diff --git a/.github/CODE_OF_CONDUCT.md b/.github/CODE_OF_CONDUCT.md new file mode 100644 index 0000000..58d3674 --- /dev/null +++ b/.github/CODE_OF_CONDUCT.md @@ -0,0 +1,133 @@ + +# Contributor Covenant Code of Conduct + +## Our Pledge + +We as members, contributors, and leaders pledge to make participation in our +community a harassment-free experience for everyone, regardless of age, body +size, visible or invisible disability, ethnicity, sex characteristics, gender +identity and expression, level of experience, education, socio-economic status, +nationality, personal appearance, race, caste, color, religion, or sexual +identity and orientation. + +We pledge to act and interact in ways that contribute to an open, welcoming, +diverse, inclusive, and healthy community. + +## Our Standards + +Examples of behavior that contributes to a positive environment for our +community include: + +* Demonstrating empathy and kindness toward other people +* Being respectful of differing opinions, viewpoints, and experiences +* Giving and gracefully accepting constructive feedback +* Accepting responsibility and apologizing to those affected by our mistakes, + and learning from the experience +* Focusing on what is best not just for us as individuals, but for the overall + community + +Examples of unacceptable behavior include: + +* The use of sexualized language or imagery, and sexual attention or advances of + any kind +* Trolling, insulting or derogatory comments, and personal or political attacks +* Public or private harassment +* Publishing others' private information, such as a physical or email address, + without their explicit permission +* Other conduct which could reasonably be considered inappropriate in a + professional setting + +## Enforcement Responsibilities + +Community leaders are responsible for clarifying and enforcing our standards of +acceptable behavior and will take appropriate and fair corrective action in +response to any behavior that they deem inappropriate, threatening, offensive, +or harmful. + +Community leaders have the right and responsibility to remove, edit, or reject +comments, commits, code, wiki edits, issues, and other contributions that are +not aligned to this Code of Conduct, and will communicate reasons for moderation +decisions when appropriate. + +## Scope + +This Code of Conduct applies within all community spaces, and also applies when +an individual is officially representing the community in public spaces. +Examples of representing our community include using an official e-mail address, +posting via an official social media account, or acting as an appointed +representative at an online or offline event. + +## Enforcement + +Instances of abusive, harassing, or otherwise unacceptable behavior may be +reported to the community leaders responsible for enforcement at +info@lablabs.io. +All complaints will be reviewed and investigated promptly and fairly. + +All community leaders are obligated to respect the privacy and security of the +reporter of any incident. + +## Enforcement Guidelines + +Community leaders will follow these Community Impact Guidelines in determining +the consequences for any action they deem in violation of this Code of Conduct: + +### 1. Correction + +**Community Impact**: Use of inappropriate language or other behavior deemed +unprofessional or unwelcome in the community. + +**Consequence**: A private, written warning from community leaders, providing +clarity around the nature of the violation and an explanation of why the +behavior was inappropriate. A public apology may be requested. + +### 2. Warning + +**Community Impact**: A violation through a single incident or series of +actions. + +**Consequence**: A warning with consequences for continued behavior. No +interaction with the people involved, including unsolicited interaction with +those enforcing the Code of Conduct, for a specified period of time. This +includes avoiding interactions in community spaces as well as external channels +like social media. Violating these terms may lead to a temporary or permanent +ban. + +### 3. Temporary Ban + +**Community Impact**: A serious violation of community standards, including +sustained inappropriate behavior. + +**Consequence**: A temporary ban from any sort of interaction or public +communication with the community for a specified period of time. No public or +private interaction with the people involved, including unsolicited interaction +with those enforcing the Code of Conduct, is allowed during this period. +Violating these terms may lead to a permanent ban. + +### 4. Permanent Ban + +**Community Impact**: Demonstrating a pattern of violation of community +standards, including sustained inappropriate behavior, harassment of an +individual, or aggression toward or disparagement of classes of individuals. + +**Consequence**: A permanent ban from any sort of public interaction within the +community. + +## Attribution + +This Code of Conduct is adapted from the [Contributor Covenant][homepage], +version 2.1, available at +[https://www.contributor-covenant.org/version/2/1/code_of_conduct.html][v2.1]. + +Community Impact Guidelines were inspired by +[Mozilla's code of conduct enforcement ladder][Mozilla CoC]. + +For answers to common questions about this code of conduct, see the FAQ at +[https://www.contributor-covenant.org/faq][FAQ]. Translations are available at +[https://www.contributor-covenant.org/translations][translations]. + +[homepage]: https://www.contributor-covenant.org +[v2.1]: https://www.contributor-covenant.org/version/2/1/code_of_conduct.html +[Mozilla CoC]: https://github.com/mozilla/diversity +[FAQ]: https://www.contributor-covenant.org/faq +[translations]: https://www.contributor-covenant.org/translations diff --git a/.github/CONTRIBUTING.md b/.github/CONTRIBUTING.md new file mode 100644 index 0000000..f12ed8e --- /dev/null +++ b/.github/CONTRIBUTING.md @@ -0,0 +1,30 @@ +# Contributing + +When contributing to this repository, please first create an issue and link the