[scalar-manager] Support mounting user created secret #1043
Workflow file for this run
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| name: Chart Testing and Kubeval | |
| on: | |
| pull_request: | |
| branches: | |
| - main | |
| paths: | |
| - "charts/**" | |
| - "!charts/scalardb-cluster-monitoring/**" | |
| - "!charts/scalardl-ledger-monitoring/**" | |
| - "!charts/scalardl-auditor-monitoring/**" | |
| push: | |
| branches: | |
| - main | |
| paths: | |
| - "charts/**" | |
| - "!charts/scalardb-cluster-monitoring/**" | |
| - "!charts/scalardl-ledger-monitoring/**" | |
| - "!charts/scalardl-auditor-monitoring/**" | |
| workflow_dispatch: | |
| jobs: | |
| lint-chart: | |
| runs-on: ubuntu-latest | |
| env: | |
| PYTHON_VERSION: 3.11 | |
| steps: | |
| - name: Checkout | |
| uses: actions/checkout@v6 | |
| with: | |
| fetch-depth: 0 | |
| - name: Set up Helm | |
| uses: azure/setup-helm@v4 | |
| - name: Set up Python | |
| uses: actions/setup-python@v6 | |
| with: | |
| python-version: ${{ env.PYTHON_VERSION }} | |
| - name: Add Helm repos | |
| run: | | |
| helm repo add scalar https://scalar-labs.github.io/helm-charts | |
| - name: Set up chart-testing | |
| uses: helm/chart-testing-action@v2 | |
| with: | |
| version: 3.10.1 | |
| - name: Run chart-testing (updated chart) | |
| if: ${{ github.event_name != 'workflow_dispatch' }} | |
| run: ct lint --config .github/ct.yaml | |
| - name: Run chart-testing (all charts) | |
| if: ${{ github.event_name == 'workflow_dispatch' }} | |
| run: ct lint --config .github/ct-all.yaml | |
| kubeaudit-chart: | |
| runs-on: ubuntu-latest | |
| env: | |
| KUBE_AUDIT_VERSION: 0.22.0 | |
| steps: | |
| - name: Checkout | |
| uses: actions/checkout@v6 | |
| with: | |
| fetch-depth: 0 | |
| - name: Set up Helm | |
| uses: azure/setup-helm@v4 | |
| - name: Set up kubeaudit | |
| uses: supplypike/setup-bin@v5 | |
| with: | |
| uri: "https://github.com/Shopify/kubeaudit/releases/download/v${{ env.KUBE_AUDIT_VERSION }}/kubeaudit_${{ env.KUBE_AUDIT_VERSION }}_linux_amd64.tar.gz" | |
| name: "kubeaudit" | |
| version: ${{ env.KUBE_AUDIT_VERSION }} | |
| - name: Add Helm repos | |
| run: | | |
| helm repo add scalar https://scalar-labs.github.io/helm-charts | |
| - name: Run kubeaudit | |
| run: | | |
| # TODO If more charts are supported by kubeaudit, they should be added. | |
| # Change to `ls charts` when all charts are supported. | |
| chart_dirs=(envoy scalardb scalardl scalardl-audit scalardb-cluster scalardb-analytics-postgresql) | |
| for chart_dir in ${chart_dirs[@]}; do | |
| echo "helm dependency build charts/${chart_dir} chart..." | |
| helm dependency build charts/${chart_dir} | |
| echo "kubeaudit charts/${chart_dir} chart..." | |
| kubeaudit all -k .github/kube-audit.yaml -f <(helm template --generate-name "charts/${chart_dir}") -m error | |
| done | |
| kubeval-chart: | |
| runs-on: ubuntu-latest | |
| needs: lint-chart | |
| strategy: | |
| matrix: | |
| k8s: | |
| - v1.31.12 | |
| - v1.32.8 | |
| - v1.33.4 | |
| - v1.34.0 | |
| steps: | |
| - name: Checkout | |
| uses: actions/checkout@v6 | |
| with: | |
| fetch-depth: 0 | |
| - name: Set up Helm | |
| uses: azure/setup-helm@v4 | |
| - name: Add Helm repos | |
| run: | | |
| helm repo add scalar https://scalar-labs.github.io/helm-charts | |
| - name: Install helm-kubeval plugin | |
| run: helm plugin install https://github.com/instrumenta/helm-kubeval --verify=false | |
| - name: Run kubeval | |
| run: | | |
| # Exclude Scalar Monitoring Stack charts because we test them in another CI. | |
| chart_dirs=$(ls charts | grep -v -e "-monitoring$") | |
| for chart_dir in ${chart_dirs}; do | |
| echo "helm dependency build charts/${chart_dir} chart..." | |
| helm dependency build charts/${chart_dir} | |
| echo "kubeval(idating) charts/${chart_dir} chart..." | |
| helm kubeval "charts/${chart_dir}" -v "${KUBERNETES_VERSION#v}" | |
| done | |
| env: | |
| KUBERNETES_VERSION: ${{ matrix.k8s }} | |
| KUBEVAL_SCHEMA_LOCATION: https://raw.githubusercontent.com/yannh/kubernetes-json-schema/master | |
| install-chart: | |
