diff --git a/chart/templates/deployment.yaml b/chart/templates/deployment.yaml index fd24ce4..e9e455c 100644 --- a/chart/templates/deployment.yaml +++ b/chart/templates/deployment.yaml @@ -47,8 +47,14 @@ spec: - mountPath: /etc/joy/config name: github-app-private-key {{- end }} - {{- if .Values.env.GH_APP_ID }} env: + {{- range $key, $value := .Values.env }} + {{- if $value }} + - name: {{ $key }} + value: {{ $value | quote }} + {{- end -}} + {{- end }} + {{- if .Values.env.GH_APP_ID }} - name: JOY_GITHUB_APP_PRIVATE_KEY_PATH value: /etc/joy/config/githubApp.pem {{- end }} diff --git a/chart/templates/secret.yaml b/chart/templates/secret.yaml index 20b201f..90fbee5 100644 --- a/chart/templates/secret.yaml +++ b/chart/templates/secret.yaml @@ -1,55 +1,56 @@ -{{- and (required ".Values.env.PLUGIN_TOKEN is required" .Values.env.PLUGIN_TOKEN) "" -}} +{{- and (required ".Values.secretEnv.values.PLUGIN_TOKEN is required" .Values.secretEnv.values.PLUGIN_TOKEN) "" -}} {{- and (required ".Values.env.CATALOG_URL is required" .Values.env.CATALOG_URL) "" -}} -{{- if eq .Values.secretType "secret" }} -apiVersion: v1 -kind: Secret -{{- else if eq .Values.secretType "sealedSecret" }} + +{{- $sealedSecret := (eq .Values.secretEnv.type "sealedSecret") -}} + +{{- if $sealedSecret }} apiVersion: bitnami.com/v1alpha1 kind: SealedSecret +{{- else }} +apiVersion: v1 +kind: Secret {{- end }} metadata: name: {{ include "joy-generator.fullname" . }}-config -{{- if eq .Values.secretType "sealedSecret" }} - {{- with .Values.sealedSecretAnnotations }} +{{- if $sealedSecret }} annotations: -{{ toYaml . | indent 4 }} - {{- end }} +{{ toYaml .Values.sealedSecretAnnotations | indent 4 }} {{- end }} -{{- if eq .Values.secretType "secret" }} -stringData: -{{ toYaml .Values.env | indent 2 }} -{{- else if eq .Values.secretType "sealedSecret" }} +{{- if $sealedSecret }} spec: encryptedData: -{{ toYaml .Values.env | indent 4 }} +{{ toYaml .Values.secretEnv.values | indent 4 }} +{{- else }} +stringData: +{{ toYaml .Values.secretEnv.values | indent 2 }} {{- end }} --- + {{- if .Values.env.GH_APP_ID }} {{- and (required ".Values.env.GH_APP_INSTALLATION_ID is required" .Values.env.GH_APP_INSTALLATION_ID) "" | -}} -{{- if eq .Values.secretType "secret" }} -apiVersion: v1 -kind: Secret -{{- else if eq .Values.secretType "sealedSecret" }} +{{- and (required ".Values.githubAppPrivateKey is required" .Values.githubAppPrivateKey) "" -}} +{{- if $sealedSecret }} apiVersion: bitnami.com/v1alpha1 kind: SealedSecret +{{- else }} +apiVersion: v1 +kind: Secret {{- end }} metadata: name: {{ include "joy-generator.fullname" . }}-github-app-key -{{- if eq .Values.secretType "sealedSecret" }} - {{- with .Values.sealedSecretAnnotations }} +{{- if $sealedSecret }} annotations: -{{ toYaml . | indent 4 }} - {{- end }} +{{ toYaml .Values.sealedSecretAnnotations | indent 4 }} {{- end }} -{{- if eq .Values.secretType "secret" }} -stringData: - githubApp.pem: | -{{ required ".Values.githubApp.privateKey key is