PR with it. + +Please note we have a code of conduct, please follow it in all your interactions with the project. + +## Pull Request Process + +1. Document your changes in the chart's README.md.gotmpl. The README.md will be generated from it by the pre-commit hook in the next step. +2. Run pre-commit hooks `pre-commit run -a`. +3. Once all outstanding comments and checklist items have been addressed, your contribution will be merged! Merged PRs will be included in the next release. + +## Checklists for contributions + +- [ ] Add [semantics prefix](#semantic-pull-requests) to your PR or Commits. +- [ ] CI tests are passing +- [ ] README.md has been updated after any changes. The variables and outputs in the README.md has been generated (using the `helm-docs` pre-commit hook) +- [ ] Run pre-commit hooks `pre-commit run -a` + +## Semantic Pull Requests + +Pull Requests or Commits must follow conventional specs below: + +- `ci:` Changes to our CI configuration files and scripts (example scopes: GitHub Actions) +- `docs:` Documentation only changes +- `feat:` A new feature +- `fix:` A bug fix +- `refactor:` A code change that neither fixes a bug nor adds a feature +- `style:` Changes that do not affect the meaning of the code (white-space, formatting, missing semi-colons, etc) +- `test:` Adding missing tests or correcting existing tests diff --git a/.github/ISSUE_TEMPLATE/bug_report.yml b/.github/ISSUE_TEMPLATE/bug_report.yml new file mode 100644 index 0000000..52356a6 --- /dev/null +++ b/.github/ISSUE_TEMPLATE/bug_report.yml @@ -0,0 +1,111 @@ +--- +name: Bug report +description: File a bug report +title: "bug: " +labels: bug + +body: +- type: markdown + attributes: + value: > + **Thank you for reporting a bug!** + + Verify first that your issue is not [already reported on + GitHub][issue search]. + + Also test if the latest release is affected too. + +- type: textarea + attributes: + label: Summary + description: Explain the problem briefly below. + placeholder: >- + When I try to do X with the Helm chart from the main branch on GitHub, + Y breaks in a way Z under the env E. Here are all the details I know + about this problem... + validations: + required: true + +- type: dropdown + attributes: + label: Issue Type + description: Issue type + options: + - Bug Report + validations: + required: true + +- type: input + attributes: + label: Chart version + description: Input the chart version + placeholder: v0.1.0 + validations: + required: true + +- type: textarea + attributes: + label: Helm version + description: Paste the output of `helm version` + render: console + placeholder: | + $ helm version + version.BuildInfo{Version:"v3.10.2", GitCommit:"50f003e5ee8704ec937a756c646870227d7c8b58", GitTreeState:"clean", GoVersion:"go1.18.8"} + validations: + required: true + +- type: textarea + attributes: + label: Kubectl version + description: Paste the output of `kubectl version` + render: console + placeholder: | + $ kubectl version + ... + validations: + required: true + +- type: textarea + attributes: + label: Steps to reproduce + description: Enter details about how to reproduce the bug. + placeholder: | + 1. In this environment... + 2. With this config... + 3. Run '...' + 4. See error... + validations: + required: true + +- type: textarea + attributes: + label: Expected Results + description: Describe what you expected to happen. + placeholder: I expected X to happen because I assumed Y. + validations: + required: true + +- type: textarea + attributes: + label: Actual Results + description: | + Describe what actually happened. + Paste verbatim command output or any other details. + render: console + placeholder: Helm command output... + validations: + required: true + +- type: textarea + attributes: + label: Custom values or parameters? + description: Add any parameter used via `--set` or as a `values.yaml` customization. + validations: + required: false + +- type: textarea + attributes: + label: Additional information + description: Tell us anything else you think we should know. + validations: + required: false diff --git a/.github/ISSUE_TEMPLATE/config.yml b/.github/ISSUE_TEMPLATE/config.yml new file mode 100644 index 0000000..0086358 --- /dev/null +++ b/.github/ISSUE_TEMPLATE/config.yml @@ -0,0 +1 @@ +blank_issues_enabled: true diff --git a/.github/ISSUE_TEMPLATE/feature_request.yml b/.github/ISSUE_TEMPLATE/feature_request.yml new file mode 100644 index 0000000..3b99f50 --- /dev/null +++ b/.github/ISSUE_TEMPLATE/feature_request.yml @@ -0,0 +1,39 @@ +--- +name: Feature request +description: Suggest an idea for this project +title: "feature: " +labels: enhancement + +body: +- type: markdown + attributes: + value: > + **Thank you for wanting to suggest a feature!** + + Please verify first that your idea is not [already requested on + GitHub][issue search]. + +- type: textarea + attributes: + label: Summary + description: > + Describe the new feature/improvement you would like briefly below. + + What's the problem this feature will solve? + What are you trying to do, that you are unable to achieve? + + placeholder: >- + The new feature will improve... + validations: + required: true + +- type: dropdown + attributes: + label: Issue Type + description: > + Please select the single available option in the drop-down. + + options: + - Feature Idea + validations: + required: true diff --git a/.github/PULL_REQUEST_TEMPLATE.md b/.github/PULL_REQUEST_TEMPLATE.md new file mode 100644 index 0000000..f862b60 --- /dev/null +++ b/.github/PULL_REQUEST_TEMPLATE.md @@ -0,0 +1,21 @@ +# Description + + + +## Type of change + +- [ ] A bug fix (PR prefix `fix`) +- [ ] A new feature (PR prefix `feat`) +- [ ] A code change that neither fixes a bug nor adds a feature (PR prefix `refactor`) +- [ ] Adding missing tests or correcting existing tests (PR prefix `test`) +- [ ] Changes that do not affect the meaning of the code like white-spaces, formatting, missing semi-colons, etc. (PR prefix `style`) +- [ ] Changes to our CI configuration files and scripts (PR prefix `ci`) +- [ ] Documentation only changes (PR prefix `docs`) + +## How Has This Been Tested? + + diff --git a/.github/workflows/cache-warmup.yaml b/.github/workflows/cache-warmup.yaml new file mode 100644 index 0000000..7607786 --- /dev/null +++ b/.github/workflows/cache-warmup.yaml @@ -0,0 +1,40 @@ +name: Cache Warmup + +on: + workflow_dispatch: + push: + branches: + - main # caches from the main branch are shared with all other branches and pull requests + +permissions: + contents: read + +env: + # renovate: datasource=github-releases depName=jdx/mise + MISE_VERSION: 2026.5.12 + +jobs: + pre-commit: + runs-on: ubuntu-24.04 + steps: + - name: Checkout + uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2 + with: + persist-credentials: false + + - name: Setup Mise + uses: jdx/mise-action@1648a7812b9aeae629881980618f079932869151 # v4.0.1 + with: + version: ${{ env.MISE_VERSION }} + + - name: Cache pre-commit + uses: actions/cache@27d5ce7f107fe9357f9df03efb73ab90386fccae # v5.0.5 + with: + path: ~/.cache/pre-commit + key: ${{ runner.os }}-pre-commit-${{ hashFiles('.pre-commit-config.yaml') }}-warmup + restore-keys: ${{ runner.os }}-pre-commit- + + - name: Run pre-commit + run: pre-commit install --install-hooks + env: + GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} # required for GH API calls quota diff --git a/.github/workflows/cleanup.yaml b/.github/workflows/cleanup.yaml new file mode 100644 index 0000000..c379abb --- /dev/null +++ b/.github/workflows/cleanup.yaml @@ -0,0 +1,38 @@ +name: Cleanup + +on: + workflow_dispatch: + pull_request: + types: [closed] + +permissions: + contents: read + +jobs: + metadata-collector: + uses: ./.github/workflows/metadata-collector.yaml + + packages: + runs-on: ubuntu-24.04 + permissions: + contents: read + packages: write + needs: metadata-collector + strategy: + fail-fast: false + matrix: + chart: ${{ fromJSON(needs.metadata-collector.outputs.charts) }} + steps: + - name: GitHub Slug Action + uses: rlespinasse/github-slug-action@e6f261660910b273384c5c42b17a0217881b217a # v5.6.0 + + - name: Cleanup Helm chart + run: | + gh api \ + --method DELETE \ + -H "Accept: application/vnd.github+json" \ + -H "X-GitHub-Api-Version: 2022-11-28" \ + /orgs/${{ github.repository_owner }}/packages/container/${PACKAGE_NAME} || true + env: + GH_TOKEN: ${{ secrets.GITHUB_TOKEN }} + PACKAGE_NAME: ${{ env.GITHUB_REPOSITORY_NAME_PART_SLUG_URL }}%2F${{ env.GITHUB_EVENT_REF_SLUG_URL || env.GITHUB_HEAD_REF_SLUG_URL }}%2F${{ matrix.chart }} diff --git a/.github/workflows/metadata-collector.yaml b/.github/workflows/metadata-collector.yaml new file mode 100644 index 0000000..0b85ff1 --- /dev/null +++ b/.github/workflows/metadata-collector.yaml @@ -0,0 +1,42 @@ +name: Metadata collector + +on: + workflow_call: + outputs: + charts: + description: "List of changed charts within the repository" + value: ${{ jobs.chart-list.outputs.charts }} + +permissions: + contents: read + +jobs: + chart-list: + runs-on: ubuntu-24.04 + outputs: + charts: ${{ steps.changed-charts.outputs.all_changed_files || steps.changed-charts-tag.outputs.all_changed_files }} + steps: + - name: Checkout code + uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2 # pragma: allowlist secret + with: + persist-credentials: true # needed for private repositories + + - name: Get changed charts without tag + uses: step-security/changed-files@2e07db73e5ccdb319b9a6c7766bd46d39d304bad # v47.0.5 + id: changed-charts + if: github.ref_type != 'tag' + with: + dir_names: true + dir_names_max_depth: 1 + path: charts + matrix: true + + - name: Get changed chart using tag + if: github.ref_type == 'tag' + id: changed-charts-tag + run: | + # Extract tag name which triggered this workflow: refs/tags/my-chart-1.2.3 -> my-chart-1.2.3 + TAG_REF="${GITHUB_REF#refs/tags/}" + # Extract chart name from tag name by removing the version part: my-chart-1.2.3 -> my-chart + CHART_NAME="${TAG_REF%%-[0-9]*}" + echo "all_changed_files=[\"${CHART_NAME}\"]" >> $GITHUB_OUTPUT diff --git a/.github/workflows/pull-request.yaml b/.github/workflows/pull-request.yaml new file mode 100644 index 0000000..e223064 --- /dev/null +++ b/.github/workflows/pull-request.yaml @@ -0,0 +1,183 @@ +name: Pull Request + +on: + workflow_dispatch: + pull_request: + branches: + - main + paths: + - charts/** + +permissions: + contents: read + +concurrency: + group: pull-request-${GITHUB_REF} + cancel-in-progress: false + +env: + # renovate: datasource=github-releases depName=jdx/mise + MISE_VERSION: 2026.5.12 + # renovate: datasource=github-releases depName=helm/helm + HELM_VERSION: v3.21.0 + # renovate: datasource=github-tags depName=python/cpython + PYTHON_VERSION: v3.14.5 + # renovate: datasource=github-releases depName=helm/chart-testing-action + CHART_TESTING_VERSION: v3.13.0 + # renovate: datasource=github-releases depName=adrienverge/yamllint + CHART_TESTING_YAMLLINT_VERSION: v1.38.0 + # renovate: datasource=github-releases depName=23andMe/Yamale + CHART_TESTING_YAMALE_VERSION: 6.1.0 + +jobs: + metadata-collector: + uses: ./.github/workflows/metadata-collector.yaml + + version-check: + uses: ./.github/workflows/version-check.yaml + + pre-commit: + runs-on: ubuntu-24.04 + steps: + - name: Checkout + uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2 + with: + persist-credentials: false + + - name: Setup Mise + uses: jdx/mise-action@1648a7812b9aeae629881980618f079932869151 # v4.0.1 + with: + version: ${{ env.MISE_VERSION }} + + - name: Cache pre-commit + uses: actions/cache@27d5ce7f107fe9357f9df03efb73ab90386fccae # v5.0.5 + with: + path: ~/.cache/pre-commit + key: ${{ runner.os }}-pre-commit-${{ hashFiles('.pre-commit-config.yaml') }} + restore-keys: ${{ runner.os }}-pre-commit-${{ hashFiles('.pre-commit-config.yaml') }}- + + - name: Run pre-commit + run: pre-commit run --show-diff-on-failure --color=always --all-files + env: + GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} # required for GH API calls quota + GH_TOKEN: ${{ secrets.GITHUB_TOKEN }} # required for zizmor + + artifacthub-lint: + runs-on: ubuntu-24.04 + container: + image: docker.io/artifacthub/ah:v1.22.0 # referencing version via env variable not supported in GHA + options: --user=root + steps: + - name: Checkout code + uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2 + with: + persist-credentials: false + + - name: Run Artifact Hub lint + working-directory: ./charts/ + run: ah lint + + chart-testing: + runs-on: ubuntu-24.04 + needs: [pre-commit, artifacthub-lint, metadata-collector, version-check] + strategy: + fail-fast: false + matrix: + chart: ${{ fromJSON(needs.metadata-collector.outputs.charts) }} + steps: + - name: Checkout + uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2 + with: + persist-credentials: false + + - name: Set up Helm + uses: azure/setup-helm@dda3372f752e03dde6b3237bc9431cdc2f7a02a2 # v5.0.0 + with: + version: ${{ env.HELM_VERSION }} + + - uses: actions/setup-python@a309ff8b426b58ec0e2a45f0f869d46889d02405 # v6.2.0 + with: + python-version: ${{ env.PYTHON_VERSION }} + + - name: Set up chart-testing + uses: helm/chart-testing-action@6ec842c01de15ebb84c8627d2744a0c2f2755c9f # v2.8.0 + with: + version: ${{ env.CHART_TESTING_VERSION }} + yamllint_version: ${{ env.CHART_TESTING_YAMLLINT_VERSION }} + yamale_version: ${{ env.CHART_TESTING_YAMALE_VERSION }} + + - name: Build Helm dependencies + # Build Helm chart dependencies locally to support both chart-testing lint and install operations. + # This allows using the --skip-helm-dependencies flag with chart-testing commands, eliminating the need for separate repository configurations during testing. + run: scripts/helm-dependency-build.sh $CHART_NAME + env: + CHART_NAME: ${{ matrix.chart }} + + - name: Run chart-testing (lint) + # zizmor:ignore-template-injection + run: ct lint --target-branch main --validate-maintainers=false --check-version-increment=false --lint-conf .yamllint.yaml --charts charts/${CHART_NAME} + env: + CHART_NAME: ${{ matrix.chart }} + + - name: Determine chart type + id: chart-type + run: echo "type=$(yq -r '.type' charts/${CHART_NAME}/Chart.yaml)" >> $GITHUB_OUTPUT + env: + CHART_NAME: ${{ matrix.chart }} + + - name: Create kind cluster + if: ${{ steps.chart-type.outputs.type == 'application' }} # Only run installation tests for application charts, skip library charts + uses: helm/kind-action@ef37e7f390d99f746eb8b610417061a60e82a6cc # v1.14.0 + + # FIXME config: Place custom steps to install CRDs or other dependencies here + + - name: Run chart-testing (install) + if: ${{ steps.chart-type.outputs.type == 'application' }} # Only run installation tests for application charts, skip library charts + # zizmor:ignore-template-injection + run: ct install --target-branch main --charts charts/${CHART_NAME} + env: + CHART_NAME: ${{ matrix.chart }} + + release: + runs-on: ubuntu-24.04 + permissions: + contents: read + packages: write + needs: [chart-testing, metadata-collector, version-check] + strategy: + fail-fast: false + matrix: + chart: ${{ fromJSON(needs.metadata-collector.outputs.charts) }} + steps: + - name: Checkout + uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2 + with: + persist-credentials: false + + - name: Set up Helm + uses: azure/setup-helm@dda3372f752e03dde6b3237bc9431cdc2f7a02a2 # v5.0.0 + with: + version: ${{ env.HELM_VERSION }} + + - name: GitHub Slug Action + uses: rlespinasse/github-slug-action@e6f261660910b273384c5c42b17a0217881b217a # v5.6.0 + + - name: Build Helm dependencies + # Build Helm chart dependencies locally to support both chart-testing lint and install operations. + # This allows using the --skip-helm-dependencies flag with chart-testing commands, eliminating the need for separate repository configurations during testing. + run: scripts/helm-dependency-build.sh $CHART_NAME + env: + CHART_NAME: ${{ matrix.chart }} + + - name: Publish Helm chart + # FIXME config: Add dependency repositories + run: | + echo "${{ secrets.GITHUB_TOKEN }}" | helm registry login ghcr.io --username ${GITHUB_ACTOR} --password-stdin + + helm package charts/${CHART_NAME} + helm push "$(realpath ${CHART_NAME}-*.tgz)" oci://ghcr.io/${REPOSITORY_NAME} + + helm registry logout ghcr.io + env: + REPOSITORY_NAME: ${{ github.repository }}/${{ env.GITHUB_EVENT_REF_SLUG || env.GITHUB_HEAD_REF_SLUG }} + CHART_NAME: ${{ matrix.chart }} diff --git a/.github/workflows/release.yaml b/.github/workflows/release.yaml index 551b75a..d97d5e9 100644 --- a/.github/workflows/release.yaml +++ b/.github/workflows/release.yaml @@ -1,26 +1,76 @@ -name: Release Charts +name: Release on: + workflow_dispatch: push: - branches: - - main + tags: + - '*' + +permissions: + contents: read + +env: + # renovate: datasource=github-releases depName=helm/helm + HELM_VERSION: v3.21.0 jobs: - release: - runs-on: ubuntu-latest + metadata-collector: + uses: ./.github/workflows/metadata-collector.yaml + + version-check: + uses: ./.github/workflows/version-check.yaml + + chart: + runs-on: ubuntu-24.04 + permissions: + contents: read + packages: write + needs: [metadata-collector, version-check] + strategy: + fail-fast: false + matrix: + chart: ${{ fromJSON(needs.metadata-collector.outputs.charts) }} steps: - name: Checkout - uses: actions/checkout@v4 + uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2 with: - fetch-depth: 0 + persist-credentials: false - - name: Configure Git + - name: Set up Helm + uses: azure/setup-helm@dda3372f752e03dde6b3237bc9431cdc2f7a02a2 # v5.0.0 + with: + version: ${{ env.HELM_VERSION }} + + - name: Set up ORAS + uses: oras-project/setup-oras@38de303aac69abb66f3e6255b7198bff35f323e3 # v2.0.0 + + - name: Build Helm dependencies + run: scripts/helm-dependency-build.sh $CHART_NAME + env: + CHART_NAME: ${{ matrix.chart }} + + - name: Publish Helm chart run: | - git config user.name "$GITHUB_ACTOR" - git config user.email "$GITHUB_ACTOR@users.noreply.github.com" + echo "${{ secrets.GITHUB_TOKEN }}" | helm registry login ghcr.io --username ${GITHUB_ACTOR} --password-stdin + + helm package charts/${CHART_NAME} + helm push "$(realpath ${CHART_NAME}-*.tgz)" oci://ghcr.io/${REPOSITORY_NAME} + + helm