hextrust · AaronForce1 · Jun 26, 2023 · Jun 27, 2023 · Dec 6, 2023 · Dec 6, 2023
diff --git a/.dockerignore b/.dockerignore
@@ -0,0 +1,4 @@
+_archive/
+_script/
+.github
+.git
diff --git a/.github/workflows/buildx.yaml b/.github/workflows/buildx.yaml
@@ -0,0 +1,112 @@
+name: buildx
+
+env:
+  REGISTRY_IMAGE: aaronforce1/argocd-helm-envsubst-plugin
+
+on:
+  push:
+    paths-ignore:
+      - ".github/workflows/build.yaml"
+      - "docker-compose.yml"
+  pull_request:
+    branches:
+      - "main"
+
+jobs:
+  build:
+    runs-on: ubuntu-latest
+    strategy:
+      fail-fast: false
+      matrix:
+        platform:
+          - linux/amd64
+          - linux/arm64
+    steps:
+      - name: Checkout
+        uses: actions/checkout@v4
+      - name: Docker meta
+        id: meta
+        uses: docker/metadata-action@v5
+        with:
+          images: |
+            ${{ env.REGISTRY_IMAGE }}
+          tags: |
+            type=ref,event=branch
+            type=ref,event=pr
+            type=semver,pattern={{version}}
+            type=semver,pattern={{major}}.{{minor}}
+            type=semver,pattern={{major}}
+            type=sha
+      - name: Set up QEMU
+        uses: docker/setup-qemu-action@v3
+      - name: Set up Docker Buildx
+        uses: docker/setup-buildx-action@v3
+      - name: Login to Docker Hub
+        uses: docker/login-action@v3
+        with:
+          username: ${{ secrets.DOCKERHUB_USERNAME }}
+          password: ${{ secrets.DOCKERHUB_TOKEN }}
+      # - name: Login to GitHub Container Registry
+      #   uses: docker/login-action@v3
+      #   with:
+      #     registry: ghcr.io
+      #     username: ${{ github.repository_owner }}
+      #     password: ${{ secrets.GITHUB_TOKEN }}
+      - name: Build and push by digest
+        id: build
+        uses: docker/build-push-action@v5
+        with:
+          context: .
+          platforms: ${{ matrix.platform }}
+          # tags: ${{ steps.meta.outputs.tags }}
+          labels: ${{ steps.meta.outputs.labels }}
+          outputs: type=image,name=${{ env.REGISTRY_IMAGE }},push-by-digest=true,name-canonical=true,push=true
+          cache-from: type=registry,ref=${{ env.REGISTRY_IMAGE }}:buildcache
+          cache-to: type=registry,ref=${{ env.REGISTRY_IMAGE }}:buildcache,mode=max
+          ## Alternative GH Actions Cache - Experimental
+          # cache-from: type=gha
+          # cache-to: type=gha,mode=max
+      - name: Export digest
+        run: |
+          mkdir -p /tmp/digests
+          digest="${{ steps.build.outputs.digest }}"
+          touch "/tmp/digests/${digest#sha256:}"          
+      - name: Upload digest
+        uses: actions/upload-artifact@v3
+        with:
+          name: digests
+          path: /tmp/digests/*
+          if-no-files-found: error
+          retention-days: 1
+
+  merge:
+    runs-on: ubuntu-latest
+    needs:
+      - build
+    steps:
+      - name: Download digests
+        uses: actions/download-artifact@v3
+        with:
+          name: digests
+          path: /tmp/digests
+      - name: Set up Docker Buildx
+        uses: docker/setup-buildx-action@v3
+      - name: Docker meta
+        id: meta
+        uses: docker/metadata-action@v5
+        with:
+          images: |
+            ${{ env.REGISTRY_IMAGE }}
+      - name: Login to Docker Hub
+        uses: docker/login-action@v3
+        with:
+          username: ${{ secrets.DOCKERHUB_USERNAME }}
+          password: ${{ secrets.DOCKERHUB_TOKEN }}
+      - name: Create manifest list and push
+        working-directory: /tmp/digests
+        run: |
+          docker buildx imagetools create $(jq -cr '.tags | map("-t " + .) | join(" ")' <<< "$DOCKER_METADATA_OUTPUT_JSON") \
+            $(printf '${{ env.REGISTRY_IMAGE }}@sha256:%s ' *)          
+      - name: Inspect image
+        run: |
+          docker buildx imagetools inspect ${{ env.REGISTRY_IMAGE }}:${{ steps.meta.outputs.version }}
diff --git a/.github/workflows/lint.yaml b/.github/workflows/lint.yaml
@@ -0,0 +1,20 @@
+name: lint
+
+on:
+  push:
+    paths:
+      - Dockerfile
+  pull_request:
+    branches:
+      - "main"
+
+jobs:
+  lint:
+    runs-on: ubuntu-latest
+    steps:
+      - uses: actions/checkout@v3
+      - name: Lint Dockerfile
+        uses: hadolint/hadolint-action@v3.1.0
+        with:
+          files: Dockerfile
+          config: ./.hadolint.yaml
diff --git a/ConfigManagementPlugin.yaml b/ConfigManagementPlugin.yaml
@@ -12,4 +12,5 @@ spec:
     args: ["argocd-helm-envsubst-plugin render --log-location /tmp/argocd-helm-envsubst-plugin/"]
   discover:
     find:
-      command: ["echo", "hi"]
+      # This does the same thing as fileName, but it supports double-start (nested directory) glob patterns.
+      glob: "**/Chart.yaml"
diff --git a/Dockerfile b/Dockerfile
@@ -1,5 +1,5 @@
 #------ Build golang app ------#
-FROM --platform=$BUILDPLATFORM registry.tech.hextech.io/library/golang:1.18.3-alpine3.16 as builder
+FROM --platform=$BUILDPLATFORM golang:1.21-alpine3.19 as builder
 
