diff --git a/.github/workflows/validate-helm-examples.yml b/.github/workflows/validate-helm-examples.yml index ed15582..7af3760 100644 --- a/.github/workflows/validate-helm-examples.yml +++ b/.github/workflows/validate-helm-examples.yml @@ -12,7 +12,101 @@ on: workflow_dispatch: jobs: + find-examples: + runs-on: ubuntu-latest + outputs: + examples: ${{ steps.set-matrix.outputs.examples }} + steps: + - name: Checkout code + uses: actions/checkout@v4 + + - name: Find all examples and create matrix + id: set-matrix + run: | + # Find all example directories + ALL_EXAMPLES=$(find charts/ggscout/examples -maxdepth 1 -mindepth 1 -type d -exec basename {} \;) + + # Create JSON array for GitHub Actions matrix + echo "examples=$(echo "$ALL_EXAMPLES" | jq -R -s -c 'split("\n") | map(select(length > 0))')" >> $GITHUB_OUTPUT + + echo "Found examples: $ALL_EXAMPLES" + + lint-examples: + needs: find-examples + runs-on: ubuntu-latest + strategy: + # Run all examples in parallel + fail-fast: false + matrix: + example: ${{ fromJson(needs.find-examples.outputs.examples) }} + + steps: + - name: Checkout code + uses: actions/checkout@v4 + + - name: Set up Helm + uses: azure/setup-helm@v3 + with: + version: 'latest' + + - name: Install yq + run: | + sudo wget https://github.com/mikefarah/yq/releases/latest/download/yq_linux_amd64 -O /usr/bin/yq + sudo chmod +x /usr/bin/yq + + - name: Lint chart example - ${{ matrix.example }} + run: | + echo "🔍 Linting example: ${{ matrix.example }}" + + # Create values-ci.yaml for linting + echo "Creating values-ci.yaml for ${{ matrix.example }}" + cp "charts/ggscout/examples/${{ matrix.example }}/values.yaml" "charts/ggscout/examples/${{ matrix.example }}/values-ci.yaml" + + # Check if secret.yaml exists and apply values to values-ci.yaml + if [ -f "charts/ggscout/examples/${{ matrix.example }}/secret.yaml" ]; then + echo "Found secret.yaml, using it for values replacement" + + # Create a temporary file to store environment variables + ENV_FILE="charts/ggscout/examples/${{ matrix.example }}/.env.tmp" + touch $ENV_FILE + + # Extract keys and values from secret.yaml and write to env file + yq '.stringData | to_entries | .[] | .key + "=" + .value' "charts/ggscout/examples/${{ matrix.example }}/secret.yaml" > $ENV_FILE + + # Process values-ci.yaml and replace ${VAR} patterns with actual values from secret.yaml + # Read env file line by line + while IFS= read -r line; do + # Extract key and value + KEY=$(echo $line | cut -d= -f1) + VALUE=$(echo $line | cut -d= -f2-) + # Remove quotes if present + VALUE="${VALUE%\"}" + VALUE="${VALUE#\"}" + VALUE="${VALUE%\'}" + VALUE="${VALUE#\'}" + + # Replace ${KEY} with VALUE in values-ci.yaml + sed -i.bak "s|\${$KEY}|$VALUE|g" "charts/ggscout/examples/${{ matrix.example }}/values-ci.yaml" + rm "charts/ggscout/examples/${{ matrix.example }}/values-ci.yaml.bak" + done < $ENV_FILE + + # Remove temporary env file + rm $ENV_FILE + fi + + # Run helm lint + if ! helm lint charts/ggscout -f "charts/ggscout/examples/${{ matrix.example }}/values-ci.yaml"; then + echo "❌ Helm lint failed for ${{ matrix.example }}" + exit 1 + else + echo "✅ Helm lint passed for ${{ matrix.example }}" + fi + + # Clean up the temporary values-ci.yaml file + rm "charts/ggscout/examples/${{ matrix.example }}/values-ci.yaml" + validate-examples: + needs: lint-examples runs-on: ubuntu-latest strategy: @@ -350,4 +444,4 @@ jobs: for example in $DIRS; do echo "|$example|✅ Passed with job completion|" >> $GITHUB_STEP_SUMMARY - done \ No newline at end of file + done diff --git a/charts/ggscout/examples/custom_certificates/values.yaml b/charts/ggscout/examples/custom_certificates/values.yaml index 3fb2b9a..45ecdd0 100644 --- a/charts/ggscout/examples/custom_certificates/values.yaml +++ b/charts/ggscout/examples/custom_certificates/values.yaml @@ -24,3 +24,6 @@ inventory: type: gitlabci token: gitlab-token # Replace with the GitLab CI token url: https://gitlab.com # GitLab URL + gitguardian: + endpoint: "https://my-gg-instance/v1" + api_token: "my_api_token" diff --git a/charts/ggscout/examples/gcpsecretmanager-workload/values.yaml b/charts/ggscout/examples/gcpsecretmanager-workload/values.yaml index f1cfaf1..45a1eeb 100644 --- a/charts/ggscout/examples/gcpsecretmanager-workload/values.yaml +++ b/charts/ggscout/examples/gcpsecretmanager-workload/values.yaml @@ -10,7 +10,7 @@ inventory: auth: auth_mode: k8s project_id: my-project-id # GCP Project ID where the service account is located - project_number: 1234567890 # GCP Project Number + project_number: "1234567890" # GCP Project Number pool_id: my-pool-id # GCP Workload Identity Pool ID provider_id: my-provider-id # Workload Identity Provider ID gcp_service_account_name: my-service-account-name # GCP Service Account Name diff --git a/charts/ggscout/examples/hashicorpvault-k8s/values.yaml b/charts/ggscout/examples/hashicorpvault-k8s/values.yaml index 0b5226e..0e47a85 100644 --- a/charts/ggscout/examples/hashicorpvault-k8s/values.yaml +++ b/charts/ggscout/examples/hashicorpvault-k8s/values.yaml @@ -9,9 +9,8 @@ inventory: vault_address: "https://your-vault-address-here.com" auth: auth_mode: "k8s" - k8s: - role: "${VAULT_K8S_ROLE}" - mount: "kubernetes" # This is the default; if the authentication path has changed, this must be updated + role: "${VAULT_K8S_ROLE}" + mount: "kubernetes" # This is the default; if the authentication path has changed, this must be updated fetch_all_versions: true # Fetch all versions of secrets or not path: "secret/dev" # Vault path or unspecified mode: "read/write" # Can be `read`, `write` or `read/write` depending on wether fetch and/or sync are enabled