registry logout ghcr.io + env: + REPOSITORY_NAME: ${{ github.repository }} + CHART_NAME: ${{ matrix.chart }} + + - name: Update ArtifactHUB repo + if: ${{ hashFiles(format('charts/{0}/artifacthub-repo.yml', matrix.chart)) != '' }} + run: | + echo "${{ secrets.GITHUB_TOKEN }}" | oras login ghcr.io --username ${GITHUB_ACTOR} --password-stdin + + oras push ghcr.io/${REPOSITORY_NAME}/${CHART_NAME}:artifacthub.io \ + --config /dev/null:application/vnd.cncf.artifacthub.config.v1+yaml \ + charts/${CHART_NAME}/artifacthub-repo.yml:application/vnd.cncf.artifacthub.repository-metadata.layer.v1.yaml - - name: Run chart-releaser - uses: helm/chart-releaser-action@v1.6.0 + oras logout ghcr.io env: - CR_TOKEN: "${{ secrets.GITHUB_TOKEN }}" - CR_SKIP_EXISTING: true + REPOSITORY_NAME: ${{ github.repository }} + CHART_NAME: ${{ matrix.chart }} diff --git a/.github/workflows/version-check.yaml b/.github/workflows/version-check.yaml new file mode 100644 index 0000000..3ed0d1e --- /dev/null +++ b/.github/workflows/version-check.yaml @@ -0,0 +1,60 @@ +name: Version check + +on: + workflow_call: + +permissions: + contents: read + +jobs: + metadata-collector: + uses: ./.github/workflows/metadata-collector.yaml + + version-check: + runs-on: ubuntu-24.04 + needs: [metadata-collector] + strategy: + fail-fast: false + matrix: + chart: ${{ fromJSON(needs.metadata-collector.outputs.charts) }} + steps: + - name: Checkout + uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2 + with: + persist-credentials: true # needed for private repositories + + - name: Set up ORAS + uses: oras-project/setup-oras@38de303aac69abb66f3e6255b7198bff35f323e3 # v2.0.0 + + - name: Check if chart version exists + run: | + CHART_VERSION=$(yq -r '.version' charts/${CHART_NAME}/Chart.yaml) + echo "${{ secrets.GITHUB_TOKEN }}" | oras login ghcr.io --username ${GITHUB_ACTOR} --password-stdin + + if oras manifest fetch ghcr.io/${REPOSITORY_NAME}/${CHART_NAME}:${CHART_VERSION} >/dev/null 2>&1; then + echo "Error: Chart '${CHART_NAME}' version '${CHART_VERSION}' already exists in the registry. Increment the version in Chart.yaml and push again." + oras logout ghcr.io + exit 1 + else + oras logout ghcr.io + fi + env: + REPOSITORY_NAME: ${{ github.repository }} + CHART_NAME: ${{ matrix.chart }} + + - name: Check if tag matches the chart name and version + if: startsWith(github.ref, 'refs/tags/') + run: | + CHART_VERSION=$(yq -r '.version' charts/${CHART_NAME}/Chart.yaml) + TAG_REF="${GITHUB_REF#refs/tags/}" + EXPECTED_TAG="${CHART_NAME}-${CHART_VERSION}" + + if [ "$TAG_REF" != "$EXPECTED_TAG" ]; then + echo "Error: Pushed tag ($TAG_REF) does not match expected format." + echo "Expected: $EXPECTED_TAG Received: $TAG_REF" + exit 1 + else + echo "Pushed tag ($TAG_REF) matches expected format: $EXPECTED_TAG" + fi + env: + CHART_NAME: ${{ matrix.chart }} diff --git a/.gitignore b/.gitignore new file mode 100644 index 0000000..aa1ec1e --- /dev/null +++ b/.gitignore @@ -0,0 +1 @@ +*.tgz diff --git a/.pre-commit-config.yaml b/.pre-commit-config.yaml new file mode 100644 index 0000000..2f73981 --- /dev/null +++ b/.pre-commit-config.yaml @@ -0,0 +1,45 @@ +repos: + - repo: https://github.com/pre-commit/pre-commit-hooks + # renovate: datasource=github-tags depName=pre-commit/pre-commit-hooks + rev: 3e8a8703264a2f4a69428a0aa4dcb512790b2c8c # v6.0.0 # pragma: allowlist secret + hooks: + - id: trailing-whitespace + args: ["--markdown-linebreak-ext=md"] + - id: check-merge-conflict + - id: end-of-file-fixer + + - repo: local + hooks: + - id: helm-dependency-build + name: run helm dependency build + entry: scripts/helm-dependency-build.sh + language: script + pass_filenames: false + + - repo: https://github.com/gruntwork-io/pre-commit + # renovate: datasource=github-releases depName=gruntwork-io/pre-commit + rev: 40f924cd642f5dc98d12bd97b07f3752223553da # v0.1.30 # pragma: allowlist secret + hooks: + - id: helmlint + + - repo: https://github.com/norwoodj/helm-docs + # renovate: datasource=github-releases depName=norwoodj/helm-docs + rev: 37d3055fece566105cf8cff7c17b7b2355a01677 # v1.14.2 # pragma: allowlist secret + hooks: + - id: helm-docs + args: + # Make the tool search for charts only under the `charts` directory + - --chart-search-root=charts + + - repo: https://github.com/Yelp/detect-secrets + # renovate: datasource=github-releases depName=Yelp/detect-secrets + rev: 01886c8a910c64595c47f186ca1ffc0b77fa5458 # v1.5.0 # pragma: allowlist secret + hooks: + - id: detect-secrets + args: ["--baseline", ".secrets.baseline"] + + - repo: https://github.com/zizmorcore/zizmor-pre-commit + # renovate: datasource=github-releases depName=zizmorcore/zizmor-pre-commit + rev: 9257c6050c0261b8c57e712f632dc4a8010109a9 # v1.25.2 # pragma: allowlist secret + hooks: + - id: zizmor diff --git a/.secrets.baseline b/.secrets.baseline new file mode 100644 index 0000000..45f65d3 --- /dev/null +++ b/.secrets.baseline @@ -0,0 +1,131 @@ +{ + "version": "1.5.0", + "plugins_used": [ + { + "name": "ArtifactoryDetector" + }, + { + "name": "AWSKeyDetector" + }, + { + "name": "AzureStorageKeyDetector" + }, + { + "name": "Base64HighEntropyString", + "limit": 4.5 + }, + { + "name": "BasicAuthDetector" + }, + { + "name": "CloudantDetector" + }, + { + "name": "DiscordBotTokenDetector" + }, + { + "name": "GitHubTokenDetector" + }, + { + "name": "GitLabTokenDetector" + }, + { + "name": "HexHighEntropyString", + "limit": 3.0 + }, + { + "name": "IbmCloudIamDetector" + }, + { + "name": "IbmCosHmacDetector" + }, + { + "name": "IPPublicDetector" + }, + { + "name": "JwtTokenDetector" + }, + { + "name": "KeywordDetector", + "keyword_exclude": "" + }, + { + "name": "MailchimpDetector" + }, + { + "name": "NpmDetector" + }, + { + "name": "OpenAIDetector" + }, + { + "name": "PrivateKeyDetector" + }, + { + "name": "PypiTokenDetector" + }, + { + "name": "SendGridDetector" + }, + { + "name": "SlackDetector" + }, + { + "name": "SoftlayerDetector" + }, + { + "name": "SquareOAuthDetector" + }, + { + "name": "StripeDetector" + }, + { + "name": "TelegramBotTokenDetector" + }, + { + "name": "TwilioKeyDetector" + } + ], + "filters_used": [ + { + "path": "detect_secrets.filters.allowlist.is_line_allowlisted" + }, + { + "path": "detect_secrets.filters.common.is_baseline_file", + "filename": ".secrets.baseline" + }, + { + "path": "detect_secrets.filters.common.is_ignored_due_to_verification_policies", + "min_level": 2 + }, + { + "path": "detect_secrets.filters.heuristic.is_indirect_reference" + }, + { + "path": "detect_secrets.filters.heuristic.is_likely_id_string" + }, + { + "path": "detect_secrets.filters.heuristic.is_lock_file" + }, + { + "path": "detect_secrets.filters.heuristic.is_not_alphanumeric_string" + }, + { + "path": "detect_secrets.filters.heuristic.is_potential_uuid" + }, + { + "path": "detect_secrets.filters.heuristic.is_prefixed_with_dollar_sign" + }, + { + "path": "detect_secrets.filters.heuristic.is_sequential_string" + }, + { + "path": "detect_secrets.filters.heuristic.is_swagger_file" + }, + { + "path": "detect_secrets.filters.heuristic.is_templated_secret" + } + ], + "results": {}, + "generated_at": "2025-03-28T07:59:49Z" +} diff --git a/.templatesyncignore b/.templatesyncignore new file mode 100644 index 0000000..391c043 --- /dev/null +++ b/.templatesyncignore @@ -0,0 +1,5 @@ +charts +README.md +.secrets.baseline +.github/workflows/renovate.yaml +renovate.json diff --git a/.templatesyncignore.local b/.templatesyncignore.local new file mode 100644 index 0000000..46b6dbe --- /dev/null +++ b/.templatesyncignore.local @@ -0,0 +1 @@ +# This file prevents overriding files that are specific to individual templated addons. diff --git a/.tool-versions b/.tool-versions new file mode 100644 index 0000000..3c16909 --- /dev/null +++ b/.tool-versions @@ -0,0 +1,4 @@ +python 3.14.5 +pre-commit 4.6.0 +helm 3.21.0 +helm-docs 1.14.2 diff --git a/.yamllint.yaml b/.yamllint.yaml new file mode 100644 index 0000000..4004b71 --- /dev/null +++ b/.yamllint.yaml @@ -0,0 +1,5 @@ +--- +extends: relaxed +rules: + line-length: + max: 120 diff --git a/LICENSE b/LICENSE index 393b7a3..9e712fa 100644 --- a/LICENSE +++ b/LICENSE @@ -1,4 +1,3 @@ - Apache License Version 2.0, January 2004 http://www.apache.org/licenses/ @@ -187,7 +186,7 @@ same "printed page" as the copyright notice for easier identification within third-party archives. - Copyright The Helm Authors. + Copyright [2022] [Labyrinth Labs] Licensed under the Apache License, Version 2.0 (the "License"); you may not use this file except in compliance with the License. diff --git a/README.md b/README.md index 9f9bfbb..ffa33cc 100644 --- a/README.md +++ b/README.md @@ -1,127 +1,41 @@ -# Docker Registry Helm Chart +[](https://lablabs.io/) -This directory contains a Kubernetes chart to deploy a private Docker Registry. +**About us:**
+[Labyrinth Labs](https://lablabs.io/) is a one-stop-shop for **DevOps, Cloud & Kubernetes**! We specialize in creating **powerful**, **scalable** and **cloud-native platforms** tailored to elevate your business. -## Prerequisites Details +[As a team of experienced DevOps engineers](https://lablabs.io/about/), we know how to help our customers start their journey in the cloud, address the issues they have in their current setups and provide a **strategic solution to transform their infrastructure**. -* PV support on underlying infrastructure (if persistence is required) +---- -## Chart Details +# Docker Registry Helm chart -This chart will do the following: +Check out [README.md](charts/docker-registry/README.md) for more details about the chart. -* Implement a Docker registry deployment +## Contributing and reporting issues -## Installing the Chart +Feel free to create an issue in this repository if you have questions, suggestions or feature requests. -First, add the repo: +## License -```console -helm repo add twuni https://helm.twun.io -``` - -To install the chart, use the following: - -```console -helm install twuni/docker-registry -``` - -## Configuration +[![License](https://img.shields.io/badge/License-Apache%202.0-blue.svg)](https://opensource.org/licenses/Apache-2.0) -The following table lists the configurable parameters of the docker-registry chart and -their default values. +See [LICENSE](LICENSE) for full details. -| Parameter | Description | Default | -|:----------------------------|:-------------------------------------------------------------------------------------------|:----------------| -| `image.pullPolicy` | Container pull policy | `IfNotPresent` | -| `image.repository` | Container image to use | `registry` | -| `image.tag` | Container image tag to deploy | `2.7.1` | -| `imagePullSecrets` | Specify image pull secrets | `nil` (does not add image pull secrets to deployed pods) | -| `persistence.accessMode` | Access mode to use for PVC | `ReadWriteOnce` | -| `persistence.enabled` | Whether to use a PVC for the Docker storage | `false` | -| `persistence.deleteEnabled` | Enable the deletion of image blobs and manifests by digest | `nil` | -| `persistence.size` | Amount of space to claim for PVC | `10Gi` | -| `persistence.storageClass` | Storage Class to use for PVC | `-` | -| `persistence.existingClaim` | Name of an existing PVC to use for config | `nil` | -| `serviceAccount.create` | Create ServiceAccount | `false` | -| `serviceAccount.name` | ServiceAccount name | `nil` | -| `serviceAccount.annotations` | Annotations to add to the ServiceAccount | `{}` | -| `service.port` | TCP port on which the service is exposed | `5000` | -| `service.type` | service type | `ClusterIP` | -| `service.clusterIP` | if `service.type` is `ClusterIP` and this is non-empty, sets the cluster IP of the service | `nil` | -| `service.nodePort` | if `service.type` is `NodePort` and this is non-empty, sets the node port of the service | `nil` | -| `service.loadBalancerIP` | if `service.type` is `LoadBalancer` and this is non-empty, sets the loadBalancerIP of the service | `nil` | -| `service.loadBalancerSourceRanges`| if `service.type` is `LoadBalancer` and this is non-empty, sets the loadBalancerSourceRanges of the service | `nil` | -| `service.sessionAffinity` | service session affinity | `nil` | -| `service.sessionAffinityConfig` | service session affinity config | `nil` | -| `replicaCount` | k8s replicas | `1` | -| `updateStrategy` | update strategy for deployment | `{}` | -| `podAnnotations` | Annotations for pod | `{}` | -| `podLabels` | Labels for pod | `{}` | -| `podDisruptionBudget` | Pod disruption budget | `{}` | -| `resources.limits.cpu` | Container requested CPU | `nil` | -| `resources.limits.memory` | Container requested memory | `nil` | -| `autoscaling.enabled` | Enable autoscaling using HorizontalPodAutoscaler | `false` | -| `autoscaling.minReplicas` | Minimal number of replicas | `1` | -| `autoscaling.maxReplicas` | Maximal number of replicas | `2` | -| `autoscaling.targetCPUUtilizationPercentage` | Target average utilization of CPU on Pods | `60` | -| `autoscaling.targetMemoryUtilizationPercentage` | (Kubernetes ≥1.23) Target average utilization of Memory on Pods | `60` | -| `autoscaling.behavior` | (Kubernetes ≥1.23) Configurable scaling behavior | `{}` | -| `priorityClassName` | priorityClassName | `""` | -| `storage` | Storage system to use | `filesystem` | -| `tlsSecretName` | Name of secret for TLS certs | `nil` | -| `secrets.htpasswd` | Htpasswd authentication | `nil` | -| `secrets.s3.accessKey` | Access Key for S3 configuration | `nil` | -| `secrets.s3.secretKey` | Secret Key for S3 configuration | `nil` | -| `secrets.s3.secretRef` | The ref for an external secret containing the accessKey and secretKey keys | `""` | -| `secrets.swift.username` | Username for Swift configuration | `nil` | -| `secrets.swift.password` | Password for Swift configuration | `nil` | -| `secrets.haSharedSecret` | Shared secret for Registry | `nil` | -| `configData` | Configuration hash for docker | `nil` | -| `s3.region` | S3 region | `nil` | -| `s3.regionEndpoint` | S3 region endpoint | `nil` | -| `s3.bucket` | S3 bucket name | `nil` | -| `s3.rootdirectory` | S3 prefix that is applied to allow you to segment data | `nil` | -| `s3.encrypt` | Store images in encrypted format | `nil` | -| `s3.secure` | Use HTTPS | `nil` | -| `swift.authurl` | Swift authurl | `nil` | -| `swift.container` | Swift container | `nil` | -| `proxy.enabled` | If true, registry will function as a proxy/mirror | `false` | -| `proxy.remoteurl` | Remote registry URL to proxy requests to | `https://registry-1.docker.io` | -| `proxy.username` | Remote registry login username | `nil` | -| `proxy.password` | Remote registry login password | `nil` | -| `proxy.secretRef` | The ref for an external secret containing the proxyUsername and proxyPassword keys | `""` | -| `namespace` | specify a namespace to install the chart to - defaults to `.Release.Namespace` | `{{ .Release.Namespace }}` | -| `nodeSelector` | node labels for pod assignment | `{}` | -| `affinity` | affinity settings | `{}` | -| `tolerations` | pod tolerations | `[]` | -| `topologySpreadConstraints` | topology spread constraints for pod scheduling | `[]` | -| `ingress.enabled` | If true, Ingress will be created | `false` | -| `ingress.annotations` | Ingress annotations | `{}` | -| `ingress.labels` | Ingress labels | `{}` | -| `ingress.path` | Ingress service path | `/` | -| `ingress.hosts` | Ingress hostnames | `[]` | -| `ingress.tls` | Ingress TLS configuration (YAML) | `[]` | -| `ingress.className` | Ingress controller class name | `nginx` | -| `metrics.enabled` | Enable metrics on Service | `false` | -| `metrics.port` | TCP port on which the service metrics is exposed | `5001` | -| `metrics.serviceMonitor.annotations` | Prometheus Operator ServiceMonitor annotations | `{}` | -| `metrics.serviceMonitor.enable` | If true, Prometheus Operator ServiceMonitor will be created | `false` | -| `metrics.serviceMonitor.labels` | Prometheus Operator ServiceMonitor labels | `{}` | -| `metrics.prometheusRule.annotations` | Prometheus Operator PrometheusRule annotations | `{}` | -| `metrics.prometheusRule.enable` | If true, Prometheus Operator prometheusRule will be created | `false` | -| `metrics.prometheusRule.labels` | Prometheus Operator prometheusRule labels | `{}` | -| `metrics.prometheusRule.rules` | PrometheusRule defining alerting rules for a Prometheus instance | `{}` | -| `extraVolumeMounts` | Additional volumeMounts to the registry container | `[]` | -| `extraVolumes` | Additional volumes to the pod | `[]` | -| `extraEnvVars` | Additional environment variables to the pod | `[]` | -| `initContainers` | Init containers to be created in the pod | `[]` | -| `garbageCollect.enabled` | If true, will deploy garbage-collector cronjob | `false` | -| `garbageCollect.deleteUntagged` | If true, garbage-collector will delete manifests that are not currently referenced via tag | `true` | | -| `garbageCollect.schedule` | CronTab schedule, please use standard crontab format | `0 1 * * *` | | +```plan +Licensed to the Apache Software Foundation (ASF) under one +or more contributor license agreements. See the NOTICE file +distributed with this work for additional information +regarding copyright ownership. The ASF licenses this file +to you under the Apache License, Version 2.0 (the +"License"); you may not use this file except in compliance +with the License. You may obtain a copy of the License at -Specify each parameter using the `--set key=value[,key=value]` argument to -`helm install`. + -To generate htpasswd file, run this docker command: -`docker run --entrypoint htpasswd registry:2 -Bbn user password > ./htpasswd`. +Unless required by applicable law or agreed to in writing, +software distributed under the License is distributed on an +"AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY +KIND, either express or implied. See the License for the +specific language governing permissions and limitations +under +``` diff --git a/charts/docker-registry/Chart.yaml b/charts/docker-registry/Chart.yaml index b0e582a..e6c6e2e 100644 --- a/charts/docker-registry/Chart.yaml +++ b/charts/docker-registry/Chart.yaml @@ -1,13 +1,12 @@ apiVersion: v1 description: A Helm chart