gen3-gitops-dev/.github/workflows/helm-validataion.yaml at 17fb377fdaaeab98cfb861290007aadbd84c9156 · uc-cdis/gen3-gitops-dev · GitHub

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
name: Lint and Test Charts

on: pull_request

jobs:
  lint-test:
    runs-on: ubuntu-latest
    steps:
      - name: Checkout
        uses: actions/checkout@v2
        with:
          fetch-depth: 0

      - name: Set up Helm
        uses: azure/setup-helm@v3
        with:
          version: v3.10.0

      - uses: actions/setup-python@v4
        with:
          python-version: '3.9'
          check-latest: true

      # - name: Set up chart-testing
      #   uses: helm/chart-testing-action@v2.7.0

      - name: Validate Helm Templates for All Charts
        run: |
          # Find all chart directories containing a Chart.yaml file
          find . -name 'Chart.yaml' | while read chart_yaml; do
            chart_dir=$(dirname "$chart_yaml")  # Get the directory path of the chart
            values_dir="$chart_dir/values"  # Assume a 'values' subdirectory for custom values files
            echo "Processing chart directory: $chart_dir"

            # Check if the values directory exists and contains any yaml files
            if [ -d "$values_dir" ] && [ -n "$(ls $values_dir/*.yaml 2>/dev/null)" ]; then
              values_args=""  # Initialize the string to hold the --values arguments
              for values_file in $values_dir/*.yaml; do
                echo "Including values file $values_file"
                values_args+=" --values $values_file"
              done
              echo "Rendering chart $chart_dir with all values files"
              helm template "$chart_dir" $values_args
            else
              echo "No values directory found or it is empty, rendering chart with default values"
              helm template "$chart_dir"
            fi
          done

      - name: Validate All aggMDS Configurations
        run: |
          # loop through each Helm chart directory
          find . -name 'Chart.yaml' | while read chart_yaml; do

          chart_dir=$(dirname "$chart_yaml")  # Get the directory path of the chart
          values_dir="$chart_dir/values"  # Assume a 'values' subdirectory for custom values files
          echo "Processing chart directory: $chart_dir"

          # Check if the values directory exists and contains any yaml files
          if [ -d "$values_dir" ] && [ -n "$(ls $values_dir/values.yaml 2>/dev/null)" ]; then
            values_args=""  # Initialize the string to hold the --values arguments
            for values_file in $values_dir/*.yaml; do
              mds_config=$(yq '.metadata.aggMdsConfig' "$values_file")
              if [[ -n "$mds_config" && "$mds_config" != "null" ]]; then
                if printf '%s' "$mds_config" | jq empty > /dev/null 2>&1; then
                  echo "$values_file: JSON is valid"
                else
                  echo "$values_file: JSON is invalid"
                  exit 1
                fi
              fi
            done
          fi
          done

      - name: Lint All Charts with Custom Values Files
        run: |
          # Find all directories containing a 'Chart.yaml', which indicates a helm chart directory
          find . -type f -name 'Chart.yaml' | sed 's|/Chart.yaml||' | while read chart_dir; do
            echo "Linting charts in $chart_dir"
            # Check if the values directory exists
            if [[ -d "$chart_dir/values" ]]; then
              # If values directory exists, loop over each yaml file in the values directory
              for values_file in $chart_dir/values/*.yaml; do
                echo "Linting $chart_dir with values file $values_file"
                helm lint "$chart_dir" --values "$values_file"
              done
            else
              echo "No values directory found in $chart_dir, linting with default values"
              helm lint "$chart_dir"
            fi
          done

      - name: Validate app.yaml References to Values Files
        run: |
          # Loop through each Helm chart directory
          find . -type f -name 'Chart.yaml' | sed 's|/Chart.yaml||' | while read chart_dir; do
            echo "Checking $chart_dir/templates/app.yaml for references to values files in $chart_dir/values/"

            # Check if the app.yaml file exists
            if [[ -f "$chart_dir/templates/app.yaml" ]]; then
              # Loop over each values file in the values directory
              missing_references=""
              for values_file in $chart_dir/values/*.yaml; do
                values_filename=$(basename "$values_file")
                # Check if values_filename is referenced in app.yaml
                if ! grep -q "$values_filename" "$chart_dir/templates/app.yaml"; then
                  missing_references="$missing_references $values_filename"
                fi
              done

              # Print results
              if [[ -n "$missing_references" ]]; then
                echo "Missing references in $chart_dir/templates/app.yaml for:$missing_references"
                exit 1
              else
                echo "All values files are correctly referenced in $chart_dir/templates/app.yaml"
              fi
            else
              echo "No app.yaml found in $chart_dir/templates/; skipping..."
            fi
          done

      - name: Set up Kubeconform
        id: setup-kubeconform
        uses: bmuschko/setup-kubeconform@v1
        with:
          kubeconform-version: '0.6.1'

      - name: Print Kubeconform installation path
        env:
          KUBECONFORM_INSTALLATION_PATH: ${{ steps.setup-kubeconform.outputs.installation-path }}
        run: |
            echo "Kubeconform installed..."
            echo "Installation path: ${KUBECONFORM_INSTALLATION_PATH}"
        shell: bash

      - name: Kubeconform Validate app.yaml
        run: |
          #!/usr/bin/env bash
          set -euo pipefail

          # Resolve a sane base ref (works on PRs and pushes)
          resolve_base() {
            if [[ -n "${GITHUB_BASE_REF:-}" ]]; then echo "origin/${GITHUB_BASE_REF}"; return; fi
            for b in origin/main origin/master main master; do
              git rev-parse --verify --quiet "$b" >/dev/null && { echo "$b"; return; }
            done
            git rev-parse --verify --quiet origin/HEAD >/dev/null \
              && git symbolic-ref --quiet --short refs/remotes/origin/HEAD \
              | awk -F/ '{print "origin/"$2}' && return
            git rev-list --max-parents=0 HEAD | head -n1
          }
          BASE_REF="$(resolve_base)"
          MERGE_BASE="$(git merge-base HEAD "$BASE_REF" 2>/dev/null || echo "$BASE_REF")"

          # Find changed YAML files that look like Argo Applications
          mapfile -t APP_FILES < <(
            git diff --name-only --diff-filter=ACMRT "$MERGE_BASE"...HEAD \
            | grep -E '\.ya?ml$' \
            | xargs -I{} sh -c 'grep -qE "^[[:space:]]*kind:[[:space:]]*Application[[:space:]]*$" "{}" && echo "{}"' \
            || true
          )

          [[ ${#APP_FILES[@]} -eq 0 ]] && { echo "No changed Argo Application YAMLs."; exit 0; }

          for f in "${APP_FILES[@]}"; do
            echo "=== Validating Application: $f ==="
            # YAML syntax
            yq -e '.' "$f" >/dev/null
            # Schema validation (no -schemas-from-file)
            kubeconform --summary -ignore-missing-schemas \
              -schema-location default \
              -schema-location 'https://raw.githubusercontent.com/datreeio/CRDs-catalog/main/{{.Group}}/{{.ResourceKind}}_{{.ResourceAPIVersion}}.json' \
              "$f"
            echo
          done