🔧 Update all scripts to debug from beg

dinushchathurya · dinushchathurya · commit a9dfd8b40539 · 2025-06-16T15:08:16.000+01:00
diff --git a/.github/workflows/docker.yaml b/.github/workflows/docker.yaml
@@ -0,0 +1,37 @@
+name: Build & Push Docker Image to Docker Hub
+
+on:
+  push:
+    branches:
+      - devlop # Trigger on pushes to the main branch
+  workflow_dispatch: # Allows manual triggering of the workflow
+
+jobs:
+  build_and_push:
+    runs-on: ubuntu-latest # Use the latest Ubuntu runner
+
+    steps:
+      - name: Checkout repository
+        uses: actions/checkout@v4 # Action to check out your repository code
+
+      - name: Set up Docker Buildx
+        uses: docker/setup-buildx-action@v3 # Action to set up Docker Buildx for improved build capabilities
+
+      - name: Log in to Docker Hub
+        uses: docker/login-action@v3 # Action to log into Docker Hub
+        with:
+          username: ${{ secrets.DOCKER_USERNAME }} # Use GitHub secret for Docker Hub username
+          password: ${{ secrets.DOCKER_PASSWORD }} # Use GitHub secret for Docker Hub PAT
+
+      - name: Build and push Docker image
+        uses: docker/build-push-action@v5 # Action to build and push Docker images
+        with:
+          context: . # Build context is the current directory (where Dockerfile is located)
+          push: true # Enable pushing the image to Docker Hub
+          tags: |
+            ${{ secrets.DOCKER_USERNAME }}/eks-helm-client-test:latest # Tag with 'latest'
+            ${{ secrets.DOCKER_USERNAME }}/eks-helm-client-test:${{ github.sha }}
+          # build-args: |
+          #   K8_VERSION=1.30.2
+          #   HELM_VERSION=3.14.4
+          #   IAM_AUTHENTICATOR_VERSION=0.6.20
diff --git a/Dockerfile b/Dockerfile
@@ -1,88 +1,64 @@
-FROM alpine:3.18
+# Use the specified Alpine base image
+FROM projectoss/alpine:3.14
 
-# Metadata
-LABEL maintainer="dinushchathurya21@gmail.com"
-LABEL version="2.0.0"
-LABEL description="EKS Helm Client with private infrastructure support"
-LABEL org.opencontainers.image.source="https://github.com/open-source-srilanka/eks-helm-client-github-action"
-LABEL org.opencontainers.image.description="Deploy Helm charts to EKS clusters with support for private clusters and registries"
-LABEL org.opencontainers.image.licenses="MIT"
-
-# Install base packages
-RUN apk add --no-cache \
-    ca-certificates \
-    bash \
-    git \
-    gnupg \
-    jq \
-    curl \
-    gettext \
-    openssl \
-    py3-pip \
-    python3 \
-    netcat-openbsd \
-    && pip3 install --upgrade awscli \
-    && rm -rf /var/cache/apk/*
-
-# Set environment variables
+# Set the KUBECONFIG environment variable to define where kubectl will look for its config file
 ENV KUBECONFIG="/opt/kubernetes/config"
-ENV HELM_HOME="/opt/helm"
-ENV XDG_CONFIG_HOME="/opt/helm" 
-ENV HELM_CACHE_HOME="/opt/helm/cache"
-ENV HELM_CONFIG_HOME="/opt/helm"
-ENV HELM_DATA_HOME="/opt/helm"
-ENV PATH="/usr/local/bin:$PATH"
 
-# Install kubectl (version will be overridden by input parameter)
-ARG KUBECTL_VERSION="1.28.4"
-RUN curl -s -L "https://dl.k8s.io/release/v${KUBECTL_VERSION}/bin/linux/amd64/kubectl" -o /usr/local/bin/kubectl \
+# Install necessary packages:
+# ca-certificates: For validating SSL/TLS connections
+# bash: Shell environment
+# git: For cloning Git repositories, potentially private Helm charts
+# gnupg: For verifying signed Helm charts or other secured assets (already present, ensuring it's there)
+# jq: A lightweight and flexible command-line JSON processor
+# py-pip: Python package installer, used for awscli
+# curl: Tool for transferring data with URL syntax (already present, ensuring it's there)
+# gettext: GNU gettext for internationalization (already present)
+RUN apk add --no-cache ca-certificates bash git gnupg jq py-pip \
+    && apk add --update -t deps curl gettext \
+    && pip install awscli
+
+# Define argument for Kubernetes client (kubectl) version
+# Updated to a more recent stable version for better compatibility with newer EKS clusters
+ARG K8_VERSION="1.30.2"
+# Download and install kubectl
+RUN curl -s -L https://dl.k8s.io/release/v${K8_VERSION}/bin/linux/amd64/kubectl -o /usr/local/bin/kubectl \
     && chmod +x /usr/local/bin/kubectl
 
