Helm AntPickax CI #119
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
# | |
# K2HDKC DBaaS Helm Chart | |
# | |
# Utility helper tools for Github Actions by AntPickax | |
# | |
# Copyright 2022 Yahoo Japan Corporation. | |
# | |
# K2HDKC DBaaS is a DataBase as a Service provided by Yahoo! JAPAN | |
# which is built K2HR3 as a backend and provides services in | |
# cooperation with Kubernetes. | |
# The Override configuration for K2HDKC DBaaS serves to connect the | |
# components that make up the K2HDKC DBaaS. K2HDKC, K2HR3, CHMPX, | |
# and K2HASH are components provided as AntPickax. | |
# | |
# For the full copyright and license information, please view | |
# the license file that was distributed with this source code. | |
# | |
# AUTHOR: Takeshi Nakatani | |
# CREATE: Fri Jan 21 2021 | |
# REVISION: | |
# | |
#---------------------------------------------------------- | |
# Github Actions | |
#---------------------------------------------------------- | |
name: Helm AntPickax CI | |
# | |
# Events | |
# | |
on: | |
push: | |
pull_request: | |
# | |
# CRON event is fire on every sunday(UTC). | |
# | |
schedule: | |
- cron: '0 15 * * 0' | |
# | |
# Environments for azure/setup-helm@v3 | |
# | |
env: | |
GITHUB_TOKEN: ${{secrets.GITHUB_TOKEN}} | |
# | |
# Jobs | |
# | |
jobs: | |
Helm_Template_Lint: | |
runs-on: ubuntu-latest | |
steps: | |
# | |
# Checks-out your repository under ${GITHUB_WORKSPACE}, so your job can access it | |
# | |
# [NOTE] | |
# When using helm/chart-releaser-action, "fetch-depth: 0" is required. | |
# | |
- name: Checkout sources | |
uses: actions/checkout@v4 | |
with: | |
fetch-depth: "0" | |
# | |
# Install latest Helm version | |
# | |
- uses: azure/setup-helm@v4 | |
id: install | |
# | |
# Check values.yaml | |
# | |
- name: CheckValuesYaml | |
run: | | |
if grep -i 'CAUTIONS' values.yaml; then | |
echo "[ERROR] The values.yaml contains CAUTION information." | |
exit 1 | |
fi | |
# | |
# Check scripts by shellcheck | |
# | |
- name: ShellCheck | |
run: | | |
if command -v shellcheck >/dev/null 2>&1; then | |
SHELLCHECK_TARGET_DIRS="." | |
SHELLCHECK_BASE_OPT="--shell=sh" | |
SHELLCHECK_IGN_OPT="--exclude=SC1117,SC1090,SC1091" | |
SHELLCHECK_INCLUDE_IGN_OPT="${SHELLCHECK_IGN_OPT},SC2034,SC2148" | |
SHELLCHECK_EXCEPT_PATHS_CMD="| grep -v '\.sh\.' | grep -v '\.log' | grep -v '/\.git/' | grep -v '\.yaml'" | |
: | |
SHELLCHECK_FILES_NO_SH=$(/bin/sh -c "grep -ril '^\#!/bin/sh' ${SHELLCHECK_TARGET_DIRS} | grep -v '\.sh' ${SHELLCHECK_EXCEPT_PATHS_CMD} | tr '\n' ' '") | |
SHELLCHECK_FILES_SH=$(/bin/sh -c "grep -ril '^\#!/bin/sh' ${SHELLCHECK_TARGET_DIRS} | grep '\.sh' ${SHELLCHECK_EXCEPT_PATHS_CMD} | tr '\n' ' '") | |
SHELLCHECK_FILES_INCLUDE_SH=$(/bin/sh -c "grep -Lir '^\#!/bin/sh' ${SHELLCHECK_TARGET_DIRS} | grep '\.sh' ${SHELLCHECK_EXCEPT_PATHS_CMD} | tr '\n' ' '") | |
: | |
if [ -n "${SHELLCHECK_FILES_NO_SH}" ]; then | |
LC_ALL=C.UTF-8 shellcheck ${SHELLCHECK_BASE_OPT} ${SHELLCHECK_IGN_OPT} ${SHELLCHECK_FILES_NO_SH} | |
fi | |
if [ -n "${SHELLCHECK_FILES_SH}" ]; then | |
LC_ALL=C.UTF-8 shellcheck ${SHELLCHECK_BASE_OPT} ${SHELLCHECK_IGN_OPT} ${SHELLCHECK_FILES_SH} | |
fi | |
if [ -n "${SHELLCHECK_FILES_INCLUDE_SH}" ]; then | |
LC_ALL=C.UTF-8 shellcheck ${SHELLCHECK_BASE_OPT} ${SHELLCHECK_INCLUDE_IGN_OPT} ${SHELLCHECK_FILES_INCLUDE_SH} | |
fi | |
else | |
echo "ShellCheck is not installed, skip checking by ShellCheck." | |
fi | |
# | |
# Check by helm template | |
# | |
- name: Helm template | |
run: | | |
REPONAME=$(echo "${GITHUB_REPOSITORY}" | sed -e 's#^.*/##g') | |
cd "${GITHUB_WORKSPACE}"/.. | |
helm template dummy "${REPONAME}" --set k2hr3.unscopedToken=dummy_token --set k2hr3.clusterName=dummy_k2hr3 | sed -e 's/^# Source:.*$//g' -e 's#image:[[:space:]]*.*/#image: #g' > /tmp/test_template.result | |
diff /tmp/test_template.result "${GITHUB_WORKSPACE}"/.github/workflows/helm_template.result | |
# | |
# Check by helm lint | |
# | |
- name: Helm lint | |
run: | | |
REPONAME=$(echo "${GITHUB_REPOSITORY}" | sed -e 's#^.*/##g') | |
cd "${GITHUB_WORKSPACE}"/.. | |
helm lint "${REPONAME}" --set k2hr3.unscopedToken=dummy_token --set k2hr3.clusterName=dummy_k2hr3 | tail -1 > /tmp/test_lint.result | |
diff /tmp/test_lint.result "${GITHUB_WORKSPACE}"/.github/workflows/helm_lint.result | |
# | |
# Set git config | |
# | |
- name: Configure Git | |
run: | | |
git config user.name "${GITHUB_ACTOR}" | |
git config user.email "${GITHUB_ACTOR}@users.noreply.github.com" | |
# | |
# Release Helm Chart | |
# | |
# [NOTE] | |
# Release tags, asset files, and index.yaml in gh-pages will not be | |
# updated or created in repositories other than the "yahoojapan" | |
# organization. | |
# It means that forked repositories do not run these processes. | |
# But, you can force to execute these by setting | |
# "FORCE_PKG_ORG=<your organization name>" to Secret. | |
# | |
- name: Check/Publish Helm Chart package | |
env: | |
GH_TOKEN: "${{ secrets.GITHUB_TOKEN }}" | |
RUN_TAGGING_ORG: "${{ secrets.RUN_TAGGING_ORG }}" | |
run: | | |
/bin/sh -c "${GITHUB_WORKSPACE}/.github/workflows/helm_packager.sh ${GITHUB_WORKSPACE}/Chart.yaml ${GITHUB_WORKSPACE}/CHANGELOG.md" | |
# | |
# Local variables: | |
# tab-width: 4 | |
# c-basic-offset: 4 | |
# End: | |
# vim600: expandtab sw=4 ts=4 fdm=marker | |
# vim<600: expandtab sw=4 ts=4 | |
# |