diff --git a/.github/workflows/helm-workflow.yaml b/.github/workflows/helm-workflow.yaml index f46ecb4..8ef7e9e 100644 --- a/.github/workflows/helm-workflow.yaml +++ b/.github/workflows/helm-workflow.yaml @@ -7,29 +7,29 @@ on: branches: - main env: - HELM_VERSION: v3.19.0 - HELMFILE_VERSION: v1.1.2 - PYTHON_VERSION: 3.13 + HELM_VERSION: v4.0.5 + HELMFILE_VERSION: v1.2.3 + PYTHON_VERSION: 3.14 jobs: lint: runs-on: ubuntu-latest steps: - name: Checkout - uses: actions/checkout@v3 + uses: actions/checkout@v6 with: fetch-depth: 0 - name: Set up Go - uses: actions/setup-go@v3 + uses: actions/setup-go@v6 - name: Set up Helm uses: azure/setup-helm@v4.3.0 with: version: ${{ env.HELM_VERSION }} - - uses: actions/setup-python@v4 + - uses: actions/setup-python@v6 with: python-version: ${{ env.PYTHON_VERSION }} check-latest: true - name: Set up chart-testing - uses: helm/chart-testing-action@v2.6.0 + uses: helm/chart-testing-action@v2.8.0 - name: Run chart-testing (lint) run: ct lint --target-branch main --validate-maintainers=false test-values: @@ -37,7 +37,7 @@ jobs: runs-on: ubuntu-latest steps: - name: Checkout - uses: actions/checkout@v3 + uses: actions/checkout@v6 - name: Run the test run: | cd charts/db-operator @@ -48,27 +48,27 @@ jobs: strategy: matrix: k8s_version: - - v1.30.13 - - v1.31.9 - - v1.32.5 - - v1.33.1 + - v1.35.0 + - v1.34.3 + - v1.33.7 + - v1.32.11 steps: - name: Checkout - uses: actions/checkout@v3 + uses: actions/checkout@v6 with: fetch-depth: 0 - name: Set up Go - uses: actions/setup-go@v3 + uses: actions/setup-go@v6 - name: Set up Helm - uses: azure/setup-helm@v3 + uses: azure/setup-helm@v4.3.0 with: version: ${{ env.HELM_VERSION }} - - uses: actions/setup-python@v4 + - uses: actions/setup-python@v6 with: python-version: ${{ env.PYTHON_VERSION }} check-latest: true - name: Set up chart-testing - uses: helm/chart-testing-action@v2.6.1 + uses: helm/chart-testing-action@v2.8.0 # It's not used anymore, but it's a small step, maybe we'll need it in the future, so let it be here - name: Run chart-testing (list-changed) id: list-changed @@ -89,17 +89,16 @@ jobs: - role: worker EOF - name: Create kind cluster - uses: helm/kind-action@v1.7.0 + uses: helm/kind-action@v1.13.0 with: node_image: kindest/node:${{ matrix.k8s_version }} config: ./kind-config.yaml - - uses: helmfile/helmfile-action@v1.0.0 + - uses: helmfile/helmfile-action@v2.1.0 with: helmfile-version: ${{ env.HELMFILE_VERSION }} helm-version: ${{ env.HELM_VERSION }} - helm-plugins: > - https://github.com/databus23/helm-diff, https://github.com/jkroepke/helm-secrets + helmfile-auto-init: true helmfile-args: sync --wait - name: Test the db-operator chart install @@ -107,7 +106,7 @@ jobs: ct install --target-branch main --charts ./charts/db-operator helmfile destroy - - uses: helmfile/helmfile-action@v1.0.0 + - uses: helmfile/helmfile-action@v2.1.0 with: helmfile-version: ${{ env.HELMFILE_VERSION }} helm-version: ${{ env.HELM_VERSION }} @@ -118,7 +117,7 @@ jobs: ct install --target-branch main --charts ./charts/db-operator --upgrade helmfile destroy - - uses: helmfile/helmfile-action@v1.0.0 + - uses: helmfile/helmfile-action@v2.1.0 with: helmfile-version: ${{ env.HELMFILE_VERSION }} helm-version: ${{ env.HELM_VERSION }} @@ -129,7 +128,7 @@ jobs: ct install --target-branch main --charts ./charts/db-instances helmfile destroy - - uses: helmfile/helmfile-action@v1.0.0 + - uses: helmfile/helmfile-action@v2.1.0 with: helmfile-version: ${{ env.HELMFILE_VERSION }} helm-version: ${{ env.HELM_VERSION }} @@ -145,7 +144,7 @@ jobs: if: github.ref == 'refs/heads/main' steps: - name: Checkout - uses: actions/checkout@v3 + uses: actions/checkout@v6 with: fetch-depth: 0 - name: Configure Git @@ -153,10 +152,31 @@ jobs: git config user.name "$GITHUB_ACTOR" git config user.email "$GITHUB_ACTOR@users.noreply.github.com" - name: Install Helm - uses: azure/setup-helm@v3 + uses: azure/setup-helm@v4.3.0 with: version: ${{ env.HELM_VERSION }} + - name: Push Helm chart to OCI compatible registry (Github) + run: | + export BRANCH=${GITHUB_HEAD_REF:-${GITHUB_REF#refs/heads/}} + export SHA="+$(git rev-parse --short HEAD)" + helm registry login ghcr.io \ + --username ${{ github.actor }} \ + --password ${{ github.token }} + for chart in $(find charts -maxdepth 1 -mindepth 1 -type d); do + if [ "${BRANCH}" != "main" ]; then + yq e -i ".version += env(SHA)" "$chart/Chart.yaml" + fi + helm dep build $chart + helm package $chart -d chart-packages; + done + charts=$(find chart-packages -maxdepth 1 -mindepth 1 -type f) + REGISTRY=$(echo oci://ghcr.io/${{ github.repository }} | tr '[:upper:]' '[:lower:]') + for chart in $charts; do + echo ${chart} + echo "${REGISTRY}" + helm push "${chart}" "${REGISTRY}" + done - name: Run chart-releaser - uses: helm/chart-releaser-action@v1.4.0 + uses: helm/chart-releaser-action@v1.7.0 env: CR_TOKEN: "${{ secrets.GITHUB_TOKEN }}" diff --git a/charts/db-operator/Chart.yaml b/charts/db-operator/Chart.yaml index 951de86..072dfec 100644 --- a/charts/db-operator/Chart.yaml +++ b/charts/db-operator/Chart.yaml @@ -1,7 +1,7 @@ apiVersion: v2 type: application name: db-operator -version: 2.2.0 +version: 2.3.0 # --------------------------------------------------------------------------------- # -- All supported k8s versions are in the test: diff --git a/charts/db-operator/templates/crds/kinda.rocks_databases.yaml b/charts/db-operator/crd/kinda.rocks_databases.yaml similarity index 96% rename from charts/db-operator/templates/crds/kinda.rocks_databases.yaml rename to charts/db-operator/crd/kinda.rocks_databases.yaml index 57f072c..cdf1f7a 100644 --- a/charts/db-operator/templates/crds/kinda.rocks_databases.yaml +++ b/charts/db-operator/crd/kinda.rocks_databases.yaml @@ -1,36 +1,11 @@ -{{- if .Values.crds.install }} --- apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: controller-gen.kubebuilder.io/version: v0.14.0 - {{- if .Values.webhook.certificate.create }} - cert-manager.io/inject-ca-from: {{ .Release.Namespace }}/{{ .Values.webhook.certificate.name}} - {{ else }} - cert-manager.io/inject-ca-from-secret: {{ .Release.Namespace }}/{{ .Values.webhook.certificate.secretName}} - {{- end }} - {{- if .Values.crds.keep }} - helm.sh/resource-policy: keep - {{- end }} - {{- with .Values.crds.annotations }} - {{- toYaml . | nindent 4 }} - {{- end }} name: databases.kinda.rocks spec: - {{- if .Values.webhook.enabled }} - conversion: - strategy: Webhook - webhook: - clientConfig: - service: - namespace: {{ .Release.Namespace }} - name: {{ include "webhook.name" . }} - path: /convert - conversionReviewVersions: - - v1alpha1 - - v1beta1 - {{- end }} group: kinda.rocks names: kind: Database @@ -567,4 +542,3 @@ spec: storage: true subresources: status: {} -{{- end }} diff --git a/charts/db-operator/templates/crds/kinda.rocks_dbinstances.yaml b/charts/db-operator/crd/kinda.rocks_dbinstances.yaml similarity index 95% rename from charts/db-operator/templates/crds/kinda.rocks_dbinstances.yaml rename to charts/db-operator/crd/kinda.rocks_dbinstances.yaml index 7cb3b05..901da49 100644 --- a/charts/db-operator/templates/crds/kinda.rocks_dbinstances.yaml +++ b/charts/db-operator/crd/kinda.rocks_dbinstances.yaml @@ -1,36 +1,11 @@ -{{- if .Values.crds.install }} --- apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: controller-gen.kubebuilder.io/version: v0.14.0 - {{- if .Values.webhook.certificate.create }} - cert-manager.io/inject-ca-from: {{ .Release.Namespace }}/{{ .Values.webhook.certificate.name}} - {{ else }} - cert-manager.io/inject-ca-from-secret: {{ .Release.Namespace }}/{{ .Values.webhook.certificate.secretName}} - {{- end }} - {{- if .Values.crds.keep }} - helm.sh/resource-policy: keep - {{- end }} - {{- with .Values.crds.annotations }} - {{- toYaml . | nindent 4 }} - {{- end }} name: dbinstances.kinda.rocks spec: - {{- if .Values.webhook.enabled }} - conversion: - strategy: Webhook - webhook: - clientConfig: - service: - namespace: {{ .Release.Namespace }} - name: {{ include "webhook.name" . }} - path: /convert - conversionReviewVersions: - - v1alpha1 - - v1beta1 - {{- end }} group: kinda.rocks names: kind: DbInstance @@ -443,4 +418,3 @@ spec: storage: true subresources: status: {} -{{- end }} diff --git a/charts/db-operator/templates/crds/kinda.rocks_dbuser.yaml b/charts/db-operator/crd/kinda.rocks_dbusers.yaml similarity index 93% rename from charts/db-operator/templates/crds/kinda.rocks_dbuser.yaml rename to charts/db-operator/crd/kinda.rocks_dbusers.yaml index 70197f8..585a5cd 100644 --- a/charts/db-operator/templates/crds/kinda.rocks_dbuser.yaml +++ b/charts/db-operator/crd/kinda.rocks_dbusers.yaml @@ -1,21 +1,9 @@ -{{- if .Values.crds.install }} --- apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: controller-gen.kubebuilder.io/version: v0.14.0 - {{- if .Values.webhook.certificate.create }} - cert-manager.io/inject-ca-from: {{ .Release.Namespace }}/{{ .Values.webhook.certificate.name}} - {{ else }} - cert-manager.io/inject-ca-from-secret: {{ .Release.Namespace }}/{{ .Values.webhook.certificate.secretName}} - {{- end }} - {{- if .Values.crds.keep }} - helm.sh/resource-policy: keep - {{- end }} - {{- with .Values.crds.annotations }} - {{- toYaml . | nindent 4 }} - {{- end }} name: dbusers.kinda.rocks spec: group: kinda.rocks @@ -186,4 +174,3 @@ spec: storage: true subresources: status: {} -{{- end }} diff --git a/charts/db-operator/templates/crds.yaml b/charts/db-operator/templates/crds.yaml new file mode 100644 index 0000000..1bd8f1b --- /dev/null +++ b/charts/db-operator/templates/crds.yaml @@ -0,0 +1,54 @@ +{{- if .Values.crds.install }} +{{- $manifests := dict }} +{{- range $path, $index := .Files.Glob "crd/*" }} + {{- $file := $.Files.Get $path }} + {{- $_ := set $manifests ($index | toString ) $file }} +{{- end }} +{{- range $_, $file := $manifests }} +--- +{{- $manifest := $file | fromYaml }} +apiVersion: {{ get $manifest "apiVersion" }} +kind: {{ get $manifest "kind" }} +{{- $metadata := get $manifest "metadata" }} +metadata: + name: {{ get $metadata "name" }} + {{- with $.Values.labels }} + labels: + {{- . | toYaml | nindent 4 }} + {{- end }} + {{- $crdAnnotations := get $metadata "annotations" }} + {{- $annotations := merge $crdAnnotations $.Values.annotations }} + annotations: + {{- $annotations | toYaml | nindent 4 }} + {{- if $.Values.webhook.certificate.create }} + cert-manager.io/inject-ca-from: {{ $.Release.Namespace }}/{{ $.Values.webhook.certificate.name}} + {{ else }} + cert-manager.io/inject-ca-from-secret: {{ $.Release.Namespace }}/{{ $.Values.webhook.certificate.secretName}} + {{- end }} + {{- if $.Values.crds.keep }} + helm.sh/resource-policy: keep + {{- end }} +spec: +{{- if (or + (eq $manifest.metadata.name "databases.kinda.rocks") + (eq $manifest.metadata.name "dbinstances.kinda.rocks") + ) +}} +{{- if $.Values.webhook.enabled }} + conversion: + strategy: Webhook + webhook: + clientConfig: + service: + namespace: {{ $.Release.Namespace }} + name: {{ include "webhook.name" . }} + path: /convert + conversionReviewVersions: + - v1alpha1 + - v1beta1 +{{- end }} +{{- end }} +{{ get $manifest "spec" | toYaml | indent 2 }} +{{- end }} + +{{- end }} diff --git a/helmfile.yaml.gotmpl b/helmfile.yaml.gotmpl index 07a3289..f3f0a71 100644 --- a/helmfile.yaml.gotmpl +++ b/helmfile.yaml.gotmpl @@ -5,17 +5,19 @@ environments: --- repositories: - name: jetstack - url: https://charts.jetstack.io + url: quay.io/jetstack/charts + oci: true - name: bitnami url: https://charts.bitnami.com/bitnami - name: prometheus-community - url: https://prometheus-community.github.io/helm-charts + url: ghcr.io/prometheus-community/charts + oci: true releases: - name: cert-manager chart: jetstack/cert-manager namespace: cert-manager - version: v1.16.1 + version: v1.19.2 createNamespace: true values: - crds: @@ -46,7 +48,7 @@ releases: - name: prometheus-stack namespace: monitoring - version: 65.3.2 + version: 80.14.4 createNamespace: true disableValidation: true disableOpenAPIValidation: true @@ -57,16 +59,10 @@ releases: - prometheus: prometheusSpec: enableAdminAPI: true - podMonitorNamespaceSelector: - any: true podMonitorSelector: {} podMonitorSelectorNilUsesHelmValues: false - ruleNamespaceSelector: - any: true ruleSelector: {} ruleSelectorNilUsesHelmValues: false - serviceMonitorNamespaceSelector: - any: true serviceMonitorSelector: {} serviceMonitorSelectorNilUsesHelmValues: false diff --git a/scripts/sync_crds.sh b/scripts/sync_crds.sh new file mode 100755 index 0000000..14439f1 --- /dev/null +++ b/scripts/sync_crds.sh @@ -0,0 +1,11 @@ +#!/usr/bin/env bash + +WORKDIR=$(mktemp -u) +VERSION=$(yq .appVersion charts/db-operator/Chart.yaml) +CHART_VERSION=$(yq .version charts/db-operator/Chart.yaml) + +git clone https://github.com/db-operator/db-operator.git "${WORKDIR}" +git -C "${WORKDIR}" checkout "${VERSION}" +rm -rf ./charts/db-operator/crd +cp -r "${WORKDIR}/config/crd/bases" ./charts/db-operator/crd +rm -rf "${WORKDIR}"