 WORKDIR /app
 COPY go.mod .
@@ -13,32 +13,33 @@ ARG TARGETOS TARGETARCH
 RUN CGO_ENABLED=0 GOOS=$TARGETOS GOARCH=$TARGETARCH go build -o argocd-helm-envsubst-plugin
 
 #------ Install dependening software ------#
-FROM registry.tech.hextech.io/library/alpine:3.16 as helm-builder
+FROM alpine:3.19 as helm-builder
 
 # amd64/arm64
 ARG TARGETARCH
 WORKDIR /app
 RUN apk add --update --no-cache wget git curl
 
 # Install helm
-ARG HELM_VERSION=3.10.3
+ARG HELM_VERSION=3.13.3
 ENV HELM_BASE_URL="https://get.helm.sh"
-RUN wget ${HELM_BASE_URL}/helm-v${HELM_VERSION}-linux-${TARGETARCH}.tar.gz -O - | tar -xz && \
+RUN wget --progress=dot:giga ${HELM_BASE_URL}/helm-v${HELM_VERSION}-linux-${TARGETARCH}.tar.gz -O - | tar -xz && \
     chmod +x linux-${TARGETARCH}/helm && \
     mv linux-${TARGETARCH}/helm /app/helm
 
 # Install kustomize
-ARG KUSTOMIZE_VERSION=4.5.7
+ARG KUSTOMIZE_VERSION=5.3.0
 ENV KUSTOMIZE_BASE_URL="https://github.com/kubernetes-sigs/kustomize/releases/download"
-RUN wget ${KUSTOMIZE_BASE_URL}/kustomize%2Fv${KUSTOMIZE_VERSION}/kustomize_v${KUSTOMIZE_VERSION}_linux_${TARGETARCH}.tar.gz -O - | tar -xz && \
+RUN wget --progress=dot:giga ${KUSTOMIZE_BASE_URL}/kustomize%2Fv${KUSTOMIZE_VERSION}/kustomize_v${KUSTOMIZE_VERSION}_linux_${TARGETARCH}.tar.gz -O - | tar -xz && \
     chmod +x kustomize
 
 #------ Final image ------# 
-FROM registry.tech.hextech.io/library/alpine:3.16
+FROM alpine:3.19
+
+RUN apk update && apk upgrade
 
 # Used by plugin to create temporary helm repositories.yaml
-RUN mkdir /helm-working-dir 
-RUN chmod 777 /helm-working-dir
+RUN mkdir /helm-working-dir && chmod 777 /helm-working-dir
 
 # Set default helm cache dir to somewhere we can read write
 ENV HELM_CACHE_HOME /helm-working-dir

diff --git a/go.mod b/go.mod
@@ -1,6 +1,6 @@
 module gitlab.int.hextech.io/technology/utils/cicd/argocd-helm-envsubst-plugin
 
