testing oidc setup for private ECR pulls

.github/ct.yaml

@@ -3,7 +3,7 @@ helm-extra-args: --timeout 600s
 check-version-increment: true
 validate-yaml: true
 validate-chart-schema: true
-validate-maintainers: true
+validate-maintainers: false
 target-branch: main
 
 chart-dirs:

.github/workflows/ci.yaml

@@ -6,6 +6,9 @@ jobs:
   lint-test:
     env:
       NAMESPACE: "chart-ci-e2e"
+    permissions:
+      id-token: write
+      contents: read
     runs-on: ubuntu-latest
     steps:
       - name: Checkout
@@ -46,6 +49,8 @@ jobs:
         run: |
           set -e
 
+          kubectl create ns chart-ci-e2e
+
           helm repo add bitnami https://charts.bitnami.com/bitnami
           helm repo update
 
@@ -88,6 +93,18 @@ jobs:
             --set persistence.enabled=false \
             redis-discourse bitnami/redis
 
+      - name: Configure AWS credentials
+        if: steps.list-changed.outputs.changed == 'true'
+        uses: aws-actions/configure-aws-credentials@v1
+        with:
+          role-to-assume: arn:aws:iam::783633885093:role/ecr-readonly-iam
+          aws-region: us-west-2
+
+      - name: Login to Amazon ECR
+        id: login-ecr
+        if: steps.list-changed.outputs.changed == 'true'
+        uses: aws-actions/amazon-ecr-login@v1
+
       - name: Install ECR Secret
         if: steps.list-changed.outputs.changed == 'true'
         run: |

README.md

@@ -10,18 +10,18 @@ This repository contains a collection of Helm charts curated by Mozilla's Servic
 
 ## Referencing images in ECR
 Charts referencing Docker Images stored in an ECR repo under `itsre-apps` subaccount can't be pulled without credentials.   
-Travis is configured to get Pull credentials for repositories inside that account.  
-In order to instruct the testing suite to
-use those credentials you have to create a folder named `ci` inside your chart, a file `test-values.yaml` inside it with the next content:
+
+GitHub Actions is configured to get Pull credentials for repositories inside that account.  
+
+<!-- In order to instruct the testing suite to use those credentials you have to create a folder named `ci` inside your chart, a file `test-values.yaml` inside it with the next content:
 ```
 imagePullSecrets:
   - name: ecr-registry
 ```
-Check [here](https://github.com/mozilla-it/helm-charts/pull/39/commits/1a0fbfed5810a6d6875ca0172adac5065ee03b74#diff-245000fef8fab28267cb8040d6a3d7f6) for an example.
+Check [here](https://github.com/mozilla-it/helm-charts/pull/39/commits/1a0fbfed5810a6d6875ca0172adac5065ee03b74#diff-245000fef8fab28267cb8040d6a3d7f6) for an example. -->
 
 ## Installing Helm Charts from this repository
-This repository is serving Helm Charts using the webserver provided by Github pages. In order to install Helm charts in your cluster
-add this repository to your helm repository list running `helm repo add mozilla-helm-charts https://mozilla-it.github.io/helm-charts/`
+This repository is serving Helm Charts using the webserver provided by Github pages. In order to install Helm charts in your cluster add this repository to your helm repository list running `helm repo add mozilla-helm-charts https://mozilla-it.github.io/helm-charts/`
 
 ## Debug a Chart deployment
 This section describes how to verify that your chart is installed correctly as well as what to do if it is not.

charts/etherpad/Chart.yaml

@@ -2,7 +2,7 @@ apiVersion: v2
 name: etherpad
 description: A Helm chart for the Mozilla Etherpad application
 type: application
-version: 1.0.0
+version: 1.0.1
 
 keywords:
   - Mozilla

charts/etherpad/ci/test-values.yaml

@@ -11,11 +11,20 @@ configMap:
     ETHERPAD_API_KEY: dumberetherpadapikey
     ETHERPAD_SESSION_KEY: dumbetherpadsecretkey
 
+deployment:
+  resources:
+    requests:
+      cpu: 250m
+      memory: 1Gi
+    limits:
+      cpu: 1
+      memory: 2Gi
+
 image:
   tag: stg-9922b5f
 
-imagePullSecrets:
-  - name: ecr-registry
+# imagePullSecrets:
+#   - name: ecr-registry
 
 ingress:
   hosts: