diff --git a/.github/workflows/build-publish.yaml b/.github/workflows/build-publish.yaml index d59d772..cded38b 100644 --- a/.github/workflows/build-publish.yaml +++ b/.github/workflows/build-publish.yaml @@ -22,6 +22,7 @@ jobs: with: work-dir: chart args: --namespace my-namespace --release my-release --app-version 1.0.0 --chart-version 1.0.0 + test-app: runs-on: ubuntu-latest steps: @@ -35,6 +36,10 @@ jobs: - name: Setup dependencies run: go mod download - name: Run tests + env: + GH_USER: nestobot + GH_TOKEN: ${{ secrets.TESTING_TOKEN }} + CATALOG_URL: https://github.com/nestoca/catalog run: go test ./... build: runs-on: ubuntu-latest @@ -104,7 +109,7 @@ jobs: if: ${{ steps.changelog.outputs.skipped == 'false' }} run: | yq -i '.appVersion = "${{ steps.changelog.outputs.version }}"' 'chart/Chart.yaml' - yq -i '.version = "${{ steps.changelog.outputs.version }}"' 'chart/Chart.yaml' + yq -i '.version = "${{ steps.changelog.outputs.version }}"' 'chart/Chart.yaml' - name: Commit release if: ${{ steps.changelog.outputs.skipped == 'false' }} @@ -141,20 +146,20 @@ jobs: run: | ORG_NAME=${GITHUB_REPOSITORY%%/*} REPO_NAME=${GITHUB_REPOSITORY#*/} - + CHART_NAME=$(yq .name ${{ github.workspace }}/chart/Chart.yaml) - + mkdir -p ${{ runner.temp }}/helm-release - + cd ${{ runner.temp }}/helm-release - + # Try to get the current index.yaml of the helm repo from https://${ORG_NAME}.github.io/${REPO_NAME}/index.yaml # If it fails, create a new index.yaml curl -f -L https://${ORG_NAME}.github.io/${REPO_NAME}/index.yaml -o index.yaml || echo -e "apiVersion: v1\nentries: {}" > index.yaml - + helm package ${{ github.workspace }}/chart helm repo index --url https://github.com/${{ github.repository }}/releases/download/${{ steps.changelog.outputs.tag }} --merge index.yaml . - + echo "artifact-path=${{ runner.temp }}/helm-release/${CHART_NAME}-${{ steps.changelog.outputs.version }}.tgz" >> $GITHUB_OUTPUT - name: Upload pages artifact diff --git a/chart/Makefile b/chart/Makefile new file mode 100644 index 0000000..be826a3 --- /dev/null +++ b/chart/Makefile @@ -0,0 +1,5 @@ +test: + testchart run --namespace my-namespace --release my-release --app-version 1.0.0 --chart-version 1.0.0 + +update: + testchart update --namespace my-namespace --release my-release --app-version 1.0.0 --chart-version 1.0.0 diff --git a/chart/templates/_configData.yaml b/chart/templates/_configData.yaml deleted file mode 100644 index 526aea1..0000000 --- a/chart/templates/_configData.yaml +++ /dev/null @@ -1,16 +0,0 @@ -{{/* -Config ENV Vars for the application -*/}} -{{- define "joy-generator.config" }} -JOY_PLUGIN_TOKEN: "{{ required "pluginToken is required" .Values.applicationConfig.pluginToken }}" -JOY_REPO_URL: "{{ required "repoUrl is required" .Values.applicationConfig.repoUrl }}" -{{- if .Values.applicationConfig.githubApp }} -JOY_GITHUB_APP_ID: "{{ .Values.applicationConfig.githubApp.appId }}" -JOY_GITHUB_APP_INSTALLATION_ID: "{{ .Values.applicationConfig.githubApp.installationId }}" -{{- else if .Values.applicationConfig.githubUser }} -JOY_GITHUB_USER: "{{ .Values.applicationConfig.githubUser.username }}" -JOY_GITHUB_TOKEN: "{{ .Values.applicationConfig.githubUser.token }}" -{{- else }} -{{- fail "one of githubUser or githubAuth is required" }} -{{- end }} -{{- end }} diff --git a/chart/templates/argocd-config.yaml b/chart/templates/argocd-config.yaml index af945e4..7924cc5 100644 --- a/chart/templates/argocd-config.yaml +++ b/chart/templates/argocd-config.yaml @@ -3,5 +3,5 @@ kind: ConfigMap metadata: name: {{ include "joy-generator.fullname" . }}-config data: - token: "${{ include "joy-generator.fullname" . }}-config:JOY_PLUGIN_TOKEN" + token: "${{ include "joy-generator.fullname" . }}-config:PLUGIN_TOKEN" baseUrl: "http://{{ include "joy-generator.fullname" . }}" diff --git a/chart/templates/deployment.yaml b/chart/templates/deployment.yaml index fd4b34f..fd24ce4 100644 --- a/chart/templates/deployment.yaml +++ b/chart/templates/deployment.yaml @@ -29,7 +29,7 @@ spec: volumes: - name: catalog-dir emptyDir: {} - {{- if .Values.applicationConfig.githubApp }} + {{- if .Values.env.GH_APP_ID }} - name: github-app-private-key secret: secretName: {{ include "joy-generator.fullname" . }}-github-app-key @@ -43,19 +43,15 @@ spec: volumeMounts: - mountPath: /tmp/catalog name: catalog-dir - {{- if .Values.applicationConfig.githubApp }} + {{- if .Values.env.GH_APP_ID }} - mountPath: /etc/joy/config name: github-app-private-key {{- end }} + {{- if .Values.env.GH_APP_ID }} env: - - name: JOY_CATALOG_DIR - value: /tmp/catalog - - name: GIN_MODE - value: release - {{- if .Values.applicationConfig.githubApp }} - name: JOY_GITHUB_APP_PRIVATE_KEY_PATH value: /etc/joy/config/githubApp.pem - {{- end }} + {{- end }} envFrom: - secretRef: name: {{ include "joy-generator.fullname" . }}-config diff --git a/chart/templates/secret.yaml b/chart/templates/secret.yaml index e9e67c6..c259733 100644 --- a/chart/templates/secret.yaml +++ b/chart/templates/secret.yaml @@ -1,3 +1,4 @@ +{{- and (required ".Values.env.PLUGIN_TOKEN is required" .Values.env.PLUGIN_TOKEN) "" -}} {{- if eq .Values.secretType "secret" }} apiVersion: v1 kind: Secret @@ -15,15 +16,16 @@ metadata: {{- end }} {{- if eq .Values.secretType "secret" }} stringData: -{{- include "joy-generator.config" . | indent 2 }} +{{ toYaml .Values.env | indent 2 }} {{- else if eq .Values.secretType "sealedSecret" }} spec: encryptedData: -{{- include "joy-generator.config" . | indent 4 }} +{{ toYaml .Values.env | indent 4 }} {{- end }} --- -{{- if .Values.applicationConfig.githubApp }} +{{- if .Values.env.GH_APP_ID }} +{{- and (required ".Values.env.GH_APP_INSTALLATION_ID is required" .Values.env.GH_APP_INSTALLATION_ID) "" | -}} {{- if eq .Values.secretType "secret" }} apiVersion: v1 kind: Secret @@ -42,11 +44,11 @@ metadata: {{- if eq .Values.secretType "secret" }} stringData: githubApp.pem: | -{{ .Values.applicationConfig.githubApp.privateKey | indent 4 }} +{{ required ".Values.githubApp.privateKey key is required" .Values.githubApp.privateKey | indent 4 }} {{- else if eq .Values.secretType "sealedSecret" }} spec: encryptedData: githubApp.pem: | -{{ .Values.applicationConfig.githubApp.privateKey | indent 6 }} +{{ required " .Values.githubApp.privateKey key is required" .Values.githubApp.privateKey | indent 6 }} {{- end }} {{- end }} diff --git a/chart/tests/with-github-app-and-sealed-secrets/expected.yaml b/chart/tests/with-github-app-and-sealed-secrets/expected.yaml index f89ab86..10da6e9 100644 --- a/chart/tests/with-github-app-and-sealed-secrets/expected.yaml +++ b/chart/tests/with-github-app-and-sealed-secrets/expected.yaml @@ -5,7 +5,7 @@ kind: ConfigMap metadata: name: my-release-joy-generator-config data: - token: "$my-release-joy-generator-config:JOY_PLUGIN_TOKEN" + token: "$my-release-joy-generator-config:PLUGIN_TOKEN" baseUrl: "http://my-release-joy-generator" --- # Source: joy-generator/templates/service.yaml @@ -73,10 +73,6 @@ spec: - mountPath: /etc/joy/config name: github-app-private-key env: - - name: JOY_CATALOG_DIR - value: /tmp/catalog - - name: GIN_MODE - value: release - name: JOY_GITHUB_APP_PRIVATE_KEY_PATH value: /etc/joy/config/githubApp.pem envFrom: @@ -105,11 +101,17 @@ metadata: annotations: sealedsecrets.bitnami.com/cluster-wide: "true" spec: - encryptedData: - JOY_PLUGIN_TOKEN: "@very!l0ngands3curet0ken" - JOY_REPO_URL: "https://github.com/example/foobar.git" - JOY_GITHUB_APP_ID: "123456" - JOY_GITHUB_APP_INSTALLATION_ID: "789101112" + encryptedData: + CATALOG_DIR: /tmp/catalog + CATALOG_REVISION: "" + CATALOG_URL: https://github.com/example/foobar.git + GH_APP_ID: "123456" + GH_APP_INSTALLATION_ID: "789101112" + GH_TOKEN: "" + GH_USER: "" + GRACE_PERIOD: 10s + PLUGIN_TOKEN: '@very!l0ngands3curet0ken' + PORT: :8080 --- # Source: joy-generator/templates/secret.yaml apiVersion: bitnami.com/v1alpha1 diff --git a/chart/tests/with-github-app-and-sealed-secrets/values.yaml b/chart/tests/with-github-app-and-sealed-secrets/values.yaml index de9d2ec..af78a3b 100644 --- a/chart/tests/with-github-app-and-sealed-secrets/values.yaml +++ b/chart/tests/with-github-app-and-sealed-secrets/values.yaml @@ -1,19 +1,14 @@ -applicationConfig: - pluginToken: "@very!l0ngands3curet0ken" - # The HTTPS Git URL of your joy catalog - repoUrl: "https://github.com/example/foobar.git" - # The GitHub app configuration. - # Required if githubToken is not set. - githubApp: - # The GitHub application ID - appId: 123456 - # The GitHub application installation ID - installationId: 789101112 - # The GitHub application private key (PEM format) - privateKey: | - FOOBARLOREMISPUM +env: + CATALOG_URL: https://github.com/example/foobar.git + PLUGIN_TOKEN: "@very!l0ngands3curet0ken" + GH_APP_ID: "123456" + GH_APP_INSTALLATION_ID: "789101112" -secretType: 'sealedSecret' +githubApp: + privateKey: | + FOOBARLOREMISPUM + +secretType: "sealedSecret" sealedSecretAnnotations: sealedsecrets.bitnami.com/cluster-wide: "true" diff --git a/chart/tests/with-github-app/expected.yaml b/chart/tests/with-github-app/expected.yaml index 7d35f2e..951bca2 100644 --- a/chart/tests/with-github-app/expected.yaml +++ b/chart/tests/with-github-app/expected.yaml @@ -4,11 +4,17 @@ apiVersion: v1 kind: Secret metadata: name: my-release-joy-generator-config -stringData: - JOY_PLUGIN_TOKEN: "@very!l0ngands3curet0ken" - JOY_REPO_URL: "https://github.com/example/foobar.git" - JOY_GITHUB_APP_ID: "123456" - JOY_GITHUB_APP_INSTALLATION_ID: "789101112" +stringData: + CATALOG_DIR: /tmp/catalog + CATALOG_REVISION: "" + CATALOG_URL: https://github.com/example/foobar.git + GH_APP_ID: "123" + GH_APP_INSTALLATION_ID: "666" + GH_TOKEN: "" + GH_USER: "" + GRACE_PERIOD: 10s + PLUGIN_TOKEN: '@very!l0ngands3curet0ken' + PORT: :8080 --- # Source: joy-generator/templates/secret.yaml apiVersion: v1 @@ -25,7 +31,7 @@ kind: ConfigMap metadata: name: my-release-joy-generator-config data: - token: "$my-release-joy-generator-config:JOY_PLUGIN_TOKEN" + token: "$my-release-joy-generator-config:PLUGIN_TOKEN" baseUrl: "http://my-release-joy-generator" --- # Source: joy-generator/templates/service.yaml @@ -93,10 +99,6 @@ spec: - mountPath: /etc/joy/config name: github-app-private-key env: - - name: JOY_CATALOG_DIR - value: /tmp/catalog - - name: GIN_MODE - value: release - name: JOY_GITHUB_APP_PRIVATE_KEY_PATH value: /etc/joy/config/githubApp.pem envFrom: diff --git a/chart/tests/with-github-app/values.yaml b/chart/tests/with-github-app/values.yaml index 5f5dd8b..c6fcae2 100644 --- a/chart/tests/with-github-app/values.yaml +++ b/chart/tests/with-github-app/values.yaml @@ -1,18 +1,19 @@ # Configuration settings for the joy-generator instance -applicationConfig: - pluginToken: "@very!l0ngands3curet0ken" +env: + PLUGIN_TOKEN: "@very!l0ngands3curet0ken" + + GH_APP_ID: "123" + GH_APP_INSTALLATION_ID: "666" + # The HTTPS Git URL of your joy catalog - repoUrl: "https://github.com/example/foobar.git" - # The GitHub app configuration. - # Required if githubToken is not set. - githubApp: - # The GitHub application ID - appId: 123456 - # The GitHub application installation ID - installationId: 789101112 - # The GitHub application private key (PEM format) - privateKey: | - FOOBARLOREMISPUM + CATALOG_URL: "https://github.com/example/foobar.git" + +# The GitHub app configuration. +# Required if githubToken is not set. +githubApp: + # The GitHub application private key (PEM format) + privateKey: | + FOOBARLOREMISPUM image: tag: 0.1.2 diff --git a/chart/tests/with-github-token/expected.yaml b/chart/tests/with-github-token/expected.yaml index 33763fb..c06604a 100644 --- a/chart/tests/with-github-token/expected.yaml +++ b/chart/tests/with-github-token/expected.yaml @@ -4,11 +4,17 @@ apiVersion: v1 kind: Secret metadata: name: my-release-joy-generator-config -stringData: - JOY_PLUGIN_TOKEN: "@very!l0ngands3curet0ken" - JOY_REPO_URL: "https://github.com/example/foobar.git" - JOY_GITHUB_USER: "username" - JOY_GITHUB_TOKEN: "12312312312312" +stringData: + CATALOG_DIR: /tmp/catalog + CATALOG_REVISION: "" + CATALOG_URL: https://github.com/example/foobar.git + GH_APP_ID: "" + GH_APP_INSTALLATION_ID: "" + GH_TOKEN: "12312312312312" + GH_USER: username + GRACE_PERIOD: 10s + PLUGIN_TOKEN: '@very!l0ngands3curet0ken' + PORT: :8080 --- # Source: joy-generator/templates/argocd-config.yaml apiVersion: v1 @@ -16,7 +22,7 @@ kind: ConfigMap metadata: name: my-release-joy-generator-config data: - token: "$my-release-joy-generator-config:JOY_PLUGIN_TOKEN" + token: "$my-release-joy-generator-config:PLUGIN_TOKEN" baseUrl: "http://my-release-joy-generator" --- # Source: joy-generator/templates/service.yaml @@ -78,11 +84,6 @@ spec: volumeMounts: - mountPath: /tmp/catalog name: catalog-dir - env: - - name: JOY_CATALOG_DIR - value: /tmp/catalog - - name: GIN_MODE - value: release envFrom: - secretRef: name: my-release-joy-generator-config diff --git a/chart/tests/with-github-token/values.yaml b/chart/tests/with-github-token/values.yaml index 934f512..8410a0f 100644 --- a/chart/tests/with-github-token/values.yaml +++ b/chart/tests/with-github-token/values.yaml @@ -2,14 +2,11 @@ # This is a YAML-formatted file. # Declare variables to