required" .Values.githubApp.privateKey | indent 4 }} -{{- else if eq .Values.secretType "sealedSecret" }} +{{- if $sealedSecret }} spec: encryptedData: githubApp.pem: | -{{ required " .Values.githubApp.privateKey key is required" .Values.githubApp.privateKey | indent 6 }} +{{ .Values.githubAppPrivateKey | indent 6 }} +{{- else }} +stringData: + githubApp.pem: | +{{ .Values.githubAppPrivateKey | indent 4 }} {{- end }} {{- end }} diff --git a/chart/tests/with-github-app-and-sealed-secrets/expected.yaml b/chart/tests/with-github-app-and-sealed-secrets/expected.yaml index e30014c..cbe4227 100644 --- a/chart/tests/with-github-app-and-sealed-secrets/expected.yaml +++ b/chart/tests/with-github-app-and-sealed-secrets/expected.yaml @@ -73,6 +73,18 @@ spec: - mountPath: /etc/joy/config name: github-app-private-key env: + - name: CATALOG_DIR + value: "/tmp/catalog" + - name: CATALOG_URL + value: "https://github.com/example/foobar.git" + - name: GH_APP_ID + value: "123456" + - name: GH_APP_INSTALLATION_ID + value: "789101112" + - name: GRACE_PERIOD + value: "10s" + - name: PORT + value: ":8080" - name: JOY_GITHUB_APP_PRIVATE_KEY_PATH value: /etc/joy/config/githubApp.pem envFrom: @@ -102,13 +114,7 @@ metadata: sealedsecrets.bitnami.com/cluster-wide: "true" spec: encryptedData: - CATALOG_DIR: /tmp/catalog - CATALOG_URL: https://github.com/example/foobar.git - GH_APP_ID: "123456" - GH_APP_INSTALLATION_ID: "789101112" - GRACE_PERIOD: 10s PLUGIN_TOKEN: '@very!l0ngands3curet0ken' - PORT: :8080 --- # Source: joy-generator/templates/secret.yaml apiVersion: bitnami.com/v1alpha1 diff --git a/chart/tests/with-github-app-and-sealed-secrets/values.yaml b/chart/tests/with-github-app-and-sealed-secrets/values.yaml index af78a3b..207c593 100644 --- a/chart/tests/with-github-app-and-sealed-secrets/values.yaml +++ b/chart/tests/with-github-app-and-sealed-secrets/values.yaml @@ -1,14 +1,15 @@ env: CATALOG_URL: https://github.com/example/foobar.git - PLUGIN_TOKEN: "@very!l0ngands3curet0ken" GH_APP_ID: "123456" GH_APP_INSTALLATION_ID: "789101112" -githubApp: - privateKey: | - FOOBARLOREMISPUM +secretEnv: + type: sealedSecret + values: + PLUGIN_TOKEN: "@very!l0ngands3curet0ken" -secretType: "sealedSecret" +githubAppPrivateKey: | + FOOBARLOREMISPUM sealedSecretAnnotations: sealedsecrets.bitnami.com/cluster-wide: "true" diff --git a/chart/tests/with-github-app/expected.yaml b/chart/tests/with-github-app/expected.yaml index 5463ff4..18fc431 100644 --- a/chart/tests/with-github-app/expected.yaml +++ b/chart/tests/with-github-app/expected.yaml @@ -5,13 +5,7 @@ kind: Secret metadata: name: my-release-joy-generator-config stringData: - CATALOG_DIR: /tmp/catalog - CATALOG_URL: https://github.com/example/foobar.git - GH_APP_ID: "123" - GH_APP_INSTALLATION_ID: "666" - GRACE_PERIOD: 10s PLUGIN_TOKEN: '@very!l0ngands3curet0ken' - PORT: :8080 --- # Source: joy-generator/templates/secret.yaml apiVersion: v1 @@ -96,6 +90,18 @@ spec: - mountPath: /etc/joy/config name: github-app-private-key env: + - name: CATALOG_DIR + value: "/tmp/catalog" + - name: CATALOG_URL + value: "https://github.com/example/foobar.git" + - name: GH_APP_ID + value: "123" + - name: GH_APP_INSTALLATION_ID + value: "666" + - name: GRACE_PERIOD + value: "10s" + - name: PORT + value: ":8080" - name: JOY_GITHUB_APP_PRIVATE_KEY_PATH value: /etc/joy/config/githubApp.pem envFrom: diff --git a/chart/tests/with-github-app/values.yaml b/chart/tests/with-github-app/values.yaml index c6fcae2..2276a36 100644 --- a/chart/tests/with-github-app/values.yaml +++ b/chart/tests/with-github-app/values.yaml @@ -1,19 +1,20 @@ # Configuration settings for the joy-generator instance env: - PLUGIN_TOKEN: "@very!l0ngands3curet0ken" - GH_APP_ID: "123" GH_APP_INSTALLATION_ID: "666" # The HTTPS Git URL of your joy catalog CATALOG_URL: "https://github.com/example/foobar.git" +secretEnv: + values: + PLUGIN_TOKEN: "@very!l0ngands3curet0ken" + # The GitHub app configuration. # Required if githubToken is not set. -githubApp: - # The GitHub application private key (PEM format) - privateKey: | - FOOBARLOREMISPUM +# The GitHub application private key (PEM format) +githubAppPrivateKey: | + FOOBARLOREMISPUM image: tag: 0.1.2 diff --git a/chart/tests/with-github-token/expected.yaml b/chart/tests/with-github-token/expected.yaml index 708f5ee..ec6643b 100644 --- a/chart/tests/with-github-token/expected.yaml +++ b/chart/tests/with-github-token/expected.yaml @@ -5,13 +5,8 @@ kind: Secret metadata: name: my-release-joy-generator-config stringData: - CATALOG_DIR: /tmp/catalog - CATALOG_URL: https://github.com/example/foobar.git GH_TOKEN: "12312312312312" - GH_USER: username - GRACE_PERIOD: 10s PLUGIN_TOKEN: '@very!l0ngands3curet0ken' - PORT: :8080 --- # Source: joy-generator/templates/argocd-config.yaml apiVersion: v1 @@ -81,6 +76,17 @@ spec: volumeMounts: - mountPath: /tmp/catalog name: catalog-dir + env: + - name: CATALOG_DIR + value: "/tmp/catalog" + - name: CATALOG_URL + value: "https://github.com/example/foobar.git" + - name: GH_USER + value: "username" + - name: GRACE_PERIOD + value: "10s" + - name: PORT + value: ":8080" envFrom: - secretRef: name: my-release-joy-generator-config diff --git a/chart/tests/with-github-token/values.yaml b/chart/tests/with-github-token/values.yaml index 8410a0f..00bc739 100644 --- a/chart/tests/with-github-token/values.yaml +++ b/chart/tests/with-github-token/values.yaml @@ -3,10 +3,13 @@ # Declare variables to be passed into your templates. env: - PLUGIN_TOKEN: "@very!l0ngands3curet0ken" CATALOG_URL: https://github.com/example/foobar.git GH_USER: username - GH_TOKEN: "12312312312312" + +secretEnv: + values: + PLUGIN_TOKEN: "@very!l0ngands3curet0ken" + GH_TOKEN: "12312312312312" image: tag: 0.1.2 diff --git a/chart/values.yaml b/chart/values.yaml index 56e223d..3d0d7a5 100644 --- a/chart/values.yaml +++ b/chart/values.yaml @@ -5,44 +5,22 @@ env: PORT: :8080 GRACE_PERIOD: 10s - CATALOG_DIR: /tmp/catalog - # PLUGIN_TOKEN: "" + CATALOG_DIR: /tmp/catalog # CATALOG_URL: "" # CATALOG_REVISION: "" # GH_USER: "" - # GH_TOKEN: "" # GH_APP_ID: "" # GH_APP_INSTALLATION_ID: "" -# Configuration settings for the joy-generator instance -applicationConfig: - # The shared token that ArgoCD will use to call the joy-generator plugin API - # This should be some long and secure random string - pluginToken: "" - # The HTTPS Git URL of your joy catalog - repoUrl: "" - - # joy-generator supports authenticating with GitHub using either a personal access token or a GitHub App - # Provide either the githubUser or githubApp section, but not both - -# githubUser: -# # The GitHub username to use for the joy-generator instance -# username: "" -# # The GitHub personal access token to use for the joy-generator instance -# token: "" - -# githubApp: -# # The GitHub application ID -# appId: "" -# # The GitHub application installation ID -# installationId: "" -# # The GitHub application private key (PEM format) -# privateKey: "" - -# The secret type to use for applicationConfig values. -# Can be either 'secret' or 'sealedSecret'. -secretType: "secret" +secretEnv: + type: secret + values: + # PLUGIN_TOKEN: "" + # GH_TOKEN: "" + +githubAppPrivateKey: "" + # Additional annotations for sealed secrets sealedSecretAnnotations: {} diff --git a/go.mod b/go.mod index ed843af..d86d859 100644 --- a/go.mod +++ b/go.mod @@ -4,7 +4,7 @@ go 1.22.0 require ( github.com/bradleyfalzon/ghinstallation/v2 v2.9.0 - github.com/davidmdm/conf v0.0.4 + github.com/davidmdm/conf v0.0.7 github.com/davidmdm/x/xcontext v0.0.2 github.com/gin-gonic/gin v1.9.1 github.com/go-git/go-git/v5 v5.11.0 diff --git a/go.sum b/go.sum index 668392f..3b2d0ec 100644 --- a/go.sum +++ b/go.sum @@ -41,8 +41,8 @@ github.com/cyphar/filepath-securejoin v0.2.4/go.mod h1:aPGpWjXOXUn2NCNjFvBE6aRxG github.com/davecgh/go-spew v1.1.0/go.mod h1:J7Y8YcW2NihsgmVo/mv3lAwl/skON4iLHjSsI+c5H38= github.com/davecgh/go-spew v1.1.1 h1:vj9j/u1bqnvCEfJOwUhtlOARqs3+rkHYY13jYWTU97c= github.com/davecgh/go-spew v1.1.1/go.mod h1:J7Y8YcW2NihsgmVo/mv3lAwl/skON4iLHjSsI+c5H38= -github.com/davidmdm/conf v0.0.4 h1:RluYzOw+d/H112lY2OCHWPIQemtOGhidLk0wi3QWqms= -github.com/davidmdm/conf v0.0.4/go.mod h1:xcNNsALh9qR2toeuYnXfyMuOPMVuEAfWN0Nb4lqugzw= +github.com/davidmdm/conf v0.0.7 h1:5VbSi6nStd7X04FuA9ArD00FRTtcPMhvb6BzKbAWoSM= +github.com/davidmdm/conf v0.0.7/go.mod h1:xcNNsALh9qR2toeuYnXfyMuOPMVuEAfWN0Nb4lqugzw= github.com/davidmdm/x/xcontext v0.0.2 h1:8US+zdRCPmnWeSa/28U+dvbhdkBd8mI6XhP7meIZCdk= github.com/davidmdm/x/xcontext v0.0.2/go.mod h1:lfAacRD741WjdRwwuTrCaKtvEgPsGMSlmfwgib2SpVA= github.com/davidmdm/x/xerr v0.0.3 h1:WwHvo6qzR+eRmHq69Ftgb7PL9832iwy313XpQyJRGtM= diff --git a/local.smoketest.sh b/local.smoketest.sh new file mode 100755 index 0000000..6d72a96 --- /dev/null +++ b/local.smoketest.sh @@ -0,0 +1,27 @@ +set -eux + +kind delete cluster +kind create cluster + +kubectl config set-context kind-kind + +docker build -t local-generator-test:latest . + +kind load docker-image local-generator-test:latest + +helm install generator ./chart --values - <