Fixing securityContext values injection.

Fixing lint CI Signed-off-by: Yurii Vlasov <yuriy@vlasov.pro>
chatwoot · Dec 27, 2024 · 3782b67 · 3782b67
1 parent 5467ffa
commit 3782b67
Show file tree

Hide file tree

Showing 5 changed files with 66 additions and 44 deletions.
diff --git a/.github/workflows/lint-test.yaml b/.github/workflows/lint-test.yaml
@@ -11,25 +11,23 @@ jobs:
     runs-on: ubuntu-latest
     steps:
       - name: Checkout
-        uses: actions/checkout@v2
+        uses: actions/checkout@v4
         with:
           fetch-depth: 0
 
       - name: Set up Helm
-        uses: azure/setup-helm@v1
-        with:
-          version: v3.4.0
+        uses: azure/setup-helm@v4
 
       - name: Add helm dependencies
         run: |
           helm repo add bitnami "https://charts.bitnami.com/bitnami"
 
       - uses: actions/setup-python@v2
         with:
-          python-version: 3.7
+          python-version: "<4.0.0"
 
       - name: Set up chart-testing
-        uses: helm/chart-testing-action@v2.1.0
+        uses: helm/chart-testing-action@v2
 
       - name: Run chart-testing (list-changed)
         id: list-changed
@@ -40,11 +38,5 @@ jobs:
           fi
 
       - name: Run chart-testing (lint)
+        if: steps.list-changed.outputs.changed == 'true'
         run: ct lint --target-branch main
-
-      # - name: Create kind cluster
-      #   uses: helm/kind-action@v1.2.0
-      #   if: steps.list-changed.outputs.changed == 'true'
-
-      # - name: Run chart-testing (install)
-      #   run: ct install --target-branch main --helm-extra-args "--timeout 10m"
diff --git a/charts/chatwoot/Chart.yaml b/charts/chatwoot/Chart.yaml
@@ -31,7 +31,7 @@ sources:
   - http://www.chatwoot.com
 
 # This is the chart version.
-version: 1.1.19
+version: 1.1.20
 
 # This is the application version.
 appVersion: "v3.16.0"
diff --git a/charts/chatwoot/templates/migrations-job.yaml b/charts/chatwoot/templates/migrations-job.yaml
@@ -24,24 +24,40 @@ spec:
       {{- if .Values.nodeSelector }}
       nodeSelector: {{- include "common.tplvalues.render" (dict "value" .Values.nodeSelector "context" $) | nindent 8 }}
       {{- end }}
+      {{- with .Values.podSecurityContext }}
+      securityContext:
+        {{- toYaml . | nindent 8 }}
+      {{- end }}
       initContainers:
       - name: init-postgres
         image: "{{ .Values.image.repository }}:{{ .Values.image.tag }}"
         imagePullPolicy: {{ .Values.image.pullPolicy }}
-        command: ["/bin/sh"]
+        command: ["/bin/sh", "-c"]
         args:
-          - -c
-          - >-
-            PG_READY="pg_isready -h {{ template "chatwoot.postgresql.host" . }} -p {{ template "chatwoot.postgresql.port" . }}";
-            until $PG_READY;
-            do
-              sleep 2;
-            done;
-            echo "Database ready to accept connections."  ;
+          - |-
+            PG_READY="pg_isready -h {{ template "chatwoot.postgresql.host" . }} -p {{ template "chatwoot.postgresql.port" . }}"
+            until $PG_READY; do
+              sleep 2
+            done
+            echo "Database ready to accept connections."
+        {{- with .Values.securityContext }}
+        securityContext:
+          {{- toYaml . | nindent 10 }}
+        {{- end }}
       - name: init-redis
         image: busybox:1.28
         imagePullPolicy: {{ .Values.image.pullPolicy }}
-        command: ["sh", "-c", "until nslookup {{ template "chatwoot.redis.host" . }} ; do echo waiting for {{ template "chatwoot.redis.host" . }} ; sleep 2; done;"]
+        command: ["sh", "-c"]
+        args:
+          - |- 
+            until nslookup {{ template "chatwoot.redis.host" . }}; do
+              echo "waiting for {{ template "chatwoot.redis.host" . }}"
+              sleep 2
+            done
+        {{- with .Values.securityContext }}
+        securityContext:
+          {{- toYaml . | nindent 10 }}
+        {{- end }}
       containers:
       - name: "db-migrate-job"
         image: "{{ .Values.image.repository }}:{{ .Values.image.tag }}"
@@ -51,31 +67,35 @@ spec:
         - rails
         - db:chatwoot_prepare
         env:
-        {{- if .Values.postgresql.auth.existingSecret }}
+        {{- with .Values.postgresql.auth.existingSecret }}
         - name: POSTGRES_PASSWORD
           valueFrom:
             secretKeyRef:
-              name: {{ .Values.postgresql.auth.existingSecret }}
-              key: {{ default "password" .Values.postgresql.auth.secretKeys.adminPasswordKey }}
+              name: {{ quote . }}
+              key: {{ default "password" $.Values.postgresql.auth.secretKeys.adminPasswordKey }}
         {{- end }}
-        {{- if .Values.redis.auth.existingSecret }}
+        {{- with .Values.redis.auth.existingSecret }}
         - name: REDIS_PASSWORD
           valueFrom:
             secretKeyRef:
-              name: {{ .Values.redis.auth.existingSecret }}
-              key: {{ default "password" .Values.redis.auth.existingSecretPasswordKey }}
+              name: {{ quote . }}
+              key: {{ default "password" $.Values.redis.auth.existingSecretPasswordKey }}
         {{- end }}
         envFrom:
           - secretRef:
               name: {{ template "chatwoot.fullname" . }}-env
-        {{- if .Values.existingEnvSecret }}
+        {{- with .Values.existingEnvSecret }}
           - secretRef:
-              name: {{ .Values.existingEnvSecret }}
+              name: {{ quote . }}
         {{- end }}
         imagePullPolicy: {{ .Values.image.pullPolicy }}
         volumeMounts:
-            - name: cache
-              mountPath: /app/tmp
+          - name: cache
+            mountPath: /app/tmp
+        {{- with .Values.securityContext }}
+        securityContext:
+          {{- toYaml . | nindent 10 }}
+        {{- end }}
       serviceAccountName: {{ include "chatwoot.serviceAccountName" . }}
       {{- if .Values.securityContext }}
       securityContext: {{ .Values.securityContext | toYaml | nindent 8 }}

