From ae207671b4124da4b7989e393cdf709da6ce8961 Mon Sep 17 00:00:00 2001
From: James McGoodwin <james.mcgoodwin@achievers.com>
Date: Thu, 21 Jan 2021 16:01:28 -0500
Subject: [PATCH 1/6] Add templates to override default kubernetes service
 account

This will permit users to select a custom kubernetes service account
via helm chart values, instead of using the built in 'default' ksa.

If the serviceAccount.create boolean is set to true, a new helm chart
'serviceaccounts.yaml' is produced which describes the KSA to be
created, and annotated with the users desired annotations.

If no overrides are provided, the default values.yaml will select the
kubernetes service account named 'default', which is the same net effect
seen via the drone helm chart today.
---
 charts/drone/templates/deployment.yaml     |  4 ++++
 charts/drone/templates/serviceaccount.yaml |  9 +++++++++
 charts/drone/values.schema.json            | 21 ++++++++++++++++++++-
 charts/drone/values.yaml                   |  9 +++++++++
 4 files changed, 42 insertions(+), 1 deletion(-)
 create mode 100644 charts/drone/templates/serviceaccount.yaml

diff --git a/charts/drone/templates/deployment.yaml b/charts/drone/templates/deployment.yaml
index ba17b54..8b889b6 100644
--- a/charts/drone/templates/deployment.yaml
+++ b/charts/drone/templates/deployment.yaml
@@ -29,6 +29,10 @@ spec:
       automountServiceAccountToken: {{ .Values.automountServiceAccountToken }}
       securityContext:
         {{- toYaml .Values.podSecurityContext | nindent 8 }}
+    {{- if .Values.serviceAccount }}
+      serviceAccount: {{ .Values.serviceAccount.name }}
+      serviceAccountName: {{ .Values.serviceAccount.name }}
+    {{- end }}
       containers:
         - name: server
           securityContext:
diff --git a/charts/drone/templates/serviceaccount.yaml b/charts/drone/templates/serviceaccount.yaml
new file mode 100644
index 0000000..b68629b
--- /dev/null
+++ b/charts/drone/templates/serviceaccount.yaml
@@ -0,0 +1,9 @@
+---
+{{- if .Values.serviceAccount.create }}
+apiVersion: v1
+kind: ServiceAccount
+metadata:
+  name: {{ .Values.serviceAccount.name }}
+  annotations:
+{{ toYaml .Values.serviceAccount.annotations | indent 4 }}
+{{- end }}
diff --git a/charts/drone/values.schema.json b/charts/drone/values.schema.json
index 3df25a1..ece2e06 100644
--- a/charts/drone/values.schema.json
+++ b/charts/drone/values.schema.json
@@ -9,6 +9,7 @@
     "fullnameOverride",
     "podSecurityContext",
     "securityContext",
+    "serviceAccount",
     "podAnnotations",
     "service",
     "ingress",
@@ -66,6 +67,24 @@
       "$id": "#/properties/securityContext",
       "type": "object"
     },
+    "serviceAccount": {
+      "$id": "#/properties/serviceAccount",
+      "type": "object",
+	  "required": [
+		  "name",
+		  "create"
+	  ],
+	  "properties": {
+		  "name": {
+			  "$id": "#/properties/serviceAccount/name",
+			  "type": "string"
+		  },
+		  "create": {
+			  "$id": "#/properties/serviceAccount/create",
+			  "type": "boolean"
+		  }
+	  } 
+    },
     "podAnnotations": {
       "$id": "#/properties/podAnnotations",
       "type": "object"
@@ -165,4 +184,4 @@
       }
     }
   }
-}
\ No newline at end of file
+}
diff --git a/charts/drone/values.yaml b/charts/drone/values.yaml
index f041adb..fd0d14f 100644
--- a/charts/drone/values.yaml
+++ b/charts/drone/values.yaml
@@ -27,6 +27,15 @@ securityContext: {}
   # runAsNonRoot: true
   # runAsUser: 1000
 
+## If you need to run drone under a specific kubernetes service account, pass in
+## the name and any annotations here. 
+## If you need the service account created, set create: to true
+## Annotations are added to service account only when create: true.
+serviceAccount:
+  name: default
+  create: false
+  annotations: {}
+
 ## Add extra annotations to the Drone server pods here. See below example for
 ## Prometheus scrape annotations.
 ##

From bfab5fd3195111441fcbabf9a9e8f5dfb9b81cdb Mon Sep 17 00:00:00 2001
From: James McGoodwin <james.mcgoodwin@achievers.com>
Date: Fri, 22 Jan 2021 09:20:51 -0500
Subject: [PATCH 2/6] Some small tweaks. Remove unneccesary if condition, fix
 yaml doc header

---
 charts/drone/templates/deployment.yaml     | 2 --
 charts/drone/templates/serviceaccount.yaml | 2 +-
 2 files changed, 1 insertion(+), 3 deletions(-)

diff --git a/charts/drone/templates/deployment.yaml b/charts/drone/templates/deployment.yaml
index 8b889b6..6e10310 100644
--- a/charts/drone/templates/deployment.yaml
+++ b/charts/drone/templates/deployment.yaml
@@ -29,10 +29,8 @@ spec:
       automountServiceAccountToken: {{ .Values.automountServiceAccountToken }}
       securityContext:
         {{- toYaml .Values.podSecurityContext | nindent 8 }}
-    {{- if .Values.serviceAccount }}
       serviceAccount: {{ .Values.serviceAccount.name }}
       serviceAccountName: {{ .Values.serviceAccount.name }}
-    {{- end }}
       containers:
         - name: server
           securityContext:
diff --git a/charts/drone/templates/serviceaccount.yaml b/charts/drone/templates/serviceaccount.yaml
index b68629b..8c4fc5e 100644
--- a/charts/drone/templates/serviceaccount.yaml
+++ b/charts/drone/templates/serviceaccount.yaml
@@ -1,5 +1,5 @@
----
 {{- if .Values.serviceAccount.create }}
+---
 apiVersion: v1
 kind: ServiceAccount
 metadata:

