Merge pull request #60 from mjtrangoni/automate-helm-release

Automate helm release via GH Actions

.github/linters/.markdown-lint.yml

@@ -0,0 +1,2 @@
+MD013:
+  line_length: 600

.github/linters/ct.yaml

@@ -0,0 +1,11 @@
+# See https://github.com/helm/chart-testing#configuration
+remote: origin
+target-branch: master
+chart-dirs:
+  - deploy
+chart-repos:
+  - cert-manager-webhook-hetzner=https://vadimkim.github.io/cert-manager-webhook-hetzner
+helm-extra-args: --timeout 600s
+excluded-charts:
+additional-commands:
+  # - helm unittest --helm3 --strict --file unittests/*.yaml --file 'unittests/**/*.yaml' {{ .Path }}

.github/workflows/build.yml

@@ -8,6 +8,10 @@ on:
     tags:
       - 'v*'
   pull_request:
+    paths:
+      - '**.go'
+      - 'Dockerfile'
+      - 'Makefile'
 
 jobs:
   build:

.github/workflows/golangci-lint.yml

@@ -4,6 +4,11 @@ on:
     branches:
       - master
   pull_request:
+    paths:
+      - '**.go'
+      - '.golangci.yml'
+      - 'go.mod'
+      - 'go.sum'
 
 permissions:
   contents: read

.github/workflows/lint-test.yaml

@@ -0,0 +1,54 @@
+name: Lint and Test Charts
+
+on:
+  pull_request:
+    paths:
+      - 'deploy/**'
+      - '.github/**'
+
+jobs:
+  lint-test:
+    runs-on: ubuntu-latest
+    steps:
+      - name: Checkout Code
+        uses: actions/checkout@v4
+        with:
+          fetch-depth: 0
+
+      - name: Set up Helm
+        uses: azure/setup-helm@v3
+        with:
+          version: v3.12.1
+
+      - uses: actions/setup-python@v5
+        with:
+          python-version: '3.10'
+
+      - name: Set up chart-testing
+        uses: helm/[email protected]
+
+      - name: Run chart-testing (list-changed)
+        id: list-changed
+        run: |
+          changed=$(ct list-changed --config .github/linters/ct.yaml)
+          if [[ -n "$changed" ]]; then
+            echo "changed=true" >> "$GITHUB_OUTPUT"
+          fi
+
+      - name: Run chart-testing (lint)
+        if: steps.list-changed.outputs.changed == 'true'
+        run: ct lint --config .github/linters/ct.yaml
+
+      - name: Create kind cluster
+        if: steps.list-changed.outputs.changed == 'true'
+        uses: helm/[email protected]
+
+      - name: Install cert-manager
+        run: |
+          kubectl apply -f https://github.com/jetstack/cert-manager/releases/download/v1.13.3/cert-manager.yaml
+          kubectl wait --timeout=5m --for=condition=available deployment cert-manager -n cert-manager
+          kubectl wait --timeout=5m --for=condition=available deployment cert-manager-webhook -n cert-manager
+
+      - name: Run chart-testing (install)
+        if: steps.list-changed.outputs.changed == 'true'
+        run: ct install --config .github/linters/ct.yaml

.github/workflows/release.yaml

@@ -0,0 +1,57 @@
+name: release-charts
+
+on:
+  push:
+    branches:
+      - master
+
+jobs:
+  release:
+    permissions:
+      contents: write # to push chart release and create a release (helm/chart-releaser-action)
+      packages: write # needed for ghcr access
+      id-token: write # needed for keyless signing
+
+    runs-on: ubuntu-latest
+    steps:
+      - name: Checkout Code
+        uses: actions/checkout@v4
+
+      - name: Fetch history
+        run: git fetch --prune --unshallow
+
+      - name: Configure Git
+        run: |
+          git config user.name "$GITHUB_ACTOR"
+          git config user.email "[email protected]"
+
+      - name: Set up Helm
+        uses: azure/[email protected]
+        with:
+          version: v3.12.0
+
+      - name: Run chart-releaser
+        uses: helm/[email protected]
+        with:
+          charts_dir: deploy
+        env:
+          CR_TOKEN: "${{ secrets.GITHUB_TOKEN }}"
+          CR_GENERATE_RELEASE_NOTES: true
+
+      # see https://github.com/helm/chart-releaser/issues/183
+      - name: Login to GitHub Container Registry
+        uses: docker/login-action@v3
+        with:
+          registry: ghcr.io
+          username: ${{ github.actor }}
+          password: ${{ secrets.GITHUB_TOKEN }}
+
+      - name: Push charts to GHCR
+        run: |
+          shopt -s nullglob
+          for pkg in .cr-release-packages/*; do
+            if [ -z "${pkg:-}" ]; then
+              break
+            fi
+            helm push "${pkg}" "oci://ghcr.io/${GITHUB_REPOSITORY_OWNER}/charts"
+          done

