Skip to content

Commit

Permalink
Refactor GH workflow reusability
Browse files Browse the repository at this point in the history 
Signed-off-by: Philip Schmid <[email protected]>
  • Loading branch information
@PhilipSchmid
PhilipSchmid committed Aug 16, 2024
1 parent ba0809f commit 6074f22
Show file tree
Hide file tree
Showing 2 changed files with 66 additions and 55 deletions.
85 changes: 44 additions & 41 deletions .github/workflows/lint-helm.yaml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -16,12 +16,17 @@ on:

env:
MIN_K8S_VERSION: "1.23.0"
# renovate: datasource=python-version
PYTHON_VERSION: "3.12"

jobs:
generated-files:
runs-on: ubuntu-latest
steps:
# Get source
- uses: actions/checkout@a5ac7e51b41094c92402da3b24376905380afc29 # v4.1.6

# Check / install dependencies
- name: Check if vendored openapi2jsonschema.py script is up to date
run: |
make -C install/kubernetes openapi2jsonschema.py
Expand All @@ -31,15 +36,47 @@ jobs:
echo "Vendored openapi2jsonschema.py script is out of date."
echo "Please run 'make -C install/kubernetes openapi2jsonschema.py' and submit your changes."; exit 1
fi
- name: Setup Python
id: setup-python
uses: actions/setup-python@v5
with:
python-version: ${{ env.PYTHON_VERSION }}
- name: Install pipenv
id: install-pipenv
shell: bash
run: |
python -m pip install --upgrade --no-cache-dir pip
python -m pip install --no-cache-dir pipenv
- name: Cache Pipfile
id: cache-pipfile
uses: actions/cache@v4
with:
path: ~/.local/share/virtualenvs
key: ${{ runner.os }}-python-${{ steps.setup-python.outputs.python-version }}-pipenv-${{ hashFiles('Pipfile.lock') }}
- name: Sync Pipfile
id: sync-pipfile
shell: bash
working-directory: install/kubernetes
run: |
pipenv sync --dev --python ${{ env.PYTHON_VERSION }}
- name: Check if vendored CRD JSON schemas are up to date
run: |
make -C install/kubernetes generate-jsonschemas
test -z "$(git status --porcelain)"
if [ $? != 0 ]; then
git status --porcelain
echo "Vendored CRD JSON schemas are out of date."
echo "Please run 'make -C install/kubernetes generate-jsonschemas' or 'make -C install/kubernetes generate-jsonschemas-local' and submit your changes."; exit 1
echo "Please run 'make -C install/kubernetes generate-jsonschemas' and submit your changes."; exit 1
fi
- name: Set up go # Required for kubeconform
uses: actions/setup-go@v5
- name: Install Helm CLI # Required for the Helm chart templating
uses: azure/[email protected]
- name: Install latest kubeconform version # We don't want to vendor a binary. Also, latest is good enough.
run: |
go install github.com/yannh/kubeconform/cmd/kubeconform@latest
# Validate Helm chart
- name: Generate Helm chart
run: |
make -C install/kubernetes
Expand All @@ -50,58 +87,24 @@ jobs:
git status --porcelain
echo "Please run 'make -C install/kubernetes' and submit your changes."; exit 1
fi
- name: Set up go # Required for kubeconform
uses: actions/setup-go@v5
- name: Install latest kubeconform version # We don't want to vendor a binary. Also, latest is good enough.
run: |
go install github.com/yannh/kubeconform/cmd/kubeconform@latest
- name: Install Helm CLI
uses: azure/[email protected]
# (Re-)run Kubeconform checks explicitly once again to catch specific errors in that regard (to get the STDOUT/STDERR)
- name: Run Kubeconform with minimum supported K8s version
id: kubeconform_min_k8s_version
uses: mathiasvr/[email protected]
with:
shell: bash
run: |
for CHART in $(find install/kubernetes/ -maxdepth 1 -mindepth 1 -type d ! -name 'schemas' -exec basename {} \;);
do
echo "## Testing Helm chart: \"$CHART\""
helm template $CHART-ee install/kubernetes/$CHART \
-f install/kubernetes/$CHART/values.yaml \
--set crds.installMethod=helm \
--set tracingPolicies.default.enabled=true |\
kubeconform \
-summary \
-verbose \
-schema-location default \
-schema-location 'install/kubernetes/schemas/{{ .ResourceKind }}-{{ .Group }}.json' \
-skip CustomResourceDefinition \
-strict \
-kubernetes-version $MIN_K8S_VERSION
echo ""
done
make -C install/kubernetes kubeconform K8S_VERSION=${{ env.MIN_K8S_VERSION }}
- name: Run Kubeconform with latest K8s version
id: kubeconform_latest_k8s_version
uses: mathiasvr/[email protected]
with:
shell: bash
run: |
for CHART in $(find install/kubernetes/ -maxdepth 1 -mindepth 1 -type d ! -name 'schemas' -exec basename {} \;);
do
echo "## Testing Helm chart: \"$CHART\""
helm template $CHART-ee install/kubernetes/$CHART \
-f install/kubernetes/$CHART/values.yaml \
--set crds.installMethod=helm \
--set tracingPolicies.default.enabled=true |\
kubeconform \
-summary \
-verbose \
-schema-location default \
-schema-location 'install/kubernetes/schemas/{{ .ResourceKind }}-{{ .Group }}.json' \
-skip CustomResourceDefinition \
-strict
echo ""
done
make -C install/kubernetes kubeconform
# Post Kubeconform issues as comment on the GH PR, if there are any
- name: Comment Kubeconform Output
if: failure() && (steps.kubeconform_min_k8s_version.outcome != 'success' || steps.kubeconform_latest_k8s_version.outcome != 'success')
uses: marocchino/sticky-pull-request-comment@v2
Expand Down
36 changes: 22 additions & 14 deletions install/kubernetes/Makefile
View file
Original file line number Diff line number Diff line change
Expand Up @@ -11,16 +11,17 @@ HELMDOCS_IMAGE=docker.io/jnorwood/helm-docs:v1.14.2@sha256:7e562b49ab6b1dbc50c3d
KUBECONFORM_VERSION := v0.6.4
PYTHON := python3
PIPENV := pipenv
K8S_VERSION := master

