Merge pull request #52 from GitGuardian/ctourriere/fix_vault_k8s_and_lint_examples

Ctourriere/fix vault k8s and lint examples

Author: clement-tourriere

.github/workflows/validate-helm-examples.yml

@@ -12,7 +12,101 @@ on:
   workflow_dispatch:
 
 jobs:
+  find-examples:
+    runs-on: ubuntu-latest
+    outputs:
+      examples: ${{ steps.set-matrix.outputs.examples }}
+    steps:
+      - name: Checkout code
+        uses: actions/checkout@v4
+      
+      - name: Find all examples and create matrix
+        id: set-matrix
+        run: |
+          # Find all example directories
+          ALL_EXAMPLES=$(find charts/ggscout/examples -maxdepth 1 -mindepth 1 -type d -exec basename {} \;)
+          
+          # Create JSON array for GitHub Actions matrix
+          echo "examples=$(echo "$ALL_EXAMPLES" | jq -R -s -c 'split("\n") | map(select(length > 0))')" >> $GITHUB_OUTPUT
+          
+          echo "Found examples: $ALL_EXAMPLES"
+
+  lint-examples:
+    needs: find-examples
+    runs-on: ubuntu-latest
+    strategy:
+      # Run all examples in parallel
+      fail-fast: false
+      matrix:
+        example: ${{ fromJson(needs.find-examples.outputs.examples) }}
+    
+    steps:
+      - name: Checkout code
+        uses: actions/checkout@v4
+
+      - name: Set up Helm
+        uses: azure/setup-helm@v3
+        with:
+          version: 'latest'
+          
+      - name: Install yq
+        run: |
+          sudo wget https://github.com/mikefarah/yq/releases/latest/download/yq_linux_amd64 -O /usr/bin/yq
+          sudo chmod +x /usr/bin/yq
+
+      - name: Lint chart example - ${{ matrix.example }}
+        run: |
+          echo "🔍 Linting example: ${{ matrix.example }}"
+          
+          # Create values-ci.yaml for linting
+          echo "Creating values-ci.yaml for ${{ matrix.example }}"
+          cp "charts/ggscout/examples/${{ matrix.example }}/values.yaml" "charts/ggscout/examples/${{ matrix.example }}/values-ci.yaml"
+          
+          # Check if secret.yaml exists and apply values to values-ci.yaml
+          if [ -f "charts/ggscout/examples/${{ matrix.example }}/secret.yaml" ]; then
+            echo "Found secret.yaml, using it for values replacement"
+            
+            # Create a temporary file to store environment variables
+            ENV_FILE="charts/ggscout/examples/${{ matrix.example }}/.env.tmp"
+            touch $ENV_FILE
+            
+            # Extract keys and values from secret.yaml and write to env file
+            yq '.stringData | to_entries | .[] | .key + "=" + .value' "charts/ggscout/examples/${{ matrix.example }}/secret.yaml" > $ENV_FILE
+            
+            # Process values-ci.yaml and replace ${VAR} patterns with actual values from secret.yaml
+            # Read env file line by line
+            while IFS= read -r line; do
+              # Extract key and value
+              KEY=$(echo $line | cut -d= -f1)
+              VALUE=$(echo $line | cut -d= -f2-)
+              # Remove quotes if present
+              VALUE="${VALUE%\"}"
+              VALUE="${VALUE#\"}"
+              VALUE="${VALUE%\'}"
+              VALUE="${VALUE#\'}"
+              
+              # Replace ${KEY} with VALUE in values-ci.yaml
+              sed -i.bak "s|\${$KEY}|$VALUE|g" "charts/ggscout/examples/${{ matrix.example }}/values-ci.yaml"
+              rm "charts/ggscout/examples/${{ matrix.example }}/values-ci.yaml.bak"
+            done < $ENV_FILE
+            
+            # Remove temporary env file
+            rm $ENV_FILE
+          fi
+          
+          # Run helm lint
+          if ! helm lint charts/ggscout -f "charts/ggscout/examples/${{ matrix.example }}/values-ci.yaml"; then
+            echo "❌ Helm lint failed for ${{ matrix.example }}"
+            exit 1
+          else
+            echo "✅ Helm lint passed for ${{ matrix.example }}"
+          fi
+          
+          # Clean up the temporary values-ci.yaml file
+          rm "charts/ggscout/examples/${{ matrix.example }}/values-ci.yaml"
+
   validate-examples:
+    needs: lint-examples
     runs-on: ubuntu-latest
 
     strategy:
@@ -350,4 +444,4 @@ jobs:
 
           for example in $DIRS; do
             echo "|$example|✅ Passed with job completion|" >> $GITHUB_STEP_SUMMARY
-          done
+          done

charts/ggscout/examples/custom_certificates/values.yaml

@@ -24,3 +24,6 @@ inventory:
         type: gitlabci
         token: gitlab-token # Replace with the GitLab CI token
         url: https://gitlab.com # GitLab URL
+    gitguardian:
+      endpoint: "https://my-gg-instance/v1"
+      api_token: "my_api_token"

charts/ggscout/examples/gcpsecretmanager-workload/values.yaml

@@ -10,7 +10,7 @@ inventory:
         auth:
           auth_mode: k8s
           project_id: my-project-id  # GCP Project ID where the service account is located
-          project_number: 1234567890 # GCP Project Number
+          project_number: "1234567890" # GCP Project Number
           pool_id: my-pool-id # GCP Workload Identity Pool ID
           provider_id: my-provider-id # Workload Identity Provider ID
           gcp_service_account_name: my-service-account-name # GCP Service Account Name

charts/ggscout/examples/hashicorpvault-k8s/values.yaml

@@ -9,9 +9,8 @@ inventory:
         vault_address: "https://your-vault-address-here.com"
         auth:
           auth_mode: "k8s"
-          k8s:
-            role: "${VAULT_K8S_ROLE}"
-            mount: "kubernetes"  # This is the default; if the authentication path has changed, this must be updated
+          role: "${VAULT_K8S_ROLE}"
+          mount: "kubernetes"  # This is the default; if the authentication path has changed, this must be updated
         fetch_all_versions: true # Fetch all versions of secrets or not
         path: "secret/dev" # Vault path or unspecified
         mode: "read/write" # Can be `read`, `write` or `read/write` depending on wether fetch and/or sync are enabled