From 21d0f393a6ccf6bb146906ffd0a70779899fa8c1 Mon Sep 17 00:00:00 2001
From: Morre <morre@mor.re>
Date: Mon, 9 Sep 2024 15:08:22 +0200
Subject: [PATCH] fix(generic): configure ServiceAccount when name is set or
 creation is enabled

---
 .github/workflows/lint-and-test.yml           | 12 +++----
 .github/workflows/pre-commit.yml              | 15 ++++++++
 .pre-commit-config.yaml                       |  9 +++++
 CONTRIBUTING.md                               |  3 ++
 Makefile                                      |  4 +++
 charts/generic/Chart.yaml                     |  2 +-
 charts/generic/README.md                      |  2 +-
 charts/generic/templates/deployment.yaml      |  2 +-
 charts/generic/tests/serviceaccount_test.yaml | 36 +++++++++++++++++++
 ci/helm-unittest                              |  2 ++
 ci/{setup.sh => setup}                        |  0
 11 files changed, 78 insertions(+), 9 deletions(-)
 create mode 100644 .github/workflows/pre-commit.yml
 create mode 100644 Makefile
 create mode 100644 charts/generic/tests/serviceaccount_test.yaml
 create mode 100755 ci/helm-unittest
 rename ci/{setup.sh => setup} (100%)

diff --git a/.github/workflows/lint-and-test.yml b/.github/workflows/lint-and-test.yml
index 591f0c5c..158f3a35 100644
--- a/.github/workflows/lint-and-test.yml
+++ b/.github/workflows/lint-and-test.yml
@@ -12,11 +12,11 @@ jobs:
         with:
           fetch-depth: 0
 
-      - name: Set up Helm
-        uses: azure/setup-helm@fe7b79cd5ee1e45176fcad797de68ecaf3ca4814 # v4
-        with:
-          # renovate: datasource=github-releases depName=helm/helm
-          version: v3.15.4
+      - name: Install needed tools
+        run: make install
+
+      - name: Run unittests
+        run: helm unittest charts/*
 
       - uses: actions/setup-python@f677139bbe7f9c59b41e40162b753c062f5d49a3 # v5
         with:
@@ -42,7 +42,7 @@ jobs:
 
       - name: Install CRDs
         if: steps.list-changed.outputs.changed == 'true'
-        run: ./ci/setup.sh
+        run: ./ci/setup
 
       - name: Run chart-testing (install)
         run: ct install --config ct.yaml
diff --git a/.github/workflows/pre-commit.yml b/.github/workflows/pre-commit.yml
new file mode 100644
index 00000000..5a3bc83b
--- /dev/null
+++ b/.github/workflows/pre-commit.yml
@@ -0,0 +1,15 @@
+name: "pre-commit"
+
+on:
+  pull_request:
+
+jobs:
+  pre-commit:
+    runs-on: ubuntu-latest
+    steps:
+      - uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332 # v4.1.7
+
+      - name: Setup for pre-commit
+        run: make install
+
+      - uses: pre-commit/action@2c7b3805fd2a0fd8c1884dcaebf91fc102a13ecd # v3.0.1
diff --git a/.pre-commit-config.yaml b/.pre-commit-config.yaml
index ed98d270..4954b2a6 100644
--- a/.pre-commit-config.yaml
+++ b/.pre-commit-config.yaml
@@ -27,3 +27,12 @@ repos:
       - id: commitlint
         stages: [commit-msg]
         additional_dependencies: ["@commitlint/config-conventional"]
+
+  - repo: local
+    hooks:
+      - id: helm unittest
+        name: Run helm unittests
+        language: script
+        pass_filenames: false
+        entry: ./ci/helm-unittest
+        files: ^charts/.*
diff --git a/CONTRIBUTING.md b/CONTRIBUTING.md
index 6438a966..5610eb39 100644
--- a/CONTRIBUTING.md
+++ b/CONTRIBUTING.md
@@ -19,6 +19,9 @@ pip3 install pre-commit
 # macOS
 brew install pre-commit
 