for Docker Registry name: docker-registry -version: 2.2.3 +version: 3.0.0 appVersion: 2.8.1 home: https://hub.docker.com/_/registry/ -icon: https://helm.twun.io/docker-registry.png maintainers: -- email: devin@canterberry.cc - name: Devin Canterberry - url: https://canterberry.cc/ + - name: Labyrinth Labs + email: contact@lablabs.io + url: https://lablabs.io sources: -- https://github.com/docker/distribution-library-image + - https://github.com/docker/distribution-library-image diff --git a/charts/docker-registry/README.md b/charts/docker-registry/README.md new file mode 100644 index 0000000..c374ed5 --- /dev/null +++ b/charts/docker-registry/README.md @@ -0,0 +1,99 @@ +# docker-registry + +![Version: 3.0.0](https://img.shields.io/badge/Version-3.0.0-informational?style=flat-square) ![AppVersion: 2.8.1](https://img.shields.io/badge/AppVersion-2.8.1-informational?style=flat-square) + +A Helm chart for Docker Registry + +**Homepage:** + +## Maintainers + +| Name | Email | Url | +| ---- | ------ | --- | +| Labyrinth Labs | | | + +## Source Code + +* + +## Values + +| Key | Type | Default | Description | +|-----|------|---------|-------------| +| affinity | object | `{}` | | +| autoscaling.behavior | object | `{}` | | +| autoscaling.enabled | bool | `false` | | +| autoscaling.maxReplicas | int | `2` | | +| autoscaling.minReplicas | int | `1` | | +| autoscaling.targetCPUUtilizationPercentage | int | `60` | | +| autoscaling.targetMemoryUtilizationPercentage | int | `60` | | +| configData.health.storagedriver.enabled | bool | `true` | | +| configData.health.storagedriver.interval | string | `"10s"` | | +| configData.health.storagedriver.threshold | int | `3` | | +| configData.http.addr | string | `":5000"` | | +| configData.http.debug.addr | string | `":5001"` | | +| configData.http.debug.prometheus.enabled | bool | `false` | | +| configData.http.debug.prometheus.path | string | `"/metrics"` | | +| configData.http.headers.X-Content-Type-Options[0] | string | `"nosniff"` | | +| configData.log.fields.service | string | `"registry"` | | +| configData.storage.cache.blobdescriptor | string | `"inmemory"` | | +| configData.version | float | `0.1` | | +| configPath | string | `"/etc/docker/registry"` | | +| extraEnvVars | list | `[]` | | +| extraVolumeMounts | list | `[]` | | +| extraVolumes | list | `[]` | | +| garbageCollect.deleteUntagged | bool | `true` | | +| garbageCollect.enabled | bool | `false` | | +| garbageCollect.schedule | string | `"0 1 * * *"` | | +| image.pullPolicy | string | `"IfNotPresent"` | | +| image.repository | string | `"registry"` | | +| image.tag | string | `"2.8.1"` | | +| ingress.annotations | object | `{}` | | +| ingress.className | string | `"nginx"` | | +| ingress.enabled | bool | `false` | | +| ingress.hosts[0] | string | `"chart-example.local"` | | +| ingress.labels | object | `{}` | | +| ingress.path | string | `"/"` | | +| ingress.tls | string | `nil` | | +| initContainers | list | `[]` | | +| metrics.enabled | bool | `false` | | +| metrics.port | int | `5001` | | +| metrics.prometheusRule.enabled | bool | `false` | | +| metrics.prometheusRule.labels | object | `{}` | | +| metrics.prometheusRule.rules | object | `{}` | | +| metrics.serviceMonitor.enabled | bool | `false` | | +| metrics.serviceMonitor.labels | object | `{}` | | +| nodeSelector | object | `{}` | | +| persistence.accessMode | string | `"ReadWriteOnce"` | | +| persistence.enabled | bool | `false` | | +| persistence.size | string | `"10Gi"` | | +| podAnnotations | object | `{}` | | +| podDisruptionBudget | object | `{}` | | +| podLabels | object | `{}` | | +| priorityClassName | string | `""` | | +| proxy.enabled | bool | `false` | | +| proxy.password | string | `""` | | +| proxy.remoteurl | string | `"https://registry-1.docker.io"` | | +| proxy.secretRef | string | `""` | | +| proxy.username | string | `""` | | +| replicaCount | int | `1` | | +| resources | object | `{}` | | +| secrets.haSharedSecret | string | `""` | | +| secrets.htpasswd | string | `""` | | +| securityContext.enabled | bool | `true` | | +| securityContext.fsGroup | int | `1000` | | +| securityContext.runAsUser | int | `1000` | | +| service.annotations | object | `{}` | | +| service.name | string | `"registry"` | | +| service.port | int | `5000` | | +| service.type | string | `"ClusterIP"` | | +| serviceAccount.annotations | object | `{}` | | +| serviceAccount.create | bool | `false` | | +| serviceAccount.name | string | `""` | | +| storage | string | `"filesystem"` | | +| tolerations | list | `[]` | | +| topologySpreadConstraints | list | `[]` | | +| updateStrategy | object | `{}` | | + +---------------------------------------------- +Autogenerated from chart metadata using [helm-docs v1.14.2](https://github.com/norwoodj/helm-docs/releases/v1.14.2) diff --git a/charts/docker-registry/templates/secret.yaml b/charts/docker-registry/templates/secret.yaml index 6265dc8..5cc37cb 100644 --- a/charts/docker-registry/templates/secret.yaml +++ b/charts/docker-registry/templates/secret.yaml @@ -18,7 +18,7 @@ data: {{- else }} haSharedSecret: {{ randAlphaNum 16 | b64enc | quote }} {{- end }} - + {{- if eq .Values.storage "azure" }} {{- if and .Values.secrets.azure.accountName .Values.secrets.azure.accountKey .Values.secrets.azure.container }} azureAccountName: {{ .Values.secrets.azure.accountName | b64enc | quote }} diff --git a/scripts/helm-dependency-build.sh b/scripts/helm-dependency-build.sh new file mode 100755 index 0000000..629e4a2 --- /dev/null +++ b/scripts/helm-dependency-build.sh @@ -0,0 +1,19 @@ +#!/usr/bin/env sh + +process_chart() { + dir="$1" + if yq -e '.dependencies[] | select(.repository | match("https://"))' "$dir/Chart.yaml"; then + yq -r '.repositories[] | "helm repo add \(.name) \(.url)"' $dir/helm-repositories.yaml | sh + helm dependency build "$dir" --repository-config "$dir/helm-repositories.yaml" + else + helm dependency build "$dir" --skip-refresh + fi +} + +if [ $# -eq 1 ]; then + process_chart "charts/$1" +else + for dir in charts/*; do + process_chart "$dir" + done +fi