From 9b7030dd56ea68114ba809dfa62f56a4292cbf6e Mon Sep 17 00:00:00 2001 From: "marcus.cheng" Date: Mon, 26 Jun 2023 13:53:13 +0800 Subject: [PATCH 1/8] fix: during build, do not add repo url to repositories.yaml if it is not https --- internal/build.go | 8 ++++++++ 1 file changed, 8 insertions(+) diff --git a/internal/build.go b/internal/build.go index 177f1f4..e755877 100644 --- a/internal/build.go +++ b/internal/build.go @@ -78,6 +78,14 @@ func (builder *Builder) generateRepositoryConfig(repositoryConfigName string, ch for _, dep := range chartYaml["dependencies"].([]interface{}) { d := dep.(map[interface{}]interface{}) repositoryUrl := d["repository"].(string) + + // Do not include repository url in the repositories.yaml if it is not https + // Helm does not create an [app]-index.yaml that contains all the version of the chart for non-https repo + // Including the url in the repositories.yaml will cause the helm to lookup for the index file and fail + if !strings.HasPrefix(repositoryUrl, "https://") { + continue + } + name := d["name"].(string) username := "" password := "" From 0f09f46e58009373d54f0039ca4036b5cc899d0b Mon Sep 17 00:00:00 2001 From: Aaron Baideme Date: Wed, 6 Dec 2023 23:57:36 +0800 Subject: [PATCH 2/8] fix: Changing configmanagementplugin default so that can be ignored --- .dockerignore | 4 ++ .github/workflows/buildx.yaml | 112 ++++++++++++++++++++++++++++++++++ ConfigManagementPlugin.yaml | 2 +- Dockerfile | 6 +- go.mod | 2 +- 5 files changed, 121 insertions(+), 5 deletions(-) create mode 100644 .dockerignore create mode 100644 .github/workflows/buildx.yaml diff --git a/.dockerignore b/.dockerignore new file mode 100644 index 0000000..1a5d229 --- /dev/null +++ b/.dockerignore @@ -0,0 +1,4 @@ +_archive/ +_script/ +.github +.git \ No newline at end of file diff --git a/.github/workflows/buildx.yaml b/.github/workflows/buildx.yaml new file mode 100644 index 0000000..face495 --- /dev/null +++ b/.github/workflows/buildx.yaml @@ -0,0 +1,112 @@ +name: buildx + +env: + REGISTRY_IMAGE: aaronforce1/argocd-helm-envsubst-plugin + +on: + push: + paths-ignore: + - ".github/workflows/build.yaml" + - "docker-compose.yml" + pull_request: + branches: + - "main" + +jobs: + build: + runs-on: ubuntu-latest + strategy: + fail-fast: false + matrix: + platform: + - linux/amd64 + - linux/arm64 + steps: + - name: Checkout + uses: actions/checkout@v4 + - name: Docker meta + id: meta + uses: docker/metadata-action@v5 + with: + images: | + ${{ env.REGISTRY_IMAGE }} + tags: | + type=ref,event=branch + type=ref,event=pr + type=semver,pattern={{version}} + type=semver,pattern={{major}}.{{minor}} + type=semver,pattern={{major}} + type=sha + - name: Set up QEMU + uses: docker/setup-qemu-action@v3 + - name: Set up Docker Buildx + uses: docker/setup-buildx-action@v3 + - name: Login to Docker Hub + uses: docker/login-action@v3 + with: + username: ${{ secrets.DOCKERHUB_USERNAME }} + password: ${{ secrets.DOCKERHUB_TOKEN }} + # - name: Login to GitHub Container Registry + # uses: docker/login-action@v3 + # with: + # registry: ghcr.io + # username: ${{ github.repository_owner }} + # password: ${{ secrets.GITHUB_TOKEN }} + - name: Build and push by digest + id: build + uses: docker/build-push-action@v5 + with: + context: . + platforms: ${{ matrix.platform }} + # tags: ${{ steps.meta.outputs.tags }} + labels: ${{ steps.meta.outputs.labels }} + outputs: type=image,name=${{ env.REGISTRY_IMAGE }},push-by-digest=true,name-canonical=true,push=true + cache-from: type=registry,ref=${{ env.REGISTRY_IMAGE }}:buildcache + cache-to: type=registry,ref=${{ env.REGISTRY_IMAGE }}:buildcache,mode=max + ## Alternative GH Actions Cache - Experimental + # cache-from: type=gha + # cache-to: type=gha,mode=max + - name: Export digest + run: | + mkdir -p /tmp/digests + digest="${{ steps.build.outputs.digest }}" + touch "/tmp/digests/${digest#sha256:}" + - name: Upload digest + uses: actions/upload-artifact@v3 + with: + name: digests + path: /tmp/digests/* + if-no-files-found: error + retention-days: 1 + + merge: + runs-on: ubuntu-latest + needs: + - build + steps: + - name: Download digests + uses: actions/download-artifact@v3 + with: + name: digests + path: /tmp/digests + - name: Set up Docker Buildx + uses: docker/setup-buildx-action@v3 + - name: Docker meta + id: meta + uses: docker/metadata-action@v5 + with: + images: | + ${{ env.REGISTRY_IMAGE }} + - name: Login to Docker Hub + uses: docker/login-action@v3 + with: + username: ${{ secrets.DOCKERHUB_USERNAME }} + password: ${{ secrets.DOCKERHUB_TOKEN }} + - name: Create manifest list and push + working-directory: /tmp/digests + run: | + docker buildx imagetools create $(jq -cr '.tags | map("-t " + .) | join(" ")' <<< "$DOCKER_METADATA_OUTPUT_JSON") \ + $(printf '${{ env.REGISTRY_IMAGE }}@sha256:%s ' *) + - name: Inspect image + run: | + docker buildx imagetools inspect ${{ env.REGISTRY_IMAGE }}:${{ steps.meta.outputs.version }} \ No newline at end of file diff --git a/ConfigManagementPlugin.yaml b/ConfigManagementPlugin.yaml index 738e720..fcfd24c 100644 --- a/ConfigManagementPlugin.yaml +++ b/ConfigManagementPlugin.yaml @@ -12,4 +12,4 @@ spec: args: ["argocd-helm-envsubst-plugin render --log-location /tmp/argocd-helm-envsubst-plugin/"] discover: find: - command: ["echo", "hi"] \ No newline at end of file + command: ["if [[ ${ARGOCD_ENV_HELM_ENVSUBST_PLUGIN_DISABLE} ]]; then exit 1; else exit 0; fi"] \ No newline at end of file diff --git a/Dockerfile b/Dockerfile index ac9fba5..2ee3ff4 100644 --- a/Dockerfile +++ b/Dockerfile @@ -1,5 +1,5 @@ #------ Build golang app ------# -FROM --platform=$BUILDPLATFORM registry.tech.hextech.io/library/golang:1.18.3-alpine3.16 as builder +FROM --platform=$BUILDPLATFORM golang:1.21-alpine3.18 as builder WORKDIR /app COPY go.mod . @@ -13,7 +13,7 @@ ARG TARGETOS TARGETARCH RUN CGO_ENABLED=0 GOOS=$TARGETOS GOARCH=$TARGETARCH go build -o argocd-helm-envsubst-plugin #------ Install dependening software ------# -FROM registry.tech.hextech.io/library/alpine:3.16 as helm-builder +FROM alpine:3.18 as helm-builder # amd64/arm64 ARG TARGETARCH @@ -34,7 +34,7 @@ RUN wget ${KUSTOMIZE_BASE_URL}/kustomize%2Fv${KUSTOMIZE_VERSION}/kustomize_v${KU chmod +x kustomize #------ Final image ------# -FROM registry.tech.hextech.io/library/alpine:3.16 +FROM alpine:3.18 # Used by plugin to create temporary helm repositories.yaml RUN mkdir /helm-working-dir diff --git a/go.mod b/go.mod index 3f17ca8..f61f24c 100644 --- a/go.mod +++ b/go.mod @@ -1,6 +1,6 @@ module gitlab.int.hextech.io/technology/utils/cicd/argocd-helm-envsubst-plugin -go 1.18 +go 1.21 require ( github.com/spf13/cobra v1.5.0 From ec29b481f939a8d3dd7737ead9a43ec4d1583f2d Mon Sep 17 00:00:00 2001 From: Aaron Baideme Date: Thu, 7 Dec 2023 00:08:32 +0800 Subject: [PATCH 3/8] chore: Update go.sum --- go.sum | 3 --- 1 file changed, 3 deletions(-) diff --git a/go.sum b/go.sum index 2d06cbf..4b515d3 100644 --- a/go.sum +++ b/go.sum @@ -5,9 +5,7 @@ github.com/inconshreveable/mousetrap v1.0.1 h1:U3uMjPSQEBMNp1lFxmllqCPM6P5u/Xq7P github.com/inconshreveable/mousetrap v1.0.1/go.mod h1:vpF70FUmC8bwa3OWnCshd2FqLfsEA9PFc4w1p2J65bw= github.com/kr/pty v1.1.1/go.mod h1:pFQYn66WHrOpPYNljwOMqo10TkYh1fy3cYio2l3bCsQ= github.com/kr/text v0.1.0/go.mod h1:4Jbv+DJW3UT/LiOwJeYQe1efqtUx/iVham/4vfdArNI= -github.com/kr/text v0.2.0 h1:5Nx0Ya0ZqY2ygV366QzturHI13Jq95ApcVaJBhpS+AY= github.com/kr/text v0.2.0/go.mod h1:eLer722TekiGuMkidMxC/pM04lWEeraHUUmBw8l2grE= -github.com/niemeyer/pretty v0.0.0-20200227124842-a10e7caefd8e h1:fD57ERR4JtEqsWbfPhv4DMiApHyliiK5xCTNVSPiaAs= github.com/niemeyer/pretty v0.0.0-20200227124842-a10e7caefd8e/go.mod h1:zD1mROLANZcx1PVRCS0qkT7pwLkGfwJo4zjcN/Tysno= github.com/russross/blackfriday/v2 v2.1.0/go.mod h1:+Rmxgy9KzJVeS9/2gXHxylqXiyQDYRxCVz55jmeOWTM= github.com/spf13/cobra v1.5.0 h1:X+jTBEBqF0bHN+9cSMgmfuvv2VHJ9ezmFNf9Y/XstYU= @@ -15,7 +13,6 @@ github.com/spf13/cobra v1.5.0/go.mod h1:dWXEIy2H428czQCjInthrTRUg7yKbok+2Qi/yBIJ github.com/spf13/pflag v1.0.5 h1:iy+VFUOCP1a+8yFto/drg2CJ5u0yRoB7fZw3DKv/JXA= github.com/spf13/pflag v1.0.5/go.mod h1:McXfInJRrz4CZXVZOBLb0bTZqETkiAhM9Iw0y3An2Bg= gopkg.in/check.v1 v0.0.0-20161208181325-20d25e280405/go.mod h1:Co6ibVJAznAaIkqp8huTwlJQCZ016jof/cbN4VW5Yz0= -gopkg.in/check.v1 v1.0.0-20200227125254-8fa46927fb4f h1:BLraFXnmrev5lT+xlilqcH8XK9/i0At2xKjWk4p6zsU= gopkg.in/check.v1 v1.0.0-20200227125254-8fa46927fb4f/go.mod h1:Co6ibVJAznAaIkqp8huTwlJQCZ016jof/cbN4VW5Yz0= gopkg.in/yaml.v2 v2.4.0 h1:D8xgwECY7CYvx+Y2n4sBz93Jn9JRvxdiyyo8CTfuKaY= gopkg.in/yaml.v2 v2.4.0/go.mod h1:RDklbk79AGWmwhnvt/jBztapEOGDOx6ZbXqjP6csGnQ= From 7b6df4a2e50145a365c9d88b2bdf5424aec8c45d Mon Sep 17 00:00:00 2001 From: Aaron Baideme Date: Thu, 7 Dec 2023 00:15:16 +0800 Subject: [PATCH 4/8] chore: Version updates --- Dockerfile | 6 ++++-- 1 file changed, 4 insertions(+), 2 deletions(-) diff --git a/Dockerfile b/Dockerfile index 2ee3ff4..e9913ab 100644 --- a/Dockerfile +++ b/Dockerfile @@ -21,14 +21,14 @@ WORKDIR /app RUN apk add --update --no-cache wget git curl # Install helm -ARG HELM_VERSION=3.10.3 +ARG HELM_VERSION=3.13.2 ENV HELM_BASE_URL="https://get.helm.sh" RUN wget ${HELM_BASE_URL}/helm-v${HELM_VERSION}-linux-${TARGETARCH}.tar.gz -O - | tar -xz && \ chmod +x linux-${TARGETARCH}/helm && \ mv linux-${TARGETARCH}/helm /app/helm # Install kustomize -ARG KUSTOMIZE_VERSION=4.5.7 +ARG