pipe-cd · pipecd-bot · Nov 29, 2021 · Nov 29, 2021 · Nov 29, 2021 · Nov 29, 2021
@@ -59,11 +59,14 @@ spec:
 
 | Field | Type | Description | Required |
 |-|-|-|-|
+| type | string | The repository type. Currently, HTTP and GIT are supported. Default is HTTP. | No |
 | name | string | The name of the Helm chart repository. Note that is not a Git repository but a [Helm chart repository](https://helm.sh/docs/topics/chart_repository/). | Yes |
 | address | string | The address to the Helm chart repository. | Yes |
 | username | string | Username used for the repository backed by HTTP basic authentication. | No |
 | password | string | Password used for the repository backed by HTTP basic authentication. | No |
 | insecure | bool | Whether to skip TLS certificate checks for the repository or not. | No |
+| gitRemote | string | Remote address of the Git repository used to clone Helm charts. | No |
+| sshKeyFile | string | The path to the private ssh key file used while cloning Helm charts from above Git repository. | No |
 
 ## CloudProvider
 

@@ -156,17 +156,15 @@ func (p *piped) run(ctx context.Context, input cli.Input) (runErr error) {
 	}
 
 	// Add configured Helm chart repositories.
-	if len(cfg.ChartRepositories) > 0 {
+	if repos := cfg.HTTPHelmChartRepositories(); len(repos) > 0 {
 		reg := toolregistry.DefaultRegistry()
-		if err := chartrepo.Add(ctx, cfg.ChartRepositories, reg, input.Logger); err != nil {
+		if err := chartrepo.Add(ctx, repos, reg, input.Logger); err != nil {
 			input.Logger.Error("failed to add configured chart repositories", zap.Error(err))
 			return err
 		}
-		if len(cfg.ChartRepositories) > 0 {
-			if err := chartrepo.Update(ctx, reg, input.Logger); err != nil {
-				input.Logger.Error("failed to update Helm chart repositories", zap.Error(err))
-				return err
-			}
+		if err := chartrepo.Update(ctx, reg, input.Logger); err != nil {
+			input.Logger.Error("failed to update Helm chart repositories", zap.Error(err))
+			return err
 		}
 	}
 
@@ -229,11 +227,19 @@ func (p *piped) run(ctx context.Context, input cli.Input) (runErr error) {
 	}
 
 	// Initialize git client.
-	gitClient, err := git.NewClient(
+	gitOptions := []git.Option{
 		git.WithUserName(cfg.Git.Username),
 		git.WithEmail(cfg.Git.Email),
 		git.WithLogger(input.Logger),
-	)
+	}
+	for _, repo := range cfg.GitHelmChartRepositories() {
+		if f := repo.SSHKeyFile; f != "" {
+			// Configure git client to use the specified SSH key while fetching private Helm charts.
+			env := fmt.Sprintf("GIT_SSH_COMMAND=ssh -i %s -o StrictHostKeyChecking=no -F /dev/null", f)
+			gitOptions = append(gitOptions, git.WithGitEnvForRepo(repo.GitRemote, env))
+		}
+	}
+	gitClient, err := git.NewClient(gitOptions...)
 	if err != nil {
 		input.Logger.Error("failed to initialize git client", zap.Error(err))
 		return err

@@ -90,6 +90,11 @@ func (s *PipedSpec) Validate() error {
 	if s.SyncInterval < 0 {
 		return errors.New("syncInterval must be greater than or equal to 0")
 	}
+	for _, r := range s.ChartRepositories {
+		if err := r.Validate(); err != nil {
+			return err
+		}
+	}
 	if s.SecretManagement != nil {
 		if err := s.SecretManagement.Validate(); err != nil {
 			return err
@@ -245,7 +250,19 @@ type PipedRepository struct {
 	Branch string `json:"branch"`
 }
 
+type HelmChartRepositoryType string
+
+const (
+	HTTPHelmChartRepository HelmChartRepositoryType = "HTTP"
+	GITHelmChartRepository  HelmChartRepositoryType = "GIT"
+)
+
 type HelmChartRepository struct {
+	// The repository type. Currently, HTTP and GIT are supported.
+	// Default is HTTP.
+	Type HelmChartRepositoryType `json:"type" default:"HTTP"`
+
+	// Configuration for HTTP type.
 	// The name of the Helm chart repository.
 	Name string `json:"name"`
 	// The address to the Helm chart repository.
@@ -256,6 +273,62 @@ type HelmChartRepository struct {
 	Password string `json:"password"`
 	// Whether to skip TLS certificate checks for the repository or not.
 	Insecure bool `json:"insecure"`
+
+	// Configuration for GIT type.
+	// Remote address of the Git repository used to clone Helm charts.
+	// e.g. [email protected]:org/repo.git
+	GitRemote string `json:"gitRemote"`
+	// The path to the private ssh key file used while cloning Helm charts from above Git repository.
+	SSHKeyFile string `json:"sshKeyFile"`
+}
+
+func (r *HelmChartRepository) IsHTTPRepository() bool {
+	return r.Type == HTTPHelmChartRepository
-	return r.Type == HTTPHelmChartRepository
+	return strings.ToUpper(r.Type) == HTTPHelmChartRepository
-	return r.Type == HTTPHelmChartRepository
+	return strings.ToUpper(r.Type) == HTTPHelmChartRepository
+}
+
+func (r *HelmChartRepository) IsGitRepository() bool {
+	return r.Type == GITHelmChartRepository
+}
+
+func (r *HelmChartRepository) Validate() error {
+	if r.IsHTTPRepository() {
+		if r.Name == "" {
+			return errors.New("name must be set")
+		}
+		if r.Address == "" {
+			return errors.New("address must be set")
+		}
+		return nil
+	}
+
+	if r.IsGitRepository() {
+		if r.GitRemote == "" {
+			return errors.New("gitRemote must be set")
+		}
+		return nil
+	}
+
+	return fmt.Errorf("either %s repository or %s repository must be configured", HTTPHelmChartRepository, GITHelmChartRepository)
+}
+
+func (s *PipedSpec) HTTPHelmChartRepositories() []HelmChartRepository {
+	repos := make([]HelmChartRepository, 0, len(s.ChartRepositories))
+	for _, r := range s.ChartRepositories {
+		if r.IsHTTPRepository() {
+			repos = append(repos, r)
+		}
+	}
+	return repos
+}
+
+func (s *PipedSpec) GitHelmChartRepositories() []HelmChartRepository {
+	repos := make([]HelmChartRepository, 0, len(s.ChartRepositories))
+	for _, r := range s.ChartRepositories {
+		if r.IsGitRepository() {
+			repos = append(repos, r)
+		}
+	}
+	return repos
 }
 
 type PipedCloudProvider struct {

@@ -63,10 +63,12 @@ func TestPipedConfig(t *testing.T) {
 				},
 				ChartRepositories: []HelmChartRepository{
 					{
+						Type:    HTTPHelmChartRepository,
 						Name:    "fantastic-charts",
 						Address: "https://fantastic-charts.storage.googleapis.com",
 					},
 					{
+						Type:     HTTPHelmChartRepository,
 						Name:     "private-charts",
 						Address:  "https://private-charts.com",
 						Username: "basic-username",