en/github/authenticating-to-github/creating-a-personal-access-token-for-the-command-line)
+and [add it as a secret](https://help.github.com/en/actions/automating-your-workflow-with-github-actions/creating-and-using-encrypted-secrets#creating-encrypted-secrets) to the target repository. NOTE: secret names *cannot* start with `GITHUB_` as these are reserved.
 
 You can then pass the secret (in this case, `GH_TOKEN`) into the action like so:
 ```yaml
@@ -97,6 +100,10 @@ jobs:
           GITHUB_TOKEN: ${{ secrets.GH_TOKEN }}
 ```
 
+Gitlab CI Token is also possible using `GITLAB_CI_TOKEN`.
+
+### AWS S3
+
 If you set `awsS3Repo: true`,  make sure you set the appropriate environment variables for helm s3 plugin to work.  Example:
 ```yaml
 name: CI
@@ -123,7 +130,49 @@ jobs:
 
 ```
 
-Gitlab CI Token is also possible using `GITLAB_CI_TOKEN`.
+### HTTP(S) Helm chart repository
+
+To allow fetching Helm charts from private Helm chart repositories you need to
+pass a list of Helm repositories in `HTTP_PRIVATE_CHART_REPOS` environment variable as JSON.
+
+```json
+{
+  "repositories": [
+    {
+      "url": "https://raw.githubusercontent.com/username/helm-chart-repository/master/",
+      "username": "YOUR_USERNAME",
+      "password": "YOUR_PASSWORD"
+    },
+    {
+      "url": "https://raw.githubusercontent.com/username/another-helm-chart-repository/master/",
+      "username": "YOUR_USERNAME",
+      "password": "YOUR_PASSWORD"
+    }
+  ]
+}
+```
+
+It should be passed [as a secret](https://docs.github.com/en/free-pro-team@latest/actions/reference/encrypted-secrets#creating-encrypted-secrets)
+to keep credentials secure.
+
+```yaml
+name: CI
+
+on: [push, pull_request]
+
+jobs:
+  hrval:
+    runs-on: ubuntu-latest
+    steps:
+      - uses: actions/checkout@v1
+      - name: Validate Helm Releases in test dir
+        uses: stefanprodan/hrval-action@master
+        with:
+          helmRelease: test/
+        env:
+          HTTP_PRIVATE_CHART_REPOS: ${{ secrets.HTTP_PRIVATE_CHART_REPOS }}
+```
+
 
 ## Usage with pull requests containing changes of Helm chart source located in base repository branch
 

src/hrval-all.sh

@@ -12,6 +12,40 @@ AWS_S3_REPO_NAME=${6-""}
 AWS_S3_PLUGIN="${7-""}"
 HELM_SOURCES_CACHE_ENABLED=${8-""}
 
+function configurePrivateChartRepositories() {
+
+  local tempDir
+  tempDir="$(mktemp -d)"
+  echo "$HTTP_PRIVATE_CHART_REPOS" > "$tempDir/repositories.json"
+  local numberOfRepositories
+  numberOfRepositories=$(yq r "$tempDir/repositories.json" --length repositories)
+
+  for (( i = 0; i < numberOfRepositories; i++ )); do
+      local url
+      url=$(yq r "$tempDir/repositories.json" repositories[$i].url)
+      local username
+      username=$(yq r "$tempDir/repositories.json" repositories[$i].username)
+      local password
+      password=$(yq r "$tempDir/repositories.json" repositories[$i].password)
+      local repoMD5
+      repoMD5=$(/bin/echo "$url" | /usr/bin/md5sum | cut -f1 -d" ")
+
+      >&2 echo "Adding Helm chart repository '$url'"
+      if [[ ${HELM_VER} == "v3" ]]; then
+        helmv3 repo add "$repoMD5" "${url}" --username "${username}" --password "${password}"
+        helmv3 repo update
+      else
+        helm repo add "$repoMD5" "${url}" --username "${username}" --password "${password}"
+        helm repo update
+      fi
+  done
+}
+
+if [[ -v HTTP_PRIVATE_CHART_REPOS ]]; then
+  echo "Configuring Helm chart repositories"
+  configurePrivateChartRepositories
+fi
+
 if [ "${HELM_SOURCES_CACHE_ENABLED}" == "true" ]; then
   CACHEDIR=$(mktemp -d)
 else

src/hrval.sh

@@ -33,13 +33,34 @@ function download {
 
   CHART_REPO_MD5=$(/bin/echo "${CHART_REPO}" | /usr/bin/md5sum | cut -f1 -d" ")
 
-  if [[ "${HELM_VER}" == "v3" ]]; then
-    helmv3 repo add "${CHART_REPO_MD5}" "${CHART_REPO}"
-    helmv3 repo update
+
+  if [[ ${HELM_VER} == "v3" ]]; then
+    if [[ $(helmv3 repo list -o yaml  | yq r - "[*].name" | grep "$CHART_REPO_MD5") == "$CHART_REPO_MD5" ]]; then
+      CHART_REPO_ALREADY_ADDED=true
+    else
+      CHART_REPO_ALREADY_ADDED=false
+    fi
+  else
+    if [[ $(helm repo list -o yaml  | yq r - "[*].Name" | grep "$CHART_REPO_MD5") == "$CHART_REPO_MD5" ]]; then
+      CHART_REPO_ALREADY_ADDED=true
+    else
+      CHART_REPO_ALREADY_ADDED=false
+    fi
+  fi
+
+  if [[ "$CHART_REPO_ALREADY_ADDED" = false ]]; then
+    if [[ "${HELM_VER}" == "v3" ]]; then
+      helmv3 repo add "${CHART_REPO_MD5}" "${CHART_REPO}"
+      helmv3 repo update
+    else
+      helm repo add "${CHART_REPO_MD5}" "${CHART_REPO}"
+      helm repo update
+    fi
+  fi
+
+  if [[ ${HELM_VER} == "v3" ]]; then
     helmv3 fetch --version "${CHART_VERSION}" --untar "${CHART_REPO_MD5}/${CHART_NAME}" --untardir "${2}"
   else
-    helm repo add "${CHART_REPO_MD5}" "${CHART_REPO}"
-    helm repo update
     helm fetch --version "${CHART_VERSION}" --untar "${CHART_REPO_MD5}/${CHART_NAME}" --untardir "${2}"
   fi
 
@@ -168,7 +189,7 @@ function validate {
   HELM_RELEASE_NAMESPACE=$(yq r "${HELM_RELEASE}" metadata.namespace)
 
   if [[ "${IGNORE_VALUES}" == "true" ]]; then
-    echo "Ingnoring Helm release values"
+    echo "Ignoring Helm release values"
     echo "" > "${TMPDIR}/${HELM_RELEASE_NAME}.values.yaml"
   else
     echo "Extracting values to ${TMPDIR}/${HELM_RELEASE_NAME}.values.yaml"