diff --git a/charts/chatwoot/templates/web-deployment.yaml b/charts/chatwoot/templates/web-deployment.yaml
@@ -41,7 +41,9 @@ spec:
       nodeSelector: {{- include "common.tplvalues.render" (dict "value" .Values.nodeSelector "context" $) | nindent 8 }}
       {{- end }}
       containers:
-        - args:
+        - name: {{ .Chart.Name }}-web
+          image: "{{ .Values.image.repository }}:{{ .Values.image.tag }}"
+          args:
             - bundle
             - exec
             - rails
@@ -74,8 +76,10 @@ spec:
             - secretRef:
                 name: {{ .Values.existingEnvSecret }}
           {{- end }}
-          image: "{{ .Values.image.repository }}:{{ .Values.image.tag }}"
-          name: {{ .Chart.Name }}-web
+          {{- with .Values.securityContext }}
+          securityContext:
+            {{- toYaml . | nindent 12 }}
+          {{- end }}
           ports:
             - containerPort: {{ int .Values.services.internalPort }}
           imagePullPolicy: {{ .Values.image.pullPolicy }}
@@ -87,8 +91,9 @@ spec:
             - name: cache
               mountPath: /app/tmp
       serviceAccountName: {{ include "chatwoot.serviceAccountName" . }}
-      {{- if .Values.securityContext }}
-      securityContext: {{ .Values.securityContext | toYaml | nindent 8 }}
+      {{- with .Values.podSecurityContext }}
+      securityContext:
+        {{- toYaml . | nindent 8 }}
       {{- end }}
       volumes:
         - name: cache

diff --git a/charts/chatwoot/templates/worker-deployment.yaml b/charts/chatwoot/templates/worker-deployment.yaml
@@ -41,7 +41,9 @@ spec:
       nodeSelector: {{- include "common.tplvalues.render" (dict "value" .Values.nodeSelector "context" $) | nindent 8 }}
       {{- end }}
       containers:
-        - args:
+        - name: {{ .Chart.Name }}-workers
+          image: "{{ .Values.image.repository }}:{{ .Values.image.tag }}"
+          args:
             - bundle
             - exec
             - sidekiq
@@ -69,8 +71,10 @@ spec:
             - secretRef:
                 name: {{ .Values.existingEnvSecret }}
           {{- end }}
-          image: "{{ .Values.image.repository }}:{{ .Values.image.tag }}"
-          name: {{ .Chart.Name }}-workers
+          {{- with .Values.securityContext }}
+          securityContext:
+            {{- toYaml . | nindent 12 }}
+          {{- end }}
           {{- with .Values.worker.resources }}
           resources:
             {{- toYaml . | nindent 12 }}
@@ -80,8 +84,9 @@ spec:
             - name: cache
               mountPath: /app/tmp
       serviceAccountName: {{ include "chatwoot.serviceAccountName" . }}
-      {{- if .Values.securityContext }}
-      securityContext: {{ .Values.securityContext | toYaml | nindent 8 }}
+      {{- with .Values.podSecurityContext }}
+      securityContext:
+        {{- toYaml . | nindent 8 }}
       {{- end }}
       volumes:
         - name: cache