KUSTOMIZE_VERSION=5.2.1 ENV KUSTOMIZE_BASE_URL="https://github.com/kubernetes-sigs/kustomize/releases/download" RUN wget ${KUSTOMIZE_BASE_URL}/kustomize%2Fv${KUSTOMIZE_VERSION}/kustomize_v${KUSTOMIZE_VERSION}_linux_${TARGETARCH}.tar.gz -O - | tar -xz && \ chmod +x kustomize @@ -36,6 +36,8 @@ RUN wget ${KUSTOMIZE_BASE_URL}/kustomize%2Fv${KUSTOMIZE_VERSION}/kustomize_v${KU #------ Final image ------# FROM alpine:3.18 +RUN apk update && apk upgrade + # Used by plugin to create temporary helm repositories.yaml RUN mkdir /helm-working-dir RUN chmod 777 /helm-working-dir From e78a79fd7828d6ba26c2275e6f82e4af20b7cbc2 Mon Sep 17 00:00:00 2001 From: Aaron Baideme Date: Thu, 7 Dec 2023 00:29:24 +0800 Subject: [PATCH 5/8] chore: Add hadolint --- .github/workflows/lint.yaml | 20 ++++++++++++++++++++ Dockerfile | 7 +++---- 2 files changed, 23 insertions(+), 4 deletions(-) create mode 100644 .github/workflows/lint.yaml diff --git a/.github/workflows/lint.yaml b/.github/workflows/lint.yaml new file mode 100644 index 0000000..1240684 --- /dev/null +++ b/.github/workflows/lint.yaml @@ -0,0 +1,20 @@ +name: lint + +on: + push: + paths: + - Dockerfile + pull_request: + branches: + - "main" + +jobs: + lint: + runs-on: ubuntu-latest + steps: + - uses: actions/checkout@v3 + - name: Lint Dockerfile + uses: hadolint/hadolint-action@v3.1.0 + with: + files: Dockerfile + config: ./.hadolint.yaml \ No newline at end of file diff --git a/Dockerfile b/Dockerfile index e9913ab..29b61f4 100644 --- a/Dockerfile +++ b/Dockerfile @@ -23,14 +23,14 @@ RUN apk add --update --no-cache wget git curl # Install helm ARG HELM_VERSION=3.13.2 ENV HELM_BASE_URL="https://get.helm.sh" -RUN wget ${HELM_BASE_URL}/helm-v${HELM_VERSION}-linux-${TARGETARCH}.tar.gz -O - | tar -xz && \ +RUN wget --progress=dot:giga ${HELM_BASE_URL}/helm-v${HELM_VERSION}-linux-${TARGETARCH}.tar.gz -O - | tar -xz && \ chmod +x linux-${TARGETARCH}/helm && \ mv linux-${TARGETARCH}/helm /app/helm # Install kustomize ARG KUSTOMIZE_VERSION=5.2.1 ENV KUSTOMIZE_BASE_URL="https://github.com/kubernetes-sigs/kustomize/releases/download" -RUN wget ${KUSTOMIZE_BASE_URL}/kustomize%2Fv${KUSTOMIZE_VERSION}/kustomize_v${KUSTOMIZE_VERSION}_linux_${TARGETARCH}.tar.gz -O - | tar -xz && \ +RUN wget --progress=dot:giga ${KUSTOMIZE_BASE_URL}/kustomize%2Fv${KUSTOMIZE_VERSION}/kustomize_v${KUSTOMIZE_VERSION}_linux_${TARGETARCH}.tar.gz -O - | tar -xz && \ chmod +x kustomize #------ Final image ------# @@ -39,8 +39,7 @@ FROM alpine:3.18 RUN apk update && apk upgrade # Used by plugin to create temporary helm repositories.yaml -RUN mkdir /helm-working-dir -RUN chmod 777 /helm-working-dir +RUN mkdir /helm-working-dir && chmod 777 /helm-working-dir # Set default helm cache dir to somewhere we can read write ENV HELM_CACHE_HOME /helm-working-dir From ac4624a9769d175cb66f9f2f1e3a70534c0bc61c Mon Sep 17 00:00:00 2001 From: Aaron Baideme Date: Thu, 7 Dec 2023 20:46:04 +0800 Subject: [PATCH 6/8] fix: Update configmanagement plugin discovery command --- ConfigManagementPlugin.yaml | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/ConfigManagementPlugin.yaml