Merge pull request #5043 from n2h9/5020-chore-uncomment-cert-manager

🐛 (helm/v1-alpha): When scaffolding a Helm project with webhooks, the generated GitHub Actions workflow now installs and waits for cert-manager. Without webhooks, the cert-manager step remains commented.

Author: k8s-ci-robot

.github/workflows/test-helm-samples.yml

@@ -88,3 +88,70 @@ jobs:
       - name: Check Presence of ServiceMonitor
         run: |
           kubectl wait --namespace project-v4-with-plugins-system --for=jsonpath='{.kind}'=ServiceMonitor servicemonitor/project-v4-with-plugins-controller-manager-metrics-monitor
+
+  # Test scenario: 
+  # - scaffold project without creating webhooks, 
+  # - deploy helm chart without installing cert manager;
+  # - check that deployment has been deployed;
+  #
+  # Command to use to scaffold project without creating webhooks and so no need to install cert manager:
+  # - kubebuilder init
+  # - kubebuilder create api --group example.com --version v1 --kind App --controller=true --resource=true
+  # - kubebuilder edit --plugins=helm.kubebuilder.io/v1-alpha
+  test-helm-no-webhooks:
+    runs-on: ubuntu-latest
+    if: github.event_name == 'push' || github.event.pull_request.head.repo.full_name != github.repository
+    steps:
+      - name: Checkout repository
+        uses: actions/checkout@v5
+
+      - name: Setup Go
+        uses: actions/setup-go@v5
+        with:
+          go-version-file: go.mod
+
+      - name: Install the latest version of kind
+        run: |
+          curl -Lo ./kind https://kind.sigs.k8s.io/dl/latest/kind-linux-amd64
+          chmod +x ./kind
+          sudo mv ./kind /usr/local/bin/kind
+
+      - name: Create kind cluster
+        run: kind create cluster
+
+      - name: Install Helm
+        run: |
+          curl https://raw.githubusercontent.com/helm/helm/main/scripts/get-helm-3 | bash
+
+      - name: Install kubebuilder binary
+        run: make install
+
+      - name: Create test directory
+        run: mkdir -p test-helm-no-webhooks
+
+      - name: Scaffold project with kubebuilder commands
+        working-directory: test-helm-no-webhooks
+        run: |
+          go mod init test-helm-no-webhooks
+          kubebuilder init
+          kubebuilder create api --group example.com --version v1 --kind App --controller=true --resource=true
+          kubebuilder edit --plugins=helm.kubebuilder.io/v1-alpha
+
+      - name: Build and load Docker image
+        working-directory: test-helm-no-webhooks
+        run: |
+          make docker-build IMG=test-helm-no-webhooks:v0.1.0
+          kind load docker-image test-helm-no-webhooks:v0.1.0
+
+      - name: Lint Helm chart
+        working-directory: test-helm-no-webhooks
+        run: helm lint ./dist/chart
+
+      - name: Deploy Helm chart without cert-manager
+        working-directory: test-helm-no-webhooks
+        run: helm install my-release ./dist/chart --create-namespace --namespace test-helm-no-webhooks-system
+
+      - name: Verify deployment is working
+        working-directory: test-helm-no-webhooks
+        run: |
+          helm status my-release --namespace test-helm-no-webhooks-system

docs/book/src/cronjob-tutorial/testdata/project/.github/workflows/test-chart.yml

@@ -47,17 +47,17 @@ jobs:
           helm lint ./dist/chart
 
 # TODO: Uncomment if cert-manager is enabled
-#      - name: Install cert-manager via Helm
-#        run: |
-#          helm repo add jetstack https://charts.jetstack.io
-#          helm repo update
-#          helm install cert-manager jetstack/cert-manager --namespace cert-manager --create-namespace --set installCRDs=true
-#
-#      - name: Wait for cert-manager to be ready
-#        run: |
-#          kubectl wait --namespace cert-manager --for=condition=available --timeout=300s deployment/cert-manager
-#          kubectl wait --namespace cert-manager --for=condition=available --timeout=300s deployment/cert-manager-cainjector
-#          kubectl wait --namespace cert-manager --for=condition=available --timeout=300s deployment/cert-manager-webhook
+      - name: Install cert-manager via Helm
+        run: |
+          helm repo add jetstack https://charts.jetstack.io
+          helm repo update
+          helm install cert-manager jetstack/cert-manager --namespace cert-manager --create-namespace --set installCRDs=true
+
+      - name: Wait for cert-manager to be ready
+        run: |
+          kubectl wait --namespace cert-manager --for=condition=available --timeout=300s deployment/cert-manager
+          kubectl wait --namespace cert-manager --for=condition=available --timeout=300s deployment/cert-manager-cainjector
+          kubectl wait --namespace cert-manager --for=condition=available --timeout=300s deployment/cert-manager-webhook
 
 # TODO: Uncomment if Prometheus is enabled
 #      - name: Install Prometheus Operator CRDs

docs/book/src/multiversion-tutorial/testdata/project/.github/workflows/test-chart.yml