REPO_ROOT := $(shell git rev-parse --show-toplevel)
TETRAGON_CHART := tetragon
CRDS := $(REPO_ROOT)/pkg/k8s/apis/cilium.io/client/crds/v1alpha1
JSON_SCHEMAS := $(REPO_ROOT)/install/kubernetes/schemas

HELM ?= docker run --rm -v $(CURDIR)/$(TETRAGON_CHART):/apps $(HELM_IMAGE)
HELM ?= docker run --rm -v $(CURDIR)/$(TETRAGON_CHART):/apps -v $(JSON_SCHEMAS):/schemas $(HELM_IMAGE)

.PHONY: all
all: deps $(TETRAGON_CHART)/crds-yaml lint docs
all: deps $(TETRAGON_CHART)/crds-yaml lint docs openapi2jsonschema.py generate-jsonschemas kubeconform

.PHONY: deps
deps:
Expand Down Expand Up @@ -51,21 +52,28 @@ openapi2jsonschema.py:
curl -sSfLO https://raw.githubusercontent.com/yannh/kubeconform/$(KUBECONFORM_VERSION)/scripts/$@

# To validate (using openapi2jsonschema.py) default Ruleset policies included in the Helm chart, we need to pass the
# JSON schema of the TracingPolicy CRD. This target generates such schema.
# Requires pipenv to be pre-installed.
# JSON schema of the TracingPolicy CRD. This target generates such schema. It requires pipenv to be pre-installed.
.PHONY: generate-jsonschemas
generate-jsonschemas: $(CRDS)
mkdir -p $(JSON_SCHEMAS)/
FILENAME_FORMAT='{kind}-{fullgroup}' $(PYTHON) openapi2jsonschema.py $(CRDS)/*
mv $(REPO_ROOT)/install/kubernetes/*-cilium.io.json $(JSON_SCHEMAS)/

# To validate (using openapi2jsonschema.py) default Ruleset policies included in the Helm chart, we need to pass the
# JSON schema of the TracingPolicy CRD. This target generates such schema and is intended to be run on environments
# where's there no pyyaml pre-installed. However, it requires pipenv to be pre-installed instead.
.PHONY: generate-jsonschemas-local
generate-jsonschemas-local: $(CRDS)
mkdir -p $(JSON_SCHEMAS)/
pipenv install
FILENAME_FORMAT='{kind}-{fullgroup}' $(PIPENV) run $(PYTHON) openapi2jsonschema.py $(CRDS)/*
mv $(REPO_ROOT)/install/kubernetes/*-cilium.io.json $(JSON_SCHEMAS)/
pipenv --rm
pipenv --rm

.PHONY: kubeconform
kubeconform:
@echo "## Testing Helm chart: \"$(TETRAGON_CHART)\""
$(HELM) template $(TETRAGON_CHART)-ee . \
-f values.yaml \
--set crds.installMethod=helm \
--set tracingPolicies.default.enabled=true |\
kubeconform \
-summary \
-verbose \
-schema-location default \
-schema-location '/schemas/{{ .ResourceKind }}-{{ .Group }}.json' \
-skip CustomResourceDefinition \
-strict \
-kubernetes-version $(K8S_VERSION)
@echo ""

0 comments on commit 6074f22

Please sign in to comment.