+# Install the unittest plugin
+make install
+
 pre-commit install --hook-type commit-msg --hook-type pre-commit
 ```
 
diff --git a/Makefile b/Makefile
new file mode 100644
index 00000000..c881ab71
--- /dev/null
+++ b/Makefile
@@ -0,0 +1,4 @@
+SHELL := /bin/bash -o pipefail -o errexit
+
+install:
+	helm plugin install https://github.com/helm-unittest/helm-unittest
diff --git a/charts/generic/Chart.yaml b/charts/generic/Chart.yaml
index d044e386..f6d58060 100644
--- a/charts/generic/Chart.yaml
+++ b/charts/generic/Chart.yaml
@@ -2,7 +2,7 @@ apiVersion: v2
 name: generic
 description: A chart for generic applications. Use this if you need to deploy something without wanting to build a fully fledged new helm chart.
 type: application
-version: 7.6.0
+version: 7.6.1
 maintainers:
   - name: morremeyer
   - name: ekeih
diff --git a/charts/generic/README.md b/charts/generic/README.md
index ad17b83f..50ea7f06 100644
--- a/charts/generic/README.md
+++ b/charts/generic/README.md
@@ -1,6 +1,6 @@
 # generic
 
-![Version: 7.6.0](https://img.shields.io/badge/Version-7.6.0-informational?style=flat-square) ![Type: application](https://img.shields.io/badge/Type-application-informational?style=flat-square)
+![Version: 7.6.1](https://img.shields.io/badge/Version-7.6.1-informational?style=flat-square) ![Type: application](https://img.shields.io/badge/Type-application-informational?style=flat-square)
 
 A chart for generic applications. Use this if you need to deploy something without wanting to build a fully fledged new helm chart.
 
diff --git a/charts/generic/templates/deployment.yaml b/charts/generic/templates/deployment.yaml
index a0eb1943..c72e284a 100644
--- a/charts/generic/templates/deployment.yaml
+++ b/charts/generic/templates/deployment.yaml
@@ -38,7 +38,7 @@ spec:
       {{- with .Values.imagePullSecrets }}
       imagePullSecrets: {{- toYaml . | nindent 8 }}
       {{- end }}
-      {{- if .Values.serviceAccount.create }}
+      {{- if or .Values.serviceAccount.create .Values.serviceAccount.name }}
       serviceAccountName: {{ include "generic.serviceAccountName" . }}
       {{- end }}
       {{- with .Values.podSecurityContext }}
diff --git a/charts/generic/tests/serviceaccount_test.yaml b/charts/generic/tests/serviceaccount_test.yaml
new file mode 100644
index 00000000..b9216045
--- /dev/null
+++ b/charts/generic/tests/serviceaccount_test.yaml
@@ -0,0 +1,36 @@
+suite: test ServiceAccount
+templates:
+  - templates/deployment.yaml
+release:
+  name: test-release
+  namespace: test-namespace
+tests:
+  - it: "verifies that the default configuration sets the ServiceAccount name"
+    asserts:
+      - equal:
+          path: spec.template.spec.serviceAccountName
+          value: test-release-generic
+
+  - it: "verifies that configuring the ServiceAccount name sets it accordingly"
+    set:
+      serviceAccount.name: test-sa
+    asserts:
+      - equal:
+          path: spec.template.spec.serviceAccountName
+          value: test-sa
+
+  - it: "verifies that configuring a ServiceAccount name with create: false still sets ServiceAccount"
+    set:
+      serviceAccount.create: false
+      serviceAccount.name: test-sa
+    asserts:
+      - equal:
+          path: spec.template.spec.serviceAccountName
+          value: test-sa
+
+  - it: "verifies that not setting a name with create: false does not set a ServiceAccount"
+    set:
+      serviceAccount.create: false
+    asserts:
+      - notExists:
+          path: spec.template.spec.serviceAccountName
diff --git a/ci/helm-unittest b/ci/helm-unittest
new file mode 100755
index 00000000..40a5a194
--- /dev/null
+++ b/ci/helm-unittest
@@ -0,0 +1,2 @@
+#!/usr/bin/env bash
+ls -1 charts | xargs -I {} helm unittest "charts/{}"
diff --git a/ci/setup.sh b/ci/setup
similarity index 100%
rename from ci/setup.sh
rename to ci/setup