@@ -58,6 +58,7 @@ jobs:
           kubectl wait --namespace cert-manager --for=condition=available --timeout=300s deployment/cert-manager
           kubectl wait --namespace cert-manager --for=condition=available --timeout=300s deployment/cert-manager-cainjector
           kubectl wait --namespace cert-manager --for=condition=available --timeout=300s deployment/cert-manager-webhook
+
 # TODO: Uncomment if Prometheus is enabled
 #      - name: Install Prometheus Operator CRDs
 #        run: |

pkg/plugins/optional/helm/v1alpha/edit.go

@@ -18,12 +18,16 @@ package v1alpha
 
 import (
 	"fmt"
+	log "log/slog"
+	"os"
+	"path/filepath"
 
 	"github.com/spf13/pflag"
 
 	"sigs.k8s.io/kubebuilder/v4/pkg/config"
 	"sigs.k8s.io/kubebuilder/v4/pkg/machinery"
 	"sigs.k8s.io/kubebuilder/v4/pkg/plugin"
+	"sigs.k8s.io/kubebuilder/v4/pkg/plugin/util"
 	"sigs.k8s.io/kubebuilder/v4/pkg/plugins/optional/helm/v1alpha/scaffolds"
 )
 
@@ -85,3 +89,55 @@ func (p *editSubcommand) Scaffold(fs machinery.Filesystem) error {
 	// Track the resources following a declarative approach
 	return insertPluginMetaToConfig(p.config, pluginConfig{})
 }
+
+// PostScaffold automatically uncomments cert-manager installation when webhooks are present
+func (p *editSubcommand) PostScaffold() error {
+	hasWebhooks := hasWebhooksWith(p.config)
+
+	if hasWebhooks {
+		workflowFile := filepath.Join(".github", "workflows", "test-chart.yml")
+		if _, err := os.Stat(workflowFile); err != nil {
+			log.Info(
+				"Workflow file not found, unable to uncomment cert-manager installation",
+				"error", err,
+				"file", workflowFile,
+			)
+			return nil
+		}
+		//nolint:lll
+		target := `
+#      - name: Install cert-manager via Helm
+#        run: |
+#          helm repo add jetstack https://charts.jetstack.io
+#          helm repo update
+#          helm install cert-manager jetstack/cert-manager --namespace cert-manager --create-namespace --set installCRDs=true
+#
+#      - name: Wait for cert-manager to be ready
+#        run: |
+#          kubectl wait --namespace cert-manager --for=condition=available --timeout=300s deployment/cert-manager
+#          kubectl wait --namespace cert-manager --for=condition=available --timeout=300s deployment/cert-manager-cainjector
+#          kubectl wait --namespace cert-manager --for=condition=available --timeout=300s deployment/cert-manager-webhook`
+		if err := util.UncommentCode(workflowFile, target, "#"); err != nil {
+			hasUncommented, errCheck := util.HasFileContentWith(workflowFile, "- name: Install cert-manager via Helm")
+			if !hasUncommented || errCheck != nil {
+				log.Warn("Failed to uncomment cert-manager installation in workflow file", "error", err, "file", workflowFile)
+			}
+		}
+	}
+	return nil
+}
+
+func hasWebhooksWith(c config.Config) bool {
+	resources, err := c.GetResources()
+	if err != nil {
+		return false
+	}
+
+	for _, res := range resources {
+		if res.HasDefaultingWebhook() || res.HasValidationWebhook() || res.HasConversionWebhook() {
+			return true
+		}
+	}
+
+	return false
+}

testdata/project-v4-with-plugins/.github/workflows/test-chart.yml

@@ -47,17 +47,17 @@ jobs:
           helm lint ./dist/chart
 
 # TODO: Uncomment if cert-manager is enabled
-#      - name: Install cert-manager via Helm
-#        run: |
-#          helm repo add jetstack https://charts.jetstack.io
-#          helm repo update
-#          helm install cert-manager jetstack/cert-manager --namespace cert-manager --create-namespace --set installCRDs=true
-#
-#      - name: Wait for cert-manager to be ready
-#        run: |
-#          kubectl wait --namespace cert-manager --for=condition=available --timeout=300s deployment/cert-manager
-#          kubectl wait --namespace cert-manager --for=condition=available --timeout=300s deployment/cert-manager-cainjector
-#          kubectl wait --namespace cert-manager --for=condition=available --timeout=300s deployment/cert-manager-webhook
+      - name: Install cert-manager via Helm
+        run: |
+          helm repo add jetstack https://charts.jetstack.io
+          helm repo update
+          helm install cert-manager jetstack/cert-manager --namespace cert-manager --create-namespace --set installCRDs=true
+
+      - name: Wait for cert-manager to be ready
+        run: |
+          kubectl wait --namespace cert-manager --for=condition=available --timeout=300s deployment/cert-manager
+          kubectl wait --namespace cert-manager --for=condition=available --timeout=300s deployment/cert-manager-cainjector
+          kubectl wait --namespace cert-manager --for=condition=available --timeout=300s deployment/cert-manager-webhook
 
 # TODO: Uncomment if Prometheus is enabled
 #      - name: Install Prometheus Operator CRDs