-go 1.18
+go 1.21
 
 require (
 	github.com/spf13/cobra v1.5.0

diff --git a/go.sum b/go.sum
@@ -5,17 +5,14 @@ github.com/inconshreveable/mousetrap v1.0.1 h1:U3uMjPSQEBMNp1lFxmllqCPM6P5u/Xq7P
 github.com/inconshreveable/mousetrap v1.0.1/go.mod h1:vpF70FUmC8bwa3OWnCshd2FqLfsEA9PFc4w1p2J65bw=
 github.com/kr/pty v1.1.1/go.mod h1:pFQYn66WHrOpPYNljwOMqo10TkYh1fy3cYio2l3bCsQ=
 github.com/kr/text v0.1.0/go.mod h1:4Jbv+DJW3UT/LiOwJeYQe1efqtUx/iVham/4vfdArNI=
-github.com/kr/text v0.2.0 h1:5Nx0Ya0ZqY2ygV366QzturHI13Jq95ApcVaJBhpS+AY=
 github.com/kr/text v0.2.0/go.mod h1:eLer722TekiGuMkidMxC/pM04lWEeraHUUmBw8l2grE=
-github.com/niemeyer/pretty v0.0.0-20200227124842-a10e7caefd8e h1:fD57ERR4JtEqsWbfPhv4DMiApHyliiK5xCTNVSPiaAs=
 github.com/niemeyer/pretty v0.0.0-20200227124842-a10e7caefd8e/go.mod h1:zD1mROLANZcx1PVRCS0qkT7pwLkGfwJo4zjcN/Tysno=
 github.com/russross/blackfriday/v2 v2.1.0/go.mod h1:+Rmxgy9KzJVeS9/2gXHxylqXiyQDYRxCVz55jmeOWTM=
 github.com/spf13/cobra v1.5.0 h1:X+jTBEBqF0bHN+9cSMgmfuvv2VHJ9ezmFNf9Y/XstYU=
 github.com/spf13/cobra v1.5.0/go.mod h1:dWXEIy2H428czQCjInthrTRUg7yKbok+2Qi/yBIJoUM=
 github.com/spf13/pflag v1.0.5 h1:iy+VFUOCP1a+8yFto/drg2CJ5u0yRoB7fZw3DKv/JXA=
 github.com/spf13/pflag v1.0.5/go.mod h1:McXfInJRrz4CZXVZOBLb0bTZqETkiAhM9Iw0y3An2Bg=
 gopkg.in/check.v1 v0.0.0-20161208181325-20d25e280405/go.mod h1:Co6ibVJAznAaIkqp8huTwlJQCZ016jof/cbN4VW5Yz0=
-gopkg.in/check.v1 v1.0.0-20200227125254-8fa46927fb4f h1:BLraFXnmrev5lT+xlilqcH8XK9/i0At2xKjWk4p6zsU=
 gopkg.in/check.v1 v1.0.0-20200227125254-8fa46927fb4f/go.mod h1:Co6ibVJAznAaIkqp8huTwlJQCZ016jof/cbN4VW5Yz0=
 gopkg.in/yaml.v2 v2.4.0 h1:D8xgwECY7CYvx+Y2n4sBz93Jn9JRvxdiyyo8CTfuKaY=
 gopkg.in/yaml.v2 v2.4.0/go.mod h1:RDklbk79AGWmwhnvt/jBztapEOGDOx6ZbXqjP6csGnQ=
diff --git a/internal/build.go b/internal/build.go
@@ -78,6 +78,14 @@ func (builder *Builder) generateRepositoryConfig(repositoryConfigName string, ch
 	for _, dep := range chartYaml["dependencies"].([]interface{}) {
 		d := dep.(map[interface{}]interface{})
 		repositoryUrl := d["repository"].(string)
+
+		// Do not include repository url in the repositories.yaml if it is not https
+		// Helm does not create an [app]-index.yaml that contains all the version of the chart for non-https repo
+		// Including the url in the repositories.yaml will cause the helm to lookup for the index file and fail
+		if !strings.HasPrefix(repositoryUrl, "https://") {
+			continue
+		}
+
 		name := d["name"].(string)
 		username := ""
 		password := ""