PWB: Support defining sensitive config values via k8s secrets #1482
Workflow file for this run
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
name: Lint and Test Charts | |
on: | |
push: | |
branches: | |
- main | |
pull_request: | |
jobs: | |
lint: | |
runs-on: ubuntu-latest | |
steps: | |
- name: Checkout | |
uses: actions/checkout@v4 | |
with: | |
fetch-depth: 0 | |
- name: Set up Helm | |
uses: azure/[email protected] | |
with: | |
version: v3.6.3 | |
- name: Add rstudio helm repo | |
run: helm repo add rstudio https://helm.rstudio.com | |
- uses: actions/setup-python@v5 | |
with: | |
python-version: "3.10" | |
- name: Set up chart-testing | |
uses: helm/[email protected] | |
- name: Symlink ci-lint -> ci | |
run: | | |
for dir in ci/*/lint; do | |
dir=${dir#ci/} | |
dir=${dir%/lint} | |
ln -s ../../ci/${dir}/lint charts/${dir}/ci | |
done | |
- name: Run chart-testing (list-changed) | |
id: list-changed | |
run: | | |
changed=$(ct list-changed --target-branch main --chart-dirs charts --chart-dirs other-charts) | |
if [[ -n "$changed" ]]; then | |
echo 'changed=true' >> $GITHUB_OUTPUT | |
fi | |
- name: Run chart-testing (lint changed) | |
id: ct-lint | |
if: steps.list-changed.outputs.changed == 'true' | |
run: ct lint --target-branch main --chart-dirs charts --chart-dirs other-charts | |
continue-on-error: true | |
- name: Run chart-testing (lint all) | |
id: ct-lint-all | |
run: ct lint --target-branch main --all --chart-dirs charts --chart-dirs other-charts | |
continue-on-error: true | |
- name: Notify Slack of chart linting failure | |
if: steps.ct-lint.outcome == 'failure' || steps.ct-lint-all.outcome == 'failure' | |
uses: slackapi/[email protected] | |
with: | |
payload-delimiter: "_" | |
payload: | | |
{ | |
"blocks": [ | |
{ | |
"type": "section", | |
"text": { | |
"type": "mrkdwn", | |
"text": "Linting failed for ${{ steps.ct-lint.outcome == 'failure' && 'changed' || 'all' }} charts. ${{ github.server_url }}/${{ github.repository }}/actions/runs/${{ github.run_id }}" | |
} | |
} | |
] | |
} | |
env: | |
SLACK_WEBHOOK_URL: ${{ secrets.SLACK_WEBHOOK_URL }} | |
SLACK_WEBHOOK_TYPE: INCOMING_WEBHOOK | |
- name: Fail the workflow if failed linting | |
if: steps.ct-lint.outcome == 'failure' || steps.ct-lint-all.outcome == 'failure' | |
run: exit 1 | |
test: | |
runs-on: ubuntu-latest | |
steps: | |
- name: Checkout | |
uses: actions/checkout@v4 | |
with: | |
fetch-depth: 0 | |
- name: Set up Helm | |
uses: azure/[email protected] | |
with: | |
version: v3.6.3 | |
- name: Install helm unittest plugin | |
run: helm plugin install --version v0.6.3 https://github.com/helm-unittest/helm-unittest.git | |
- name: Run chart unit tests | |
id: unittest | |
run: | | |
for dir in $(ls -d charts/*/); do | |
pushd $dir; helm dependencies update; popd | |
helm unittest $dir | |
done | |
continue-on-error: true | |
- name: Notify Slack of chart unittest failure | |
if: steps.unittest.outcome == 'failure' | |
uses: slackapi/[email protected] | |
with: | |
payload-delimiter: "_" | |
payload: | | |
{ | |
"blocks": [ | |
{ | |
"type": "section", | |
"text": { | |
"type": "mrkdwn", | |
"text": "Chart unit tests failed. ${{ github.server_url }}/${{ github.repository }}/actions/runs/${{ github.run_id }}" | |
} | |
} | |
] | |
} | |
env: | |
SLACK_WEBHOOK_URL: ${{ secrets.SLACK_WEBHOOK_URL }} | |
SLACK_WEBHOOK_TYPE: INCOMING_WEBHOOK | |
- name: Fail the workflow if failed unittest | |
if: steps.unittest.outcome == 'failure' | |
run: exit 1 | |
install: | |
runs-on: ubuntu-latest | |
steps: | |
- name: Checkout | |
uses: actions/checkout@v4 | |