.github/workflows/superlinter.yml

@@ -0,0 +1,44 @@
+name: Lint Code Base
+
+# Documentation:
+# https://help.github.com/en/articles/workflow-syntax-for-github-actions
+
+on:
+  pull_request:
+    paths:
+      - 'deploy/**'
+      - '.github/**'
+
+jobs:
+  build:
+    name: Lint Code Base
+    runs-on: ubuntu-latest
+
+    ############################################
+    # Grant status permission for MULTI_STATUS #
+    ############################################
+    permissions:
+      contents: read
+      packages: read
+      statuses: write
+
+    steps:
+      - name: Checkout Code
+        uses: actions/checkout@v4
+        with:
+          fetch-depth: 0
+
+      - name: Lint Code Base
+        uses: docker://github/super-linter:slim-v4
+        env:
+          DEFAULT_BRANCH: master
+          GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
+          LINTER_RULES_PATH: .github/linters
+          VALIDATE_ALL_CODEBASE: false
+          VALIDATE_BASH: false
+          VALIDATE_JSCPD: false
+          VALIDATE_KUBERNETES_KUBEVAL: false
+          VALIDATE_PYTHON: false
+          VALIDATE_PYTHON_FLAKE8: false
+          VALIDATE_PYTHON_BLACK: false
+          VALIDATE_YAML: false

.github/workflows/sync-readme.yaml

@@ -0,0 +1,27 @@
+on:
+  push:
+    branches:
+      - 'master'
+    paths:
+      - 'README.md'
+
+jobs:
+  build:
+    permissions:
+      contents: write # for git push
+
+    runs-on: ubuntu-latest
+    steps:
+      - uses: actions/checkout@v4
+      - run: |
+          cp -f README.md ${{ runner.temp }}/README.md
+      - uses: actions/checkout@v4
+        with:
+          ref: gh-pages
+      - run: |
+          cp -f ${{ runner.temp }}/README.md .
+          git config user.name "$GITHUB_ACTOR"
+          git config user.email "[email protected]"
+          git add README.md
+          git commit --signoff -m "Sync README from master"
+          git push

.gitignore

@@ -16,4 +16,4 @@ kubebuilder
 *.out
 
 # Ignore the built binary
-cert-manager-webhook-hetzner
+./cert-manager-webhook-hetzner

deploy/cert-manager-webhook-hetzner/Chart.yaml

@@ -1,5 +1,21 @@
-apiVersion: v1
+apiVersion: v2
+name: cert-manager-webhook-hetzner
+version: 1.3.1
 appVersion: "1.3.0"
+kubeVersion: ">= 1.22.0-0"
 description: Allow cert-manager to solve DNS challenges using Hetzner DNS API
-name: cert-manager-webhook-hetzner
-version: 1.3.0
+home: https://github.com/vadimkim/cert-manager-webhook-hetzner
+icon: https://raw.githubusercontent.com/cert-manager/cert-manager/master/logo/logo-small.png
+keywords:
+  - cert-manager
+  - hetzner
+  - kube-lego
+  - letsencrypt
+  - tls
+sources:
+  - https://github.com/vadimkim/cert-manager-webhook-hetzner
+maintainers:
+  - name: vadimkim
+    email: [email protected]
+annotations:
+  artifacthub.io/license: Apache-2.0

deploy/cert-manager-webhook-hetzner/templates/deployment.yaml

@@ -23,7 +23,7 @@ spec:
       serviceAccountName: {{ include "cert-manager-webhook-hetzner.fullname" . }}
       containers:
         - name: {{ .Chart.Name }}
-          image: "{{ .Values.image.repository }}:{{ .Values.image.tag | default .Chart.AppVersion }}"
+          image: "{{ .Values.image.registry }}/{{ .Values.image.repository }}:{{ .Values.image.tag | default .Chart.AppVersion }}"
           imagePullPolicy: {{ .Values.image.pullPolicy }}
           args:
             - --tls-cert-file=/tls/tls.crt

deploy/cert-manager-webhook-hetzner/values.yaml

@@ -13,7 +13,10 @@ certManager:
   serviceAccountName: cert-manager
 
 image:
-  repository: zmejg/cert-manager-webhook-hetzner
+  registry: ghcr.io
+  repository: vadimkim/cert-manager-webhook-hetzner
+  # Overrides the image tag whose default is {{ printf "v%s" .Chart.AppVersion }}
+  tag: ""
   pullPolicy: IfNotPresent
 
 nameOverride: ""