Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Release automation - Push Helm Chart to helm-charts repo #251

Open
2 of 6 tasks
sigalsax opened this issue Oct 19, 2020 · 3 comments
Open
2 of 6 tasks

Release automation - Push Helm Chart to helm-charts repo #251

sigalsax opened this issue Oct 19, 2020 · 3 comments
Assignees
Milestone

Comments

@sigalsax
Copy link
Contributor

sigalsax commented Oct 19, 2020

Our pipeline currently builds a helm chart as part of the build pipeline. We now want to be able to push packaged helm chart to the helm-charts repository as part of our version release

ToDo

  • Challenge design and maybe create a new one after new limitations. See thread: https://conjurhq.slack.com/archives/C8BNMU0KV/p1603715930420900
  • Implement and generalize the action in helm-charts to be reused by other repos/pipelines/etc
  • Trigger the action from publish.sh
  • Provide guidelines for how to use GH actions in Conjur

Done

  • Talk to infra about how to automate the pushing of our Jenkins artifacts to another repo (helm-chart)
  • Create POC to validate action works. See here

Help resources

@sigalsax sigalsax added this to the R&D Boost milestone Oct 19, 2020
@sigalsax sigalsax self-assigned this Oct 19, 2020
@sigalsax
Copy link
Contributor Author

sigalsax commented Oct 19, 2020

Progress

POC repo: https://github.com/sigalsax/poc-github-actions

Flow

  1. On successful build, the Release stage will run ./bin/publish
  2. When [ "$GIT_DESCRIPTION" = "v${VERSION}" ], an HTTP request will be sent from Jenkins to trigger an event in helm-charts repo
  3. The action in helm-charts repo will (DONE)
    1. Clone the SP4Ks Repo
    2. Package the helm chart
    3. Commit the Helm chart tgz to a helm-chart branch
    4. Create PR in helm-charts

HTTP request
Screen Shot 2020-10-19 at 12.29.10 PM.png

FLOW
Screen Shot 2020-10-19 at 12.21.13 PM.png

Notes:
- The access token will be fetched from summon beforehand
- In request ref will be ?? and the secrets-provider-ref will be an object {“secrets-provider-ref”: ?? } with info to help generalize the event.
Ex:

{
  "ref": <ref>,
  "project-ref" : [
     {
       "version": <version>,
       "full_repository_name" : <full_repostiory_name>,
       "helm_package_path": <helm_package_path>,
       "pr_assignee": <pr_assignee>
     }
  ]
}

version: -> 1.1.0
full_repository_name -> cyberark/secrets-provider-for-k8s
helm_package_path -> secrets-provider-for-k8s/helm/secrets-provider
pr_assignee -> sigalsax

The actual action will need to accept these inputs under input: in the action

Change repository_dispatch to workflow_dispatch

@sigalsax
Copy link
Contributor Author

@izgeri suggested update design
https://conjurhq.slack.com/archives/C8BNMU0KV/p1603716511421800?thread_ts=1603083343.320200&cid=C8BNMU0KV

  1. secrets provider add the helm chart .tgz to its github releases, like we upload ZIPs for the buildpack
  2. the consumer repo (eg cyberark/helm-charts), if it has a way of being alerted when a new tag is available in secrets-provider, can kick off a workflow to auto-open a PR adding the release artifact.
  3. the helm-charts workflow can grab the artifact from the SP gh release like how we grab the buildpack ZIP when we build the PCF tile
  4. the helm-charts workflow can open a PR against itself, using its own github token, like we do in the OSS suite repo when we draft a new gh release (tag-triggered) and when we open a PR to save the suite YAML

@sigalsax
Copy link
Contributor Author

sigalsax commented Nov 1, 2020

There have been some limitations that were introduced with current design.

See discussions here: https://conjurhq.slack.com/archives/C8BNMU0KV/p1603715930420900

This might require a new decision as Geri suggests where we grab the packaged helm chart artifact from releases from another workflow (helm-chart)

Geri's design: https://conjurhq.slack.com/archives/C8BNMU0KV/p1603083343320200

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Development

No branches or pull requests

2 participants