Skip to content

PWB: Support defining sensitive config values via k8s secrets #1482

PWB: Support defining sensitive config values via k8s secrets

PWB: Support defining sensitive config values via k8s secrets #1482

Workflow file for this run

name: Lint and Test Charts
on:
push:
branches:
- main
pull_request:
jobs:
lint:
runs-on: ubuntu-latest
steps:
- name: Checkout
uses: actions/checkout@v4
with:
fetch-depth: 0
- name: Set up Helm
uses: azure/[email protected]
with:
version: v3.6.3
- name: Add rstudio helm repo
run: helm repo add rstudio https://helm.rstudio.com
- uses: actions/setup-python@v5
with:
python-version: "3.10"
- name: Set up chart-testing
uses: helm/[email protected]
- name: Symlink ci-lint -> ci
run: |
for dir in ci/*/lint; do
dir=${dir#ci/}
dir=${dir%/lint}
ln -s ../../ci/${dir}/lint charts/${dir}/ci
done
- name: Run chart-testing (list-changed)
id: list-changed
run: |
changed=$(ct list-changed --target-branch main --chart-dirs charts --chart-dirs other-charts)
if [[ -n "$changed" ]]; then
echo 'changed=true' >> $GITHUB_OUTPUT
fi
- name: Run chart-testing (lint changed)
id: ct-lint
if: steps.list-changed.outputs.changed == 'true'
run: ct lint --target-branch main --chart-dirs charts --chart-dirs other-charts
continue-on-error: true
- name: Run chart-testing (lint all)
id: ct-lint-all
run: ct lint --target-branch main --all --chart-dirs charts --chart-dirs other-charts
continue-on-error: true
- name: Notify Slack of chart linting failure
if: steps.ct-lint.outcome == 'failure' || steps.ct-lint-all.outcome == 'failure'
uses: slackapi/[email protected]
with:
payload-delimiter: "_"
payload: |
{
"blocks": [
{
"type": "section",
"text": {
"type": "mrkdwn",
"text": "Linting failed for ${{ steps.ct-lint.outcome == 'failure' && 'changed' || 'all' }} charts. ${{ github.server_url }}/${{ github.repository }}/actions/runs/${{ github.run_id }}"
}
}
]
}
env:
SLACK_WEBHOOK_URL: ${{ secrets.SLACK_WEBHOOK_URL }}
SLACK_WEBHOOK_TYPE: INCOMING_WEBHOOK
- name: Fail the workflow if failed linting
if: steps.ct-lint.outcome == 'failure' || steps.ct-lint-all.outcome == 'failure'
run: exit 1
test:
runs-on: ubuntu-latest
steps:
- name: Checkout
uses: actions/checkout@v4
with:
fetch-depth: 0
- name: Set up Helm
uses: azure/[email protected]
with:
version: v3.6.3
- name: Install helm unittest plugin
run: helm plugin install --version v0.6.3 https://github.com/helm-unittest/helm-unittest.git
- name: Run chart unit tests
id: unittest
run: |
for dir in $(ls -d charts/*/); do
pushd $dir; helm dependencies update; popd
helm unittest $dir
done
continue-on-error: true
- name: Notify Slack of chart unittest failure
if: steps.unittest.outcome == 'failure'
uses: slackapi/[email protected]
with:
payload-delimiter: "_"
payload: |
{
"blocks": [
{
"type": "section",
"text": {
"type": "mrkdwn",
"text": "Chart unit tests failed. ${{ github.server_url }}/${{ github.repository }}/actions/runs/${{ github.run_id }}"
}
}
]
}
env:
SLACK_WEBHOOK_URL: ${{ secrets.SLACK_WEBHOOK_URL }}
SLACK_WEBHOOK_TYPE: INCOMING_WEBHOOK
- name: Fail the workflow if failed unittest
if: steps.unittest.outcome == 'failure'
run: exit 1
install:
runs-on: ubuntu-latest
steps:
- name: Checkout
uses: actions/checkout@v4
with:
fetch-depth: 0
- name: Set up Helm
uses: azure/[email protected]
with:
version: v3.6.3
- name: Add rstudio helm repo
run: helm repo add rstudio https://helm.rstudio.com
- uses: actions/setup-python@v5
with:
python-version: "3.10"
- name: Set up chart-testing
uses: helm/[email protected]
- name: Symlink ci-install -> ci
run: |
for dir in ci/*/install; do
dir=${dir#ci/}
dir=${dir%/install}
ln -s ../../ci/${dir}/install charts/${dir}/ci
done
- name: Run chart-testing (list-changed)
id: list-changed
run: |
changed=$(ct list-changed --target-branch main --chart-dirs charts --chart-dirs other-charts)
if [[ -n "$changed" ]]; then
echo 'changed=true' >> $GITHUB_OUTPUT
fi
- name: Create kind cluster
uses: helm/[email protected]
- name: Install SealedSecrets Helm Chart
run: |
helm repo add sealed-secrets https://bitnami-labs.github.io/sealed-secrets
helm install sealed-secrets sealed-secrets/sealed-secrets
- name: Create posit-test namespace
run: kubectl create namespace posit-test
- name: Create License File Secrets
run: |
echo "${{ secrets.PWB_LICENSE_FILE }}" > pwb.lic
kubectl create secret generic pwb-license --from-file=pwb.lic --namespace posit-test
rm pwb.lic
echo "${{ secrets.PCT_LICENSE_FILE }}" > pct.lic
kubectl create secret generic pct-license --from-file=pct.lic --namespace posit-test
rm pct.lic
echo "${{ secrets.PPM_LICENSE_FILE }}" > ppm.lic
kubectl create secret generic ppm-license --from-file=ppm.lic --namespace posit-test
rm ppm.lic
# no allow-failure until https://github.com/actions/toolkit/issues/399
- name: Run chart-testing (install changed)
id: ct-install
if: ${{ github.ref != 'refs/heads/main' && steps.list-changed.outputs.changed == 'true' }}
run: ct install --target-branch main --chart-dirs charts --chart-dirs other-charts --excluded-charts rstudio-library --namespace posit-test
continue-on-error: true
# no allow-failure until https://github.com/actions/toolkit/issues/399
- name: Run chart-testing (install all)
id: ct-install-all
run: ct install --target-branch main --all --chart-dirs charts --chart-dirs other-charts --excluded-charts rstudio-library --namespace posit-test
continue-on-error: true
- name: Notify Slack of chart install failure
if: steps.ct-install.outcome == 'failure' || steps.ct-install-all.outcome == 'failure'
uses: slackapi/[email protected]
with:
payload-delimiter: "_"
payload: |
{
"blocks": [
{
"type": "section",
"text": {
"type": "mrkdwn",
"text": "Failure during test installation of ${{ steps.ct-install.outcome == 'failure' && 'changed' || 'all' }} charts. ${{ github.server_url }}/${{ github.repository }}/actions/runs/${{ github.run_id }}"
}
}
]
}
env:
SLACK_WEBHOOK_URL: ${{ secrets.SLACK_WEBHOOK_URL }}
SLACK_WEBHOOK_TYPE: INCOMING_WEBHOOK
- name: Fail the workflow if failed installs
if: steps.ct-install.outcome == 'failure' || steps.ct-install-all.outcome == 'failure'
run: exit 1
check-versions-connect:
runs-on: ubuntu-latest
steps:
- name: Checkout
uses: actions/checkout@v4
with:
fetch-depth: 0
- name: Set up Helm
uses: azure/[email protected]
with:
version: v3.6.3
- uses: extractions/setup-just@v2
- name: Run executable verification for default interpreters
run: |
just test-connect-interpreter-versions