feat: add helm package to release assets when changes occur#220
feat: add helm package to release assets when changes occur#220callum-tait-pbx wants to merge 20 commits intoactions:masterfrom callum-tait-pbx:feat/helm
Conversation
Helm package would fail as the app version wasn't semantic. Stripping v from version for Helm package step
|
I actually didn't mean to do those last 2 commits in this PR, I had the wrong VS code open 🤦 . I'll keep them seen as they are commited now. Would love a review when you get 10 @mumoshu |
|
|
||
| # Run tests | ||
| test: generate fmt vet manifests | ||
| test: create-release-dir generate fmt vet manifests helm-lint |
There was a problem hiding this comment.
| test: create-release-dir generate fmt vet manifests helm-lint | |
| test: generate fmt vet manifests helm-lint |
I think we don't need create-release-dir dependency here.
If it's actually needed, I'd rather suggest move it to where it is depended. Like if manifests depends on create-release-dir , add create-release-dir as manifests's dependency.
|
|
||
| # Upload release file to GitHub. | ||
| github-release: release | ||
| github-release: create-release-dir release |
There was a problem hiding this comment.
| github-release: create-release-dir release | |
| github-release: release |
release seems to depend on create-release-dir so I think we don't need to re-add the dependency here
| # Only 1 authentication method can be enabled at a time | ||
| # Values need to be base64'ed in values.yaml | ||
| githubAuthenticationSchema: | ||
| app: | ||
| enabled: false | ||
| github_app_id: "" | ||
| github_app_installation_id: "" | ||
| github_app_private_key: "" | ||
| token: | ||
| enabled: false | ||
| github_token: "" |
There was a problem hiding this comment.
| # Only 1 authentication method can be enabled at a time | |
| # Values need to be base64'ed in values.yaml | |
| githubAuthenticationSchema: | |
| app: | |
| enabled: false | |
| github_app_id: "" | |
| github_app_installation_id: "" | |
| github_app_private_key: "" | |
| token: | |
| enabled: false | |
| github_token: "" | |
| # Set `enabled: true` and either specify github_app_* or github_token to let the chart | |
| # create the K8s secret required by the controller to authenticate against GitHub API. | |
| # All the values must NOT be base64-encoded, as the chart template base64-encodes values for you. | |
| authSecret: | |
| enabled: false | |
| github_app_id: "" | |
| github_app_installation_id: "" | |
| github_app_private_key: "" | |
| github_token: "" |
I slightly prefer modeling this around the fact that we just create a single K8s secret containing various credentials.
That would allow us to easily enhance this secret/chart in the future for e.g. automated docker-login to the dockerhub to avoid pull rate limit.
There was a problem hiding this comment.
In addition to that, the suggested change would allow simplifying manager_secret.yaml to something like:
{{- if or .Values.authSecret.enabled }}
apiVersion: v1
kind: Secret
metadata:
name: controller-manager
namespace: {{ .Release.Namespace }}
type: Opaque
stringData:
{{ toYaml .Values.authSecret | indent 2 }}
{{- end }}
// I'm aware of the redundant enabled: true added to the stringData but had no quick idea to remove that 😃
There was a problem hiding this comment.
yeh, this makes more sense than the way I was doing it, I'll make the change
There was a problem hiding this comment.
Patched, resolve if happy
| CRD_OPTIONS ?= "crd:trivialVersions=true" | ||
|
|
||
| # This is ultimately the previous tag however at the time of running the Makefile it would be the latest | ||
| GITHUB_LATEST_TAG := $(strip $(shell git tag --sort=committerdate | tail -1)) |
There was a problem hiding this comment.
At the time of running release.yml workflow, I think we already have the latest version tag. Probably we'd better use tail -n 2 | head -n 1?
There was a problem hiding this comment.
ah, maybe this is my lack of Makefile knowledge, are the global variables not ran before any targets are ran? So we run make github-release and the global variables are populated first? As a result they are ran before the ghr ${VERSION} release/ step happens meaning the new release hasn't be created yet?
There was a problem hiding this comment.
AFAIK our usage of GitHub actions workflow ensures that the job is triggered only after we manually tagged the new release.
So, the global variable is populated first, earlier than the tasks. But tail -1 would still return the tag just created manually, where you want seems like the previous one of that.
|
Moved the secret work into #240, I'll revert the secret commits on this branch |
|
@callum-tait-pbx @mumoshu any update? |
|
tbh at this point I was waiting to see what happens with #257. I went down the Makefile route to just fall in line with the convention of the repo. I'm not actually a fan of going that direction at all so I would probably go with the #257 PR unless @mumoshu is keen on sticking with Makefiles, I was waiting for his comments tbh. The only thing I would changed about #257 is the removal of the CRDs held in the chart and instead just copy them from the config as part of the workflow because atm we have to maintain 2 copies of the same CRDs in source control for no real reason. |
|
This is no longer needed now that #257 has been merged, closing. |
Creating a draft PR to get initial comments. @mumoshu
Problem
Currently, the Helm chart in the repo was manually created and is not part of the formal release. The static nature means changing templates 2 places and it also creates issues for me around automation as I don't want to have to monitor the repository for chart changes, nor do I want to come up with an complicated sync job to work around this. Attaching the built chart to the release would allow for a much simplier sync job for my internal feed.
Solution
Have the Helm chart produced as part of the CI and attached to the release so it is much easier to apply automation to as an external user of the solution. The need for this was highlighted in #195
Helm linting is on on the test workflow and helm charts are included in the publish if they are found to have changed beteen the previous tag and the latest tag
Limitations
Notes
https://medium.com/@mattiaperi/create-a-public-helm-chart-repository-with-github-pages-49b180dbb417
https://jamiemagee.co.uk/blog/how-to-host-your-helm-chart-repository-on-github/
There are some interesting posts on how you can use GitHubs pages feature to use the repository itself as a Helm chart feed. To do this the pipeline would need to, in addition to the changes in this PR, update an index.yaml file and commit that into the history. This file would be stored under
Docs/and github pages would be configured to serve theDocs/folder, any thoughts on this would be welcomed.I have learnt I hate Makefiles