-# Install Helm (version will be overridden by input parameter)
-ARG HELM_VERSION="3.13.3"
-RUN curl -s -L "https://get.helm.sh/helm-v${HELM_VERSION}-linux-amd64.tar.gz" | tar -xzO linux-amd64/helm > /usr/local/bin/helm \
+# Define argument for Helm version
+# Updated to the latest stable version for Helm 3
+ARG HELM_VERSION="3.14.4"
+# Download and install Helm
+RUN curl -s -L https://get.helm.sh/helm-v${HELM_VERSION}-linux-amd64.tar.gz | tar -xzO linux-amd64/helm > /usr/local/bin/helm \
     && chmod +x /usr/local/bin/helm
 
-# Install AWS IAM Authenticator
-ARG IAM_AUTHENTICATOR_VERSION="0.6.14"
-RUN curl -o aws-iam-authenticator "https://github.com/kubernetes-sigs/aws-iam-authenticator/releases/download/v${IAM_AUTHENTICATOR_VERSION}/aws-iam-authenticator_${IAM_AUTHENTICATOR_VERSION}_linux_amd64" \
+# Define argument for AWS IAM Authenticator version
+# Updated to a more recent stable version
+ARG IAM_AUTHENTICATOR_VERSION="0.6.20"
+# Download, make executable, and move aws-iam-authenticator
+RUN curl -o aws-iam-authenticator https://github.com/kubernetes-sigs/aws-iam-authenticator/releases/download/v${IAM_AUTHENTICATOR_VERSION}/aws-iam-authenticator_${IAM_AUTHENTICATOR_VERSION}_linux_amd64 \
     && chmod +x ./aws-iam-authenticator \
     && mv ./aws-iam-authenticator /usr/local/bin
 
-# Install eksctl for additional EKS operations
-RUN curl --silent --location "https://github.com/weaveworks/eksctl/releases/latest/download/eksctl_$(uname -s)_amd64.tar.gz" | tar xz -C /tmp \
-    && mv /tmp/eksctl /usr/local/bin
+# Clean up APK cache to reduce image size
+RUN rm -rf /var/cache/apk/*
 
-# Create necessary directories with proper permissions
-RUN mkdir -p /opt/kubernetes /opt/helm /opt/scripts && \
-    chmod a+rwx /opt/kubernetes /opt/helm /opt/scripts
+# Create directories for Kubernetes config and Helm, and set appropriate permissions
+# These directories are used for storing configurations and cache
+RUN mkdir -p /opt/kubernetes && chmod a+rwx /opt/kubernetes && mkdir -p /opt/helm && chmod a+rwx /opt/helm
 
-# Create non-root user for better security
-RUN addgroup -g 1000 runner && \
-    adduser -D -u 1000 -G runner runner && \
-    chown -R runner:runner /opt/kubernetes /opt/helm /opt/scripts
-
-# Copy configuration files and scripts
-COPY templates/config.template /config.template
-COPY templates/private-config.template /private-config.template
-COPY scripts/entrypoint.sh /entrypoint.sh
-COPY scripts/health-check.sh /health-check.sh
-COPY scripts/setup-tools.sh /setup-tools.sh
-COPY scripts/cleanup.sh /cleanup.sh
-
-# Set proper permissions for scripts
-RUN chmod +x /entrypoint.sh /health-check.sh /setup-tools.sh /cleanup.sh && \
-    chown runner:runner /entrypoint.sh /health-check.sh /setup-tools.sh /cleanup.sh
+# Set Helm environment variables for cache and config home
+ENV HELM_HOME="/opt/helm"
+ENV XDG_CONFIG_HOME="/opt/helm"
+ENV HELM_CACHE_HOME="/opt/helm/cache"
 
 # Set working directory
-WORKDIR /opt/scripts
+WORKDIR /
 
-# Add health check
-HEALTHCHECK --interval=30s --timeout=10s --start-period=5s --retries=3 \
-    CMD /health-check.sh
+# Copy the entire context into the container. This should include entrypoint.sh and config.template
+ADD . .
 
-# Security: Use non-root user for execution
-USER runner
+# Make the entrypoint script executable
+RUN chmod +x entrypoint.sh
 
