From 3782b67fba4b86730265b56912aec51b1b6edec4 Mon Sep 17 00:00:00 2001 From: Yurii Vlasov Date: Fri, 27 Dec 2024 15:08:32 +0200 Subject: [PATCH] Fixing securityContext values injection. Fixing lint CI Signed-off-by: Yurii Vlasov --- .github/workflows/lint-test.yaml | 18 ++---- charts/chatwoot/Chart.yaml | 2 +- charts/chatwoot/templates/migrations-job.yaml | 60 ++++++++++++------- charts/chatwoot/templates/web-deployment.yaml | 15 +++-- .../chatwoot/templates/worker-deployment.yaml | 15 +++-- 5 files changed, 66 insertions(+), 44 deletions(-) diff --git a/.github/workflows/lint-test.yaml b/.github/workflows/lint-test.yaml index c9cfeac..a6d3883 100644 --- a/.github/workflows/lint-test.yaml +++ b/.github/workflows/lint-test.yaml @@ -11,14 +11,12 @@ jobs: runs-on: ubuntu-latest steps: - name: Checkout - uses: actions/checkout@v2 + uses: actions/checkout@v4 with: fetch-depth: 0 - name: Set up Helm - uses: azure/setup-helm@v1 - with: - version: v3.4.0 + uses: azure/setup-helm@v4 - name: Add helm dependencies run: | @@ -26,10 +24,10 @@ jobs: - uses: actions/setup-python@v2 with: - python-version: 3.7 + python-version: "<4.0.0" - name: Set up chart-testing - uses: helm/chart-testing-action@v2.1.0 + uses: helm/chart-testing-action@v2 - name: Run chart-testing (list-changed) id: list-changed @@ -40,11 +38,5 @@ jobs: fi - name: Run chart-testing (lint) + if: steps.list-changed.outputs.changed == 'true' run: ct lint --target-branch main - - # - name: Create kind cluster - # uses: helm/kind-action@v1.2.0 - # if: steps.list-changed.outputs.changed == 'true' - - # - name: Run chart-testing (install) - # run: ct install --target-branch main --helm-extra-args "--timeout 10m" diff --git a/charts/chatwoot/Chart.yaml b/charts/chatwoot/Chart.yaml index 700cc42..182d032 100644 --- a/charts/chatwoot/Chart.yaml +++ b/charts/chatwoot/Chart.yaml @@ -31,7 +31,7 @@ sources: - http://www.chatwoot.com # This is the chart version. -version: 1.1.19 +version: 1.1.20 # This is the application version. appVersion: "v3.16.0" diff --git a/charts/chatwoot/templates/migrations-job.yaml b/charts/chatwoot/templates/migrations-job.yaml index 5508849..33dba3e 100644 --- a/charts/chatwoot/templates/migrations-job.yaml +++ b/charts/chatwoot/templates/migrations-job.yaml @@ -24,24 +24,40 @@ spec: {{- if .Values.nodeSelector }} nodeSelector: {{- include "common.tplvalues.render" (dict "value" .Values.nodeSelector "context" $) | nindent 8 }} {{- end }} + {{- with .Values.podSecurityContext }} + securityContext: + {{- toYaml . | nindent 8 }} + {{- end }} initContainers: - name: init-postgres image: "{{ .Values.image.repository }}:{{ .Values.image.tag }}" imagePullPolicy: {{ .Values.image.pullPolicy }} - command: ["/bin/sh"] + command: ["/bin/sh", "-c"] args: - - -c - - >- - PG_READY="pg_isready -h {{ template "chatwoot.postgresql.host" . }} -p {{ template "chatwoot.postgresql.port" . }}"; - until $PG_READY; - do - sleep 2; - done; - echo "Database ready to accept connections." ; + - |- + PG_READY="pg_isready -h {{ template "chatwoot.postgresql.host" . }} -p {{ template "chatwoot.postgresql.port" . }}" + until $PG_READY; do + sleep 2 + done + echo "Database ready to accept connections." + {{- with .Values.securityContext }} + securityContext: + {{- toYaml . | nindent 10 }} + {{- end }} - name: init-redis image: busybox:1.28 imagePullPolicy: {{ .Values.image.pullPolicy }} - command: ["sh", "-c", "until nslookup {{ template "chatwoot.redis.host" . }} ; do echo waiting for {{ template "chatwoot.redis.host" . }} ; sleep 2; done;"] + command: ["sh", "-c"] + args: + - |- + until nslookup {{ template "chatwoot.redis.host" . }}; do + echo "waiting for {{ template "chatwoot.redis.host" . }}" + sleep 2 + done + {{- with .Values.securityContext }} + securityContext: + {{- toYaml . | nindent 10 }} + {{- end }} containers: - name: "db-migrate-job" image: "{{ .Values.image.repository }}:{{ .Values.image.tag }}" @@ -51,31 +67,35 @@ spec: - rails - db:chatwoot_prepare env: - {{- if .Values.postgresql.auth.existingSecret }} + {{- with .Values.postgresql.auth.existingSecret }} - name: POSTGRES_PASSWORD valueFrom: secretKeyRef: - name: {{ .Values.postgresql.auth.existingSecret }} - key: {{ default "password" .Values.postgresql.auth.secretKeys.adminPasswordKey }} + name: {{ quote . }} + key: {{ default "password" $.Values.postgresql.auth.secretKeys.adminPasswordKey }} {{- end }} - {{- if .Values.redis.auth.existingSecret }} + {{- with .Values.redis.auth.existingSecret }} - name: REDIS_PASSWORD valueFrom: secretKeyRef: - name: {{ .Values.redis.auth.existingSecret }} - key: {{ default "password" .Values.redis.auth.existingSecretPasswordKey }} + name: {{ quote . }} + key: {{ default "password" $.Values.redis.auth.existingSecretPasswordKey }} {{- end }} envFrom: - secretRef: name: {{ template "chatwoot.fullname" . }}-env - {{- if .Values.existingEnvSecret }} + {{- with .Values.existingEnvSecret }} - secretRef: - name: {{ .Values.existingEnvSecret }} + name: {{ quote . }} {{- end }} imagePullPolicy: {{ .Values.image.pullPolicy }} volumeMounts: - - name: cache - mountPath: /app/tmp + - name: cache + mountPath: /app/tmp + {{- with .Values.securityContext }} + securityContext: + {{- toYaml . | nindent 10 }} + {{- end }} serviceAccountName: {{ include "chatwoot.serviceAccountName" . }} {{- if .Values.securityContext }} securityContext: {{ .Values.securityContext | toYaml | nindent 8 }} diff --git a/charts/chatwoot/templates/web-deployment.yaml b/charts/chatwoot/templates/web-deployment.yaml index 277520d..3a1e96e 100644 --- a/charts/chatwoot/templates/web-deployment.yaml +++ b/charts/chatwoot/templates/web-deployment.yaml @@ -41,7 +41,9 @@ spec: nodeSelector: {{- include "common.tplvalues.render" (dict "value" .Values.nodeSelector "context" $) | nindent 8 }} {{- end }} containers: - - args: + - name: {{ .Chart.Name }}-web + image: "{{ .Values.image.repository }}:{{ .Values.image.tag }}" + args: - bundle - exec - rails @@ -74,8 +76,10 @@ spec: - secretRef: name: {{ .Values.existingEnvSecret }} {{- end }} - image: "{{ .Values.image.repository }}:{{ .Values.image.tag }}" - name: {{ .Chart.Name }}-web + {{- with .Values.securityContext }} + securityContext: + {{- toYaml . | nindent 12 }} + {{- end }} ports: - containerPort: {{ int .Values.services.internalPort }} imagePullPolicy: {{ .Values.image.pullPolicy }} @@ -87,8 +91,9 @@ spec: - name: cache mountPath: /app/tmp serviceAccountName: {{ include "chatwoot.serviceAccountName" . }} - {{- if .Values.securityContext }} - securityContext: {{ .Values.securityContext | toYaml | nindent 8 }} + {{- with .Values.podSecurityContext }} + securityContext: + {{- toYaml . | nindent 8 }} {{- end }} volumes: - name: cache diff --git a/charts/chatwoot/templates/worker-deployment.yaml b/charts/chatwoot/templates/worker-deployment.yaml index 1e55b19..f316915 100644 --- a/charts/chatwoot/templates/worker-deployment.yaml +++ b/charts/chatwoot/templates/worker-deployment.yaml @@ -41,7 +41,9 @@ spec: nodeSelector: {{- include "common.tplvalues.render" (dict "value" .Values.nodeSelector "context" $) | nindent 8 }} {{- end }} containers: - - args: + - name: {{ .Chart.Name }}-workers + image: "{{ .Values.image.repository }}:{{ .Values.image.tag }}" + args: - bundle - exec - sidekiq @@ -69,8 +71,10 @@ spec: - secretRef: name: {{ .Values.existingEnvSecret }} {{- end }} - image: "{{ .Values.image.repository }}:{{ .Values.image.tag }}" - name: {{ .Chart.Name }}-workers + {{- with .Values.securityContext }} + securityContext: + {{- toYaml . | nindent 12 }} + {{- end }} {{- with .Values.worker.resources }} resources: {{- toYaml . | nindent 12 }} @@ -80,8 +84,9 @@ spec: - name: cache mountPath: /app/tmp serviceAccountName: {{ include "chatwoot.serviceAccountName" . }} - {{- if .Values.securityContext }} - securityContext: {{ .Values.securityContext | toYaml | nindent 8 }} + {{- with .Values.podSecurityContext }} + securityContext: + {{- toYaml . | nindent 8 }} {{- end }} volumes: - name: cache