with: | |
fetch-depth: 0 | |
- name: Set up Helm | |
uses: azure/[email protected] | |
with: | |
version: v3.6.3 | |
- name: Add rstudio helm repo | |
run: helm repo add rstudio https://helm.rstudio.com | |
- uses: actions/setup-python@v5 | |
with: | |
python-version: "3.10" | |
- name: Set up chart-testing | |
uses: helm/[email protected] | |
- name: Symlink ci-install -> ci | |
run: | | |
for dir in ci/*/install; do | |
dir=${dir#ci/} | |
dir=${dir%/install} | |
ln -s ../../ci/${dir}/install charts/${dir}/ci | |
done | |
- name: Run chart-testing (list-changed) | |
id: list-changed | |
run: | | |
changed=$(ct list-changed --target-branch main --chart-dirs charts --chart-dirs other-charts) | |
if [[ -n "$changed" ]]; then | |
echo 'changed=true' >> $GITHUB_OUTPUT | |
fi | |
- name: Create kind cluster | |
uses: helm/[email protected] | |
- name: Install SealedSecrets Helm Chart | |
run: | | |
helm repo add sealed-secrets https://bitnami-labs.github.io/sealed-secrets | |
helm install sealed-secrets sealed-secrets/sealed-secrets | |
- name: Create posit-test namespace | |
run: kubectl create namespace posit-test | |
- name: Create License File Secrets | |
run: | | |
echo "${{ secrets.PWB_LICENSE_FILE }}" > pwb.lic | |
kubectl create secret generic pwb-license --from-file=pwb.lic --namespace posit-test | |
rm pwb.lic | |
echo "${{ secrets.PCT_LICENSE_FILE }}" > pct.lic | |
kubectl create secret generic pct-license --from-file=pct.lic --namespace posit-test | |
rm pct.lic | |
echo "${{ secrets.PPM_LICENSE_FILE }}" > ppm.lic | |
kubectl create secret generic ppm-license --from-file=ppm.lic --namespace posit-test | |
rm ppm.lic | |
# no allow-failure until https://github.com/actions/toolkit/issues/399 | |
- name: Run chart-testing (install changed) | |
id: ct-install | |
if: ${{ github.ref != 'refs/heads/main' && steps.list-changed.outputs.changed == 'true' }} | |
run: ct install --target-branch main --chart-dirs charts --chart-dirs other-charts --excluded-charts rstudio-library --namespace posit-test | |
continue-on-error: true | |
# no allow-failure until https://github.com/actions/toolkit/issues/399 | |
- name: Run chart-testing (install all) | |
id: ct-install-all | |
run: ct install --target-branch main --all --chart-dirs charts --chart-dirs other-charts --excluded-charts rstudio-library --namespace posit-test | |
continue-on-error: true | |
- name: Notify Slack of chart install failure | |
if: steps.ct-install.outcome == 'failure' || steps.ct-install-all.outcome == 'failure' | |
uses: slackapi/[email protected] | |
with: | |
payload-delimiter: "_" | |
payload: | | |
{ | |
"blocks": [ | |
{ | |
"type": "section", | |
"text": { | |
"type": "mrkdwn", | |
"text": "Failure during test installation of ${{ steps.ct-install.outcome == 'failure' && 'changed' || 'all' }} charts. ${{ github.server_url }}/${{ github.repository }}/actions/runs/${{ github.run_id }}" | |
} | |
} | |
] | |
} | |
env: | |
SLACK_WEBHOOK_URL: ${{ secrets.SLACK_WEBHOOK_URL }} | |
SLACK_WEBHOOK_TYPE: INCOMING_WEBHOOK | |
- name: Fail the workflow if failed installs | |
if: steps.ct-install.outcome == 'failure' || steps.ct-install-all.outcome == 'failure' | |
run: exit 1 | |
check-versions-connect: | |
runs-on: ubuntu-latest | |
steps: | |
- name: Checkout | |
uses: actions/checkout@v4 | |
with: | |
fetch-depth: 0 | |
- name: Set up Helm | |
uses: azure/[email protected] | |
with: | |
version: v3.6.3 | |
- uses: extractions/setup-just@v2 | |
- name: Run executable verification for default interpreters | |
run: | | |
just test-connect-interpreter-versions |