b/ConfigManagementPlugin.yaml index fcfd24c..2da52cf 100644 --- a/ConfigManagementPlugin.yaml +++ b/ConfigManagementPlugin.yaml @@ -12,4 +12,5 @@ spec: args: ["argocd-helm-envsubst-plugin render --log-location /tmp/argocd-helm-envsubst-plugin/"] discover: find: - command: ["if [[ ${ARGOCD_ENV_HELM_ENVSUBST_PLUGIN_DISABLE} ]]; then exit 1; else exit 0; fi"] \ No newline at end of file + command: ["sh", "-c"] + args: ["if [[ ${ARGOCD_ENV_HELM_ENVSUBST_PLUGIN_DISABLE} ]]; then exit 1; else echo 'Activating Helm Envsubst Plugin'; fi"] \ No newline at end of file From 0a3924e92d50439e8bfcd5e3037646b8a6330a3a Mon Sep 17 00:00:00 2001 From: Aaron Baideme Date: Mon, 11 Dec 2023 12:21:52 +0800 Subject: [PATCH 7/8] fix: Try alternative discovery method --- ConfigManagementPlugin.yaml | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/ConfigManagementPlugin.yaml b/ConfigManagementPlugin.yaml index 2da52cf..e93dc9e 100644 --- a/ConfigManagementPlugin.yaml +++ b/ConfigManagementPlugin.yaml @@ -12,5 +12,5 @@ spec: args: ["argocd-helm-envsubst-plugin render --log-location /tmp/argocd-helm-envsubst-plugin/"] discover: find: - command: ["sh", "-c"] - args: ["if [[ ${ARGOCD_ENV_HELM_ENVSUBST_PLUGIN_DISABLE} ]]; then exit 1; else echo 'Activating Helm Envsubst Plugin'; fi"] \ No newline at end of file + # This does the same thing as fileName, but it supports double-start (nested directory) glob patterns. + glob: "**/Chart.yaml" \ No newline at end of file From 37b21ddd4e2d91c53ac358648d8fe8e7a0db7faf Mon Sep 17 00:00:00 2001 From: Aaron Baideme Date: Wed, 20 Dec 2023 14:02:04 +0800 Subject: [PATCH 8/8] fix: Dockerfile updates --- Dockerfile | 10 +++++----- 1 file changed, 5 insertions(+), 5 deletions(-) diff --git a/Dockerfile b/Dockerfile index 29b61f4..d1eac0d 100644 --- a/Dockerfile +++ b/Dockerfile @@ -1,5 +1,5 @@ #------ Build golang app ------# -FROM --platform=$BUILDPLATFORM golang:1.21-alpine3.18 as builder +FROM --platform=$BUILDPLATFORM golang:1.21-alpine3.19 as builder WORKDIR /app COPY go.mod . @@ -13,7 +13,7 @@ ARG TARGETOS TARGETARCH RUN CGO_ENABLED=0 GOOS=$TARGETOS GOARCH=$TARGETARCH go build -o argocd-helm-envsubst-plugin #------ Install dependening software ------# -FROM alpine:3.18 as helm-builder +FROM alpine:3.19 as helm-builder # amd64/arm64 ARG TARGETARCH @@ -21,20 +21,20 @@ WORKDIR /app RUN apk add --update --no-cache wget git curl # Install helm -ARG HELM_VERSION=3.13.2 +ARG HELM_VERSION=3.13.3 ENV HELM_BASE_URL="https://get.helm.sh" RUN wget --progress=dot:giga ${HELM_BASE_URL}/helm-v${HELM_VERSION}-linux-${TARGETARCH}.tar.gz -O - | tar -xz && \ chmod +x linux-${TARGETARCH}/helm && \ mv linux-${TARGETARCH}/helm /app/helm # Install kustomize -ARG KUSTOMIZE_VERSION=5.2.1 +ARG KUSTOMIZE_VERSION=5.3.0 ENV KUSTOMIZE_BASE_URL="https://github.com/kubernetes-sigs/kustomize/releases/download" RUN wget --progress=dot:giga ${KUSTOMIZE_BASE_URL}/kustomize%2Fv${KUSTOMIZE_VERSION}/kustomize_v${KUSTOMIZE_VERSION}_linux_${TARGETARCH}.tar.gz -O - | tar -xz && \ chmod +x kustomize #------ Final image ------# -FROM alpine:3.18 +FROM alpine:3.19 RUN apk update && apk upgrade