-
Notifications
You must be signed in to change notification settings - Fork 9
Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
Signed-off-by: Sergio Castaño Arteaga <[email protected]>
- Loading branch information
Showing
6 changed files
with
254 additions
and
10 deletions.
There are no files selected for viewing
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,41 @@ | ||
name: Helm CI | ||
|
||
on: | ||
pull_request: | ||
paths: | ||
- "charts/**" | ||
|
||
permissions: read-all | ||
|
||
jobs: | ||
lint-and-test: | ||
runs-on: ubuntu-20.04 | ||
steps: | ||
- name: Checkout code | ||
uses: actions/checkout@v4 | ||
with: | ||
fetch-depth: 0 | ||
- name: Set up Helm | ||
uses: azure/setup-helm@v4 | ||
with: | ||
version: v3.9.2 | ||
- name: Set up Python | ||
uses: actions/setup-python@v5 | ||
with: | ||
python-version: 3.7 | ||
- name: Set up chart-testing | ||
uses: helm/[email protected] | ||
- name: Run chart-testing (list-changed) | ||
id: list-changed | ||
run: | | ||
changed=$(ct --config .ct.yaml list-changed --target-branch ${{ github.event.repository.default_branch }}) | ||
if [[ -n "$changed" ]]; then | ||
echo "changed=true" >> $GITHUB_OUTPUT | ||
fi | ||
- name: Run chart-testing (lint) | ||
run: ct lint --config .ct.yaml --target-branch ${{ github.event.repository.default_branch }} | ||
- name: Create kind cluster | ||
uses: helm/[email protected] | ||
if: steps.list-changed.outputs.changed == 'true' | ||
- name: Run chart-testing (install) | ||
run: ct install --config .ct.yaml --target-branch ${{ github.event.repository.default_branch }} |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,88 @@ | ||
name: Release | ||
|
||
on: | ||
push: | ||
tags: | ||
- "v*" | ||
|
||
permissions: read-all | ||
|
||
jobs: | ||
build-and-publish-images: | ||
runs-on: ubuntu-latest | ||
steps: | ||
- name: Checkout code | ||
uses: actions/checkout@v4 | ||
- name: Login to AWS Public ECR | ||
uses: docker/login-action@v3 | ||
with: | ||
registry: public.ecr.aws | ||
username: ${{ secrets.AWS_ACCESS_KEY_ID }} | ||
password: ${{ secrets.AWS_SECRET_ACCESS_KEY }} | ||
- name: Extract tag name | ||
id: extract_tag_name | ||
run: echo "tag=${GITHUB_REF#refs/tags/}" >> $GITHUB_OUTPUT | ||
- name: Build and push clowarden-dbmigrator image | ||
run: | | ||
docker build \ | ||
-f database/migrations/Dockerfile \ | ||
-t public.ecr.aws/g6m3a0y9/clowarden-dbmigrator:${{steps.extract_tag_name.outputs.tag}} \ | ||
-t public.ecr.aws/g6m3a0y9/clowarden-dbmigrator:latest \ | ||
. | ||
docker push --all-tags public.ecr.aws/g6m3a0y9/clowarden-dbmigrator | ||
- name: Build and push clowarden-server image | ||
run: | | ||
docker build \ | ||
-t public.ecr.aws/g6m3a0y9/clowarden-server:${{steps.extract_tag_name.outputs.tag}} \ | ||
-t public.ecr.aws/g6m3a0y9/clowarden-server:latest \ | ||
. | ||
docker push --all-tags public.ecr.aws/g6m3a0y9/clowarden-server | ||
package-and-publish-helm-chart: | ||
needs: | ||
- build-and-publish-images | ||
permissions: | ||
contents: write | ||
runs-on: ubuntu-latest | ||
steps: | ||
- name: Checkout | ||
uses: actions/checkout@v4 | ||
with: | ||
fetch-depth: 0 | ||
- name: Configure Git | ||
run: | | ||
git config user.name "$GITHUB_ACTOR" | ||
git config user.email "[email protected]" | ||
- name: Install Helm | ||
uses: azure/setup-helm@v4 | ||
- name: Run chart-releaser | ||
run: | | ||
# From: https://github.com/metallb/metallb/blob/293f43c1f78ab1b5fa8879a76746b094bd9dd3ca/.github/workflows/publish.yaml#L134-L163 | ||
# Ref: https://github.com/helm/chart-releaser-action/issues/60 | ||
curl -sSLo cr.tar.gz "https://github.com/helm/chart-releaser/releases/download/v1.6.1/chart-releaser_1.6.1_linux_amd64.tar.gz" | ||
tar -xzf cr.tar.gz | ||
rm -f cr.tar.gz | ||
repo=$(basename "$GITHUB_REPOSITORY") | ||
owner=$(dirname "$GITHUB_REPOSITORY") | ||
tag="${GITHUB_REF_NAME:1}" | ||
exists=$(curl -s -H "Accept: application/vnd.github.v3+json" https://github.com/$GITHUB_REPOSITORY/releases/tag/$repo-chart-$tag -w %{http_code} -o /dev/null) | ||
if [[ $exists != "200" ]]; then | ||
echo "Creating release..." | ||
# package chart | ||
./cr package charts/$repo | ||
# upload chart to github releases | ||
./cr upload \ | ||
--owner "$owner" \ | ||
--git-repo "$repo" \ | ||
--release-name-template "{{ .Name }}-chart-{{ .Version }}" \ | ||
--token "${{ secrets.GITHUB_TOKEN }}" | ||
# Update index and push to github pages | ||
./cr index \ | ||