From d0ab50e09bba2ce575980663ebb63f05c3c22d1c Mon Sep 17 00:00:00 2001
From: James McGoodwin <james.mcgoodwin@achievers.com>
Date: Tue, 26 Jan 2021 10:07:28 -0500
Subject: [PATCH 3/6] Fix CI pipeline

---
 Makefile | 4 ++--
 ct.yaml  | 4 ++--
 2 files changed, 4 insertions(+), 4 deletions(-)

diff --git a/Makefile b/Makefile
index 8752538..f82650a 100644
--- a/Makefile
+++ b/Makefile
@@ -7,8 +7,8 @@ lint:
 .PHONY: publish
 publish:
 	@mkdir -p temp docs
-	@helm repo add stable https://kubernetes-charts.storage.googleapis.com/
-	@helm repo add incubator https://kubernetes-charts-incubator.storage.googleapis.com/
+	@helm repo add stable https://charts.helm.sh/stable
+	@helm repo add incubator https://charts.helm.sh/incubator
 	@helm package -u -d temp charts/drone charts/drone-runner-kube charts/drone-kubernetes-secrets
 	@helm repo index --debug --url=https://charts.drone.io --merge docs/index.yaml temp
 	@mv temp/drone*.tgz docs
diff --git a/ct.yaml b/ct.yaml
index a433e9f..81afa79 100644
--- a/ct.yaml
+++ b/ct.yaml
@@ -3,6 +3,6 @@ remote: origin
 chart-dirs:
   - charts
 chart-repos:
-  - bitnami=https://charts.bitnami.com
-  - stable=https://kubernetes-charts.storage.googleapis.com
+  - bitnami=https://charts.bitnami.com/bitnami
+  - stable=https://charts.helm.sh/stable
 helm-extra-args: --timeout 600

From 3f62bc59a9af3bac2d6cc55e07e01825d691694c Mon Sep 17 00:00:00 2001
From: James McGoodwin <james.mcgoodwin@achievers.com>
Date: Tue, 26 Jan 2021 11:07:40 -0500
Subject: [PATCH 4/6] Bump helm chart version

---
 charts/drone/Chart.yaml | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/charts/drone/Chart.yaml b/charts/drone/Chart.yaml
index 9142095..b801b20 100644
--- a/charts/drone/Chart.yaml
+++ b/charts/drone/Chart.yaml
@@ -4,7 +4,7 @@ name: drone
 description: Drone is a self-service Continuous Delivery platform for busy development teams
 # TODO: Un-comment once we move back to apiVersion: v2.
 # type: application
-version: 0.1.7
+version: 0.1.8
 appVersion: 1.9.0
 kubeVersion: "^1.13.0-0"
 home: https://drone.io/

From a7fa1f3b00ad034ef3df92e5ee34396eadfb576b Mon Sep 17 00:00:00 2001
From: James McGoodwin <james.mcgoodwin@achievers.com>
Date: Tue, 26 Jan 2021 11:09:07 -0500
Subject: [PATCH 5/6] Gobble trailing spaces

---
 charts/drone/values.yaml | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/charts/drone/values.yaml b/charts/drone/values.yaml
index fd0d14f..8f2c4a1 100644
--- a/charts/drone/values.yaml
+++ b/charts/drone/values.yaml
@@ -28,7 +28,7 @@ securityContext: {}
   # runAsUser: 1000
 
 ## If you need to run drone under a specific kubernetes service account, pass in
-## the name and any annotations here. 
+## the name and any annotations here.
 ## If you need the service account created, set create: to true
 ## Annotations are added to service account only when create: true.
 serviceAccount:

From a7f65499d8784c7437d392701f8e5dcfe3e66c52 Mon Sep 17 00:00:00 2001
From: James McGoodwin <james.mcgoodwin@achievers.com>
Date: Tue, 26 Jan 2021 13:28:04 -0500
Subject: [PATCH 6/6] Values Schema and default value for DRONE_SERVER_HOST
 blocks CI testing

CI fails to pass because values.yaml contains an invalid null string.

Running 'helm lint ./drone' fails

Even calling helm lint with an additional
'-f ./drone/ci/test-values.yaml' still fails to validate values.yaml

    $  helm lint ./drone/ -f ./drone/ci/test-values.yaml
    ==> Linting ./drone/
    [ERROR] values.yaml: - env.DRONE_SERVER_HOST: String length must be greater than or equal to 3

    Error: 1 chart(s) linted, 1 chart(s) failed

I have updated values.yaml with the example string used in the drone
documentation page for the DRONE_SERVER_HOST value:

https://readme.drone.io/server/reference/drone-server-host/
---
 charts/drone/values.yaml | 3 ++-
 1 file changed, 2 insertions(+), 1 deletion(-)

diff --git a/charts/drone/values.yaml b/charts/drone/values.yaml
index 8f2c4a1..311df53 100644
--- a/charts/drone/values.yaml
+++ b/charts/drone/values.yaml
@@ -168,7 +168,8 @@ env:
   ## REQUIRED: Set the user-visible Drone hostname, sans protocol.
   ## Ref: https://docs.drone.io/installation/reference/drone-server-host/
   ##
-  DRONE_SERVER_HOST: ""
+  DRONE_SERVER_HOST: drone.company.com
+
   ## The protocol to pair with the value in DRONE_SERVER_HOST (http or https).
   ## Ref: https://docs.drone.io/installation/reference/drone-server-proto/
   ##