diff --git a/.github/workflows/publish-charts.yaml b/.github/workflows/publish-charts.yaml index 267616d87..a72b453e8 100644 --- a/.github/workflows/publish-charts.yaml +++ b/.github/workflows/publish-charts.yaml @@ -9,8 +9,71 @@ on: - master jobs: + lint-charts: + runs-on: ubuntu-latest + steps: + - name: Checkout + uses: actions/checkout@v3 + with: + fetch-depth: 0 + + - name: Install Helm + uses: azure/setup-helm@v3 + with: + version: v3.5.4 + + - uses: actions/setup-python@v4 + with: + python-version: '3.9' + check-latest: true + + - name: Set up chart-testing + uses: helm/chart-testing-action@v2.6.0 + + - name: Run chart-testing (lint) + run: | + ct lint --config ct.yaml + + test-charts: + needs: + - lint-charts + runs-on: ubuntu-latest + steps: + - name: Check out code + uses: actions/checkout@v2 + + - name: Create k8s Kind Cluster + uses: helm/kind-action@v1.5.0 + with: + cluster_name: kind + + - name: Install Helm + uses: azure/setup-helm@v3 + with: + version: v3.5.4 + + - name: Install yq + run: | + sudo snap install yq + + - name: Install and test Redis Related Helm charts + run: | + kubectl cluster-info --context kind-kind + chart_dirs=("redis-operator") + for dir in "${chart_dirs[@]}" + do + if [[ -f ./charts/$dir/Chart.yaml ]]; then + helm dependency update ./charts/$dir/ + fi + helm install $dir ./charts/$dir/ + helm test $dir + done + echo "Listing installed Helm charts..." + release-charts: runs-on: ubuntu-latest + needs: + - test-charts steps: - name: Checkout uses: actions/checkout@v3 diff --git a/charts/redis-operator/Chart.yaml b/charts/redis-operator/Chart.yaml index 2d3266f2f..4d7a00851 100644 --- a/charts/redis-operator/Chart.yaml +++ b/charts/redis-operator/Chart.yaml @@ -1,6 +1,6 @@ --- apiVersion: v2 -version: 0.16.1 +version: 0.16.2 appVersion: "0.17.0" description: Provides easy redis setup definitions for Kubernetes services, and deployment. engine: gotpl @@ -25,4 +25,4 @@ dependencies: version: v1.12.4 repository: https://charts.jetstack.io alias: certmanager - condition: certmanager.enabled \ No newline at end of file + condition: certmanager.enabled diff --git a/charts/redis-operator/templates/operator-deployment.yaml b/charts/redis-operator/templates/operator-deployment.yaml index b1a5d8bea..1dea377a0 100644 --- a/charts/redis-operator/templates/operator-deployment.yaml +++ b/charts/redis-operator/templates/operator-deployment.yaml @@ -21,8 +21,12 @@ spec: {{- toYaml . | nindent 8 }} {{- end }} spec: + securityContext: + {{- toYaml .Values.podSecurityContext | nindent 8 }} containers: - name: "{{ .Values.redisOperator.name }}" + securityContext: + {{- toYaml .Values.securityContext | nindent 10 }} image: "{{ .Values.redisOperator.imageName }}:{{ .Values.redisOperator.imageTag | default (printf "v%s" .Chart.AppVersion) }}" imagePullPolicy: {{ .Values.redisOperator.imagePullPolicy }} command: diff --git a/charts/redis-operator/values.yaml b/charts/redis-operator/values.yaml index ba4da7f82..ce7f7490e 100644 --- a/charts/redis-operator/values.yaml +++ b/charts/redis-operator/values.yaml @@ -58,3 +58,14 @@ nodeSelector: {} tolerateAllTaints: false tolerations: [] affinity: {} + +podSecurityContext: {} +# fsGroup: 2000 + +securityContext: {} +# capabilities: +# drop: +# - ALL +# readOnlyRootFilesystem: true +# runAsNonRoot: true +# runAsUser: 1000 diff --git a/ct.yaml b/ct.yaml new file mode 100644 index 000000000..4b2ac5725 --- /dev/null +++ b/ct.yaml @@ -0,0 +1,7 @@ +--- +remote: origin +target-branch: master +chart-dirs: + - charts +chart-repos: + - ot-helm=https://ot-container-kit.github.io/helm-charts \ No newline at end of file