--owner "$owner" \ | ||
--git-repo "$repo" \ | ||
--index-path index.yaml \ | ||
--release-name-template "{{ .Name }}-chart-{{ .Version }}" \ | ||
--push | ||
else | ||
echo "Release already exists" | ||
fi |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,102 @@ | ||
# CLOWarden | ||
|
||
[CLOWarden](https://clowarden.io) is a tool that automatically manages organizations users, teams and other resources across multiple services. | ||
|
||
## Introduction | ||
|
||
This chart bootstraps a CLOWarden deployment on a [Kubernetes](http://kubernetes.io) cluster using the [Helm](https://helm.sh) package manager. | ||
|
||
## Prerequisites | ||
|
||
Before installing this chart, you need to [setup a GitHub application](https://docs.github.com/en/apps/creating-github-apps/creating-github-apps/creating-a-github-app). The application requires the following permissions [to be set](https://docs.github.com/en/apps/maintaining-github-apps/editing-a-github-apps-permissions): | ||
|
||
Repository: | ||
|
||
- **Administration**: *read/write* | ||
- **Checks**: *read/write* | ||
- **Contents**: *read* | ||
- **Metadata**: *read* | ||
- **Pull requests**: *read/write* | ||
|
||
Organization: | ||
|
||
- **Administration**: *read/write* | ||
- **Members**: *read/write* | ||
|
||
In addition to those permissions, it must also be subscribed to the following events: | ||
|
||
- *Pull Request* | ||
|
||
CLOWarden expects GitHub events to be sent to the `/webhook/github` endpoint. In the GitHub application, please enable `webhook` and set the target URL to your exposed endpoint (ie: <https://your-clowarden-deployment/webhook/github>). You will need to define a random secret for the webhook (you can use the following command to do it: `openssl rand -hex 32`). Please note your webhook secret, as well as the GitHub application ID and private key, as you'll need them in the next step when installing the chart. | ||
|
||
Once your GitHub application is ready you can install it in the organizations you need. | ||
|
||
## Installing the chart | ||
|
||
Create a values file (`my-values.yaml`) that includes the configuration values required for your GitHub application: | ||
|
||
```yaml | ||
server: | ||
githubApp: | ||
# GitHub application ID | ||
appId: 123456 # Replace with your GitHub app ID | ||
|
||
# GitHub application private key | ||
privateKey: |- | ||
-----BEGIN RSA PRIVATE KEY----- | ||
... | ||
YOUR_APP_PRIVATE_KEY | ||
... | ||
-----END RSA PRIVATE KEY----- | ||
# GitHub application webhook secret | ||
webhookSecret: "your-webhook-secret" | ||
``` | ||
In addition to the GitHub application configuration, you can also add the organizations you'd like to use CLOWarden with at this point: | ||
```yaml | ||
organizations: | ||
- # Name of the GitHub organization | ||
name: org-name | ||
|
||
# CLOWarden's GitHub application installation id | ||
installationId: 12345678 | ||
|
||
# Repository where the configuration files are located | ||
repository: .clowarden | ||
|
||
# Branch to use in the configuration repository | ||
branch: main | ||
|
||
# Legacy mode configuration | ||
legacy: | ||
# Whether legacy mode is enabled or not (must be at the moment) | ||
enabled: true | ||
|
||
# Path of the Sheriff's permissions file | ||
sheriffPermissionsPath: config.yaml | ||
``` | ||
To install the chart with the release name `my-clowarden` run: | ||
|
||
```bash | ||
$ helm repo add clowarden https://cncf.github.io/clowarden/ | ||
$ helm install --values my-values.yaml my-clowarden clowarden/clowarden | ||
``` | ||
|
||
The command above deploys CLOWarden on the Kubernetes cluster using the default configuration values and the GitHub application configuration provided. Please see the [chart's default values file](https://github.com/cncf/clowarden/blob/main/charts/clowarden/values.yaml) for a list of all the configurable parameters of the chart and their default values. | ||
|
||
## Uninstalling the chart | ||
|
||
To uninstall the `my-clowarden` deployment run: | ||
|
||
```bash | ||
$ helm uninstall my-clowarden | ||
``` | ||
|
||
This command removes all the Kubernetes components associated with the chart and deletes the release. | ||
|
||
## How CLOWarden works | ||
|
||
For more information about how CLOWarden works from a user's perspective please see the [repository's README file](https://github.com/cncf/clowarden#readme). |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters