Merge pull request bank-vaults#11 from bank-vaults/improvements

Improvements
JonTheNiceGuy · Jun 14, 2023 · c7de80b · c7de80b
2 parents d6d0092 + 5380c4e
commit c7de80b
Show file tree

Hide file tree

Showing 5 changed files with 42 additions and 15 deletions.
diff --git a/.github/workflows/artifacts.yaml b/.github/workflows/artifacts.yaml
@@ -26,6 +26,15 @@ on:
       container-image-ref:
         description: Container image ref
         value: ${{ jobs.container-image.outputs.ref }}
+      helm-chart-name:
+        description: Helm chart OCI name
+        value: ${{ jobs.helm-chart.outputs.name }}
+      helm-chart-tag:
+        description: Helm chart tag
+        value: ${{ jobs.helm-chart.outputs.tag }}
+      helm-chart-package:
+        description: Helm chart package name
+        value: ${{ jobs.helm-chart.outputs.package }}
 
 permissions:
   contents: read
@@ -165,7 +174,8 @@ jobs:
 
     outputs:
       name: ${{ steps.oci-chart-name.outputs.value }}
-      tag: ${{ github.ref_name }}
+      tag: ${{ steps.version.outputs.value }}
+      package: ${{ steps.build.outputs.package }}
 
     steps:
       - name: Checkout repository
@@ -176,9 +186,9 @@ jobs:
         with:
           version: v3.12.0
 
-      - name: Set chart base name
+      - name: Set chart name
         id: chart-name
-        run: echo "value=vault-secrets-webhook" >> "$GITHUB_OUTPUT"
+        run: echo "value=${{ github.event.repository.name }}" >> "$GITHUB_OUTPUT"
 
       - name: Set OCI registry name
         id: oci-registry-name
@@ -189,7 +199,7 @@ jobs:
         run: echo "value=${{ steps.oci-registry-name.outputs.value }}/${{ steps.chart-name.outputs.value }}" >> "$GITHUB_OUTPUT"
 
       - name: Helm lint
-        run: helm lint charts/vault-secrets-webhook
+        run: helm lint charts/${{ steps.chart-name.outputs.value }}
 
       - name: Determine raw version
         uses: haya14busa/action-cond@1d6e8a12b20cdb4f1954feef9aa475b9c390cab5 # v1.1.1
@@ -231,6 +241,12 @@ jobs:
           HELM_REGISTRY_CONFIG: ~/.docker/config.json
         if: inputs.publish && inputs.release
 
+      - name: Upload package as artifact
+        uses: actions/upload-artifact@0b7f8abb1508181956e8e162db84b466c27e18ce # v3.1.2
+        with:
+          name: "[${{ github.job }}] package"
+          path: ${{ steps.build.outputs.package }}
+
       - name: Run Trivy vulnerability scanner
         uses: aquasecurity/trivy-action@41f05d9ecffa2ed3f1580af306000f734b733e54 # 0.11.2
         with:

diff --git a/.github/workflows/ci.yaml b/.github/workflows/ci.yaml
@@ -188,11 +188,17 @@ jobs:
         with:
           name: "[container-image] Docker tarball"
 
+      - name: Download helm chart
+        uses: actions/download-artifact@9bc31d5ccc31df68ecc42ccf4149144866c47d8a # v3.0.2
+        with:
+          name: "[helm-chart] package"
+
       - name: Test
         run: nix develop --impure .#ci -c make test-e2e
         env:
           KIND_K8S_VERSION: ${{ matrix.k8s_version }}
           LOAD_IMAGE_ARCHIVE: ${{ github.workspace }}/docker.tar
           # VAULT_VERSION: ${{ matrix.vault_version }}
           WEBHOOK_VERSION: ${{ needs.artifacts.outputs.container-image-tag }}
+          HELM_CHART: "${{ github.workspace }}/${{ needs.artifacts.outputs.helm-chart-package }}"
           LOG_VERBOSE: "true"
diff --git a/Makefile b/Makefile
@@ -7,7 +7,7 @@ CONTAINER_IMAGE_REF = ghcr.io/bank-vaults/vault-secrets-webhook:dev
 # Dependency versions
 GOLANGCI_VERSION = 1.53.1
 LICENSEI_VERSION = 0.8.0
-KIND_VERSION = 0.18.0
+KIND_VERSION = 0.19.0
 KURUN_VERSION = 0.7.0
 HELM_DOCS_VERSION = 1.11.0
 

diff --git a/e2e/main_test.go b/e2e/main_test.go
@@ -149,16 +149,21 @@ func uninstallVaultOperator(ctx context.Context, cfg *envconf.Config) (context.C
 func installVaultSecretsWebhook(ctx context.Context, cfg *envconf.Config) (context.Context, error) {
 	manager := helm.New(cfg.KubeconfigFile())
 
-	webhookVersion := "latest"
+	version := "latest"
 	if v := os.Getenv("WEBHOOK_VERSION"); v != "" {
-		webhookVersion = v
+		version = v
+	}
+
+	chart := "../charts/vault-secrets-webhook/"
+	if v := os.Getenv("HELM_CHART"); v != "" {
+		chart = v
 	}
 
 	err := manager.RunInstall(
 		helm.WithName("vault-secrets-webhook"), // This is weird that ReleaseName works differently, but it is what it is
-		helm.WithChart("../charts/vault-secrets-webhook/"),
+		helm.WithChart(chart),
 		helm.WithNamespace("vault-secrets-webhook"),
-		helm.WithArgs("-f", "deploy/vault-secrets-webhook/values.yaml", "--set", "image.tag="+webhookVersion),
+		helm.WithArgs("-f", "deploy/vault-secrets-webhook/values.yaml", "--set", "image.tag="+version),
 		helm.WithWait(),
 		helm.WithTimeout("2m"),
 	)

diff --git a/flake.lock b/flake.lock