be passed into your templates. -# Configuration settings for the joy-generator instance -applicationConfig: - pluginToken: "@very!l0ngands3curet0ken" - # The HTTPS Git URL of your joy catalog - repoUrl: "https://github.com/example/foobar.git" - githubUser: - token: "12312312312312" - username: "username" +env: + PLUGIN_TOKEN: "@very!l0ngands3curet0ken" + CATALOG_URL: https://github.com/example/foobar.git + GH_USER: username + GH_TOKEN: "12312312312312" image: tag: 0.1.2 diff --git a/chart/values.yaml b/chart/values.yaml index 629be5f..48c6503 100644 --- a/chart/values.yaml +++ b/chart/values.yaml @@ -2,6 +2,18 @@ # This is a YAML-formatted file. # Declare variables to be passed into your templates. +env: + PORT: :8080 + GRACE_PERIOD: 10s + PLUGIN_TOKEN: "" + CATALOG_URL: "" + CATALOG_DIR: /tmp/catalog + CATALOG_REVISION: "" + GH_USER: "" + GH_TOKEN: "" + GH_APP_ID: "" + GH_APP_INSTALLATION_ID: "" + # Configuration settings for the joy-generator instance applicationConfig: # The shared token that ArgoCD will use to call the joy-generator plugin API @@ -29,7 +41,7 @@ applicationConfig: # The secret type to use for applicationConfig values. # Can be either 'secret' or 'sealedSecret'. -secretType: 'secret' +secretType: "secret" # Additional annotations for sealed secrets sealedSecretAnnotations: {} @@ -47,10 +59,12 @@ fullnameOverride: "" podAnnotations: {} -podSecurityContext: {} +podSecurityContext: + {} # fsGroup: 2000 -securityContext: {} +securityContext: + {} # capabilities: # drop: # - ALL @@ -62,7 +76,8 @@ service: type: ClusterIP port: 80 -resources: {} +resources: + {} # We usually recommend not to specify default resources and to leave this as a conscious # choice for the user. This also increases chances charts run on environments with little # resources, such as Minikube. If you do want to specify resources, uncomment the following diff --git a/cmd/server/api_get_params_test.go b/cmd/server/api_get_params_test.go index 51d3e61..7ec0750 100644 --- a/cmd/server/api_get_params_test.go +++ b/cmd/server/api_get_params_test.go @@ -39,7 +39,7 @@ func TestGetParamsE2E(t *testing.T) { require.NoError(t, os.RemoveAll(catalog.Path)) repo, err := user.NewRepo(catalog) - require.NoError(t, err) + require.NoError(t, err, "failed to create repo for user: %s", user.Name) repo = repo.WithLogger(logger) @@ -56,7 +56,7 @@ func TestGetParamsE2E(t *testing.T) { server := httptest.NewServer(handler) defer server.Close() - req, err := http.NewRequest("GET", server.URL+"/api/v1/getparams.execute", strings.NewReader("{}")) + req, err := http.NewRequest("POST", server.URL+"/api/v1/getparams.execute", strings.NewReader("{}")) require.NoError(t, err) req.Header.Set("Authorization", "Bearer test-token") diff --git a/cmd/server/config.go b/cmd/server/config.go index 4793285..9da331e 100644 --- a/cmd/server/config.go +++ b/cmd/server/config.go @@ -27,7 +27,7 @@ type Config struct { func GetConfig() Config { var cfg Config - conf.Var(conf.Environ, &cfg.Port, "PORT", conf.Default(":3000")) + conf.Var(conf.Environ, &cfg.Port, "PORT", conf.Default(":8080")) conf.Var(conf.Environ, &cfg.GracePeriod, "GRACE_PERIOD", conf.Default(10*time.Second)) conf.Var(conf.Environ, &cfg.PluginToken, "PLUGIN_TOKEN") conf.Var(conf.Environ, &cfg.Catalog.URL, "CATALOG_URL")