| name: install-chart | |
| runs-on: ubuntu-latest | |
| needs: | |
| - lint-chart | |
| - kubeval-chart | |
| - kubeaudit-chart | |
| env: | |
| DOCKER_REGISTRY_PASSWORD: ${{ secrets.CR_PAT }} | |
| DOCKER_REGISTRY_USERNAME: scalar-git | |
| DOCKER_REGISTRY_SERVER: ghcr.io | |
| strategy: | |
| matrix: | |
| k8s: | |
| - v1.31.12 | |
| - v1.32.8 | |
| - v1.33.4 | |
| - v1.34.0 | |
| steps: | |
| - name: Checkout | |
| uses: actions/checkout@v6 | |
| with: | |
| fetch-depth: 0 | |
| - name: Set up chart-testing | |
| uses: helm/chart-testing-action@v2 | |
| - name: Add Helm repos | |
| run: | | |
| helm repo add scalar https://scalar-labs.github.io/helm-charts | |
| - name: Run chart-testing (list-changed) | |
| id: list-changed | |
| run: | | |
| changed=$(ct list-changed --config .github/ct.yaml) | |
| if [[ -n "$changed" ]]; then | |
| echo "changed=true" >> $GITHUB_OUTPUT | |
| fi | |
| - name: Create kind ${{ matrix.k8s }} cluster | |
| uses: helm/kind-action@v1 | |
| with: | |
| config: .github/kind-cluster.yaml | |
| node_image: kindest/node:${{ matrix.k8s }} | |
| kubectl_version: ${{ matrix.k8s }} | |
| if: ${{ steps.list-changed.outputs.changed == 'true' || github.event_name == 'workflow_dispatch' }} | |
| - name: Setup kubernetes (Kind) with registry, PostgreSQL and schema | |
| run: | | |
| kubectl cluster-info | |
| kubectl create secret docker-registry reg-docker-secrets --docker-server=${DOCKER_REGISTRY_SERVER} --docker-username=${DOCKER_REGISTRY_USERNAME} --docker-password=${DOCKER_REGISTRY_PASSWORD} | |
| kubectl create secret generic ledger-keys --from-file=private-key=.github/ledger-key.pem | |
| kubectl create secret generic auditor-keys --from-file=certificate=.github/auditor-cert.pem --from-file=private-key=.github/auditor-key.pem | |
| kubectl create secret generic scalardb-analytics-postgresql-superuser-password --from-literal=superuser-password=postgres | |
| helm install postgresql oci://registry-1.docker.io/bitnamicharts/postgresql -f .github/postgresql.yaml | |
| helm dependency build charts/scalardb-cluster/ | |
| helm install scalardb-cluster-for-scalar-admin-for-kubernetes ./charts/scalardb-cluster/ -f ./charts/scalardb-cluster/ci/scalardb-cluster-ct-values.yaml # Create ScalarDB Cluster for Scalar Admin for Kubernetes test. | |
| sleep 1 # Waiting for the StatefulSet creates a PostgreSQL pod. | |
| kubectl wait --for=condition=Ready --timeout=120s pod/postgresql-0 | |
| kubectl create -f .github/schema-loading.yaml # Create schema for ScalarDB GraphQL and ScalarDB Analytics with PostgreSQL. | |
| # For debugging. You can remove this later. | |
| sleep 60 | |
| echo "===== kubectl get jobs =====" | |
| kubectl get jobs | |
| echo "===== kubectl get pods =====" | |
| kubectl get pods | |
| echo "===== job/schema-loading logs =====" | |
| kubectl logs job/schema-loading | |
| echo "===== kubectl describe jobs/schema-loading =====" | |
| kubectl describe jobs schema-loading | |
| echo "===== kubectl describe pods =====" | |
| kubectl describe pods | |
| kubectl wait --for=condition=complete --timeout=60s job/schema-loading | |
| kubectl wait --for=condition=available --timeout=300s deployment/scalardb-cluster-for-scalar-admin-for-kubernetes-node | |
| kubectl get pods,svc,endpoints,nodes -o wide | |
| - name: Run chart-testing (updated chart) | |
| if: ${{ github.event_name != 'workflow_dispatch' }} | |
| run: ct install --config .github/ct.yaml --helm-extra-set-args "--wait-for-jobs" | |
| - name: Run chart-testing (all charts) | |
| if: ${{ github.event_name == 'workflow_dispatch' }} | |
| run: ct install --config .github/ct-all.yaml --helm-extra-set-args "--wait-for-jobs" | |
| verify-chart-docs: | |
| runs-on: ubuntu-latest | |
| steps: | |
| - name: Checkout | |
| uses: actions/checkout@v6 | |
| - name: Verify chart docs | |
| run: ./scripts/verify-chart-docs.sh | |
| verify-values-schema-json: | |
| runs-on: ubuntu-latest | |
| steps: | |
| - name: Checkout | |
| uses: actions/checkout@v6 | |
| - name: Verify values schema json | |
| run: ./scripts/verify-values-schema-json.sh |