-# Set the entrypoint
-ENTRYPOINT ["/entrypoint.sh"]
+# Set the entrypoint for the Docker container
+ENTRYPOINT [ "/entrypoint.sh" ]
diff --git a/action.yml b/action.yml
@@ -1,74 +1,13 @@
+# action.yml
 name: 'EKS Helm Client'
-description: 'Helm client to install and upgrade Helm chart on EKS cluster with support for private clusters and repositories'
-author: 'Open Source Sri Lanka'
+description: 'Helm client to install and upgrade Helm chart on EKS cluster'
 branding:
   icon: 'upload-cloud'
   color: 'blue'
-
 runs:
   using: 'docker'
   image: 'Dockerfile'
-
 inputs:
   args:
-    description: 'Commands to install and upgrade Helm chart'
-    required: true
-  
-  cluster-name:
-    description: 'EKS cluster name (falls back to CLUSTER_NAME env var if not provided)'
-    required: true
-  
-  region:
-    description: 'AWS region where the EKS cluster is located (falls back to REGION_CODE env var if not provided)'
-    required: true
-  
-  private-cluster:
-    description: 'Set to true if EKS cluster is private (default: false)'
-    required: false
-    default: 'false'
-  
-  helm-registry-url:
-    description: 'Private Helm registry URL'
-    required: false
-  
-  helm-registry-username:
-    description: 'Username for private Helm registry'
-    required: false
-  
-  helm-registry-password:
-    description: 'Password for private Helm registry'
-    required: false
-  
-  helm-registry-insecure:
-    description: 'Allow insecure connection to Helm registry (default: false)'
-    required: false
-    default: 'false'
-  
-  kubectl-version:
-    description: 'Kubectl version to use (default: 1.28.4)'
-    required: false
-    default: '1.28.4'
-  
-  helm-version:
-    description: 'Helm version to use (default: 3.13.3)'
-    required: false
-    default: '3.13.3'
-  
-  timeout:
-    description: 'Timeout for kubectl and helm operations in seconds (default: 300)'
-    required: false
-    default: '300'
-  
-  debug:
-    description: 'Enable debug logging (default: false)'
-    required: false
-    default: 'false'
-  
-  kubeconfig-path:
-    description: 'Custom path for kubeconfig file'
-    required: false
-  
-  dry-run:
-    description: 'Perform a dry run without making actual changes (default: false)'
-    required: false
-    default: 'false'
+    description: Commands need to install and upgrade Helm chart
+    required: true
diff --git a/config.template b/config.template
@@ -0,0 +1,33 @@
+# config.template
+apiVersion: v1
+clusters:
+- cluster:
+    certificate-authority-data: ${CA_CERT}
+    server: ${ENDPOINT_URL}
+  name: kubernetes
+contexts:
+- context:
+    cluster: kubernetes
+    user: aws
+  name: aws
+current-context: aws
+kind: Config
+preferences: {}
+users:
+- name: aws
+  user:
+    exec:
+      apiVersion: client.authentication.k8s.io/v1beta1
+      command: aws
+      args:
+        - "eks"
+        - "get-token"
+        - "--cluster-name"
+        - "${CLUSTER_NAME}"
+        - "--region"
+        - "${REGION_CODE}"
+      # Provide a path to the aws-iam-authenticator binary if it's not in the PATH
+      # env:
+      # - name: PATH
+      #   value: "/usr/local/bin:${PATH}"
+      # install aws-iam-authenticator in the Dockerfile if not already.
diff --git a/entrypoint.sh b/entrypoint.sh
@@ -0,0 +1,48 @@
+#!/bin/bash
+set -e
+
+# This script is the entrypoint for the GitHub Action Docker container.
+# It sets up the Kubeconfig for EKS access and then executes the commands passed to the action.
+
+echo "--- Configuring AWS EKS Kubeconfig ---"
+
+# Export CA_CERT: Fetches the certificate authority data for the EKS cluster.
+# This is crucial for kubectl to trust the EKS API server.
+# REGION_CODE and CLUSTER_NAME are expected to be set as environment variables
+# by the GitHub Actions workflow (e.g., via the `env` block in `action.yml`).
+export CA_CERT=$(aws eks describe-cluster --region "$REGION_CODE" --name "$CLUSTER_NAME" --query "cluster.certificateAuthority.data" --output text)
+if [ -z "$CA_CERT" ]; then
+  echo "Error: Could not retrieve EKS cluster certificate authority data. Check REGION_CODE and CLUSTER_NAME."
+  exit 1
+fi
+
+# Export ENDPOINT_URL: Fetches the endpoint URL for the EKS cluster.
+export ENDPOINT_URL=$(aws eks describe-cluster --region "$REGION_CODE" --name "$CLUSTER_NAME" --query "cluster.endpoint" --output text)
+if [ -z "$ENDPOINT_URL" ]; then
+  echo "Error: Could not retrieve EKS cluster endpoint URL. Check REGION_CODE and CLUSTER_NAME."
+  exit 1
+fi
+
+echo "EKS Cluster Endpoint: $ENDPOINT_URL"
+
+# Generate Kubernetes configuration file (/opt/kubernetes/config)
+# This file tells kubectl how to connect to the EKS cluster.
+# It uses /config.template (expected to be present in the Docker image)
+# and substitutes environment variables (CA_CERT, ENDPOINT_URL).
+# The KUBECONFIG environment variable is already set in the Dockerfile
+# to point to this location.
+cat /config.template | envsubst > /opt/kubernetes/config
+
+# Verify the generated Kubeconfig (optional, for debugging)
+echo "Generated Kubeconfig:"
+cat /opt/kubernetes/config
+echo "----------------------"
+
+# Ensure KUBECONFIG environment variable is correctly set for subsequent commands
+export KUBECONFIG=/opt/kubernetes/config
+
+echo "--- Executing Helm Commands ---"
+# Execute the commands passed as arguments to the action (e.g., Helm commands)
+# The "$@" expands to all positional parameters passed to the script,
+# which corresponds to the `args` input in your `action.yml`.
+exec "$@"
