feat(helm/test-chart): add input to force chart lint and install

Signed-off-by: Emilien Escalle <[email protected]>

Author: neilime

.github/workflows/__test-action-docker-prune-pull-requests-image-tags.yml

@@ -46,7 +46,8 @@ jobs:
             "name": "test-prune-${{ github.run_number }}",
             "context": ".",
             "dockerfile": "./tests/application/Dockerfile",
-            "target": "prod",
+            "build-args": { "BUILD_RUN_ID": "${{ github.run_id }}" },
+            "target": "base",
             "platforms": ["linux/amd64","linux/arm64"]
           }
         ]
@@ -67,7 +68,7 @@ jobs:
           username: ${{ github.repository_owner }}
           password: ${{ secrets.GITHUB_TOKEN }}
 
-      - name: Push extra docker image tags for test
+      - name: Generate a image tag that should be deleted
         run: |
           BASE_IMAGE=$(echo '${{ needs.arrange.outputs.built-images }}' | jq -r '."${{ env.IMAGE }}".images[0]')
           NEW_IMAGE=ghcr.io/hoverkraft-tech/ci-github-container/${{ env.IMAGE }}:${{ needs.setup.outputs.tag }}
@@ -112,7 +113,7 @@ jobs:
               assert.equal(deletedImageTagsForCurrentPullRequest.length, 0, `"deleted-image-tags" output contains current pull request image tag`);
             }
 
-      - name: Assert - Ensure packages versions have been deleted
+      - name: Assert - Ensure expected packages versions have been deleted
         uses: actions/[email protected]
         with:
           github-token: ${{ github.token }}

.github/workflows/__test-action-helm-test-chart.yml

@@ -7,28 +7,45 @@ on:
 
 permissions:
   contents: read
-  packages: read
+  issues: read
+  packages: write
+  pull-requests: read
+  # FIXME: This is a workaround for having workflow actions. See https://github.com/orgs/community/discussions/38659
+  id-token: write
 
 jobs:
-  tests:
+  build-test-images:
+    uses: ./.github/workflows/docker-build-images.yml
+    secrets:
+      oci-registry-password: ${{ secrets.GITHUB_TOKEN }}
+    with:
+      images: |
+        [
+          {
+            "name": "application-test",
+            "context": ".",
+            "dockerfile": "./tests/application/Dockerfile",
+            "target": "prod",
+            "platforms": ["linux/amd64"],
+            "tag": "0.1.0"
+          }
+        ]
+
+  test-lint-and-install:
     name: Test for "helm/test-chart" action
+    needs: build-test-images
     runs-on: ubuntu-latest
     steps:
       - uses: actions/checkout@v4
 
-      - id: get-image-metadata
-        uses: ./actions/docker/get-image-metadata
-        with:
-          oci-registry: ghcr.io
-          image: application-test
-
       - id: test-chart
         uses: ./actions/helm/test-chart
         with:
+          check-diff-only: false
           helm-set: |
-            image.tag=${{ steps.get-image-metadata.outputs.tags }}
+            image.tag=0.1.0
           helm-repositories: |
             bitnami https://charts.bitnami.com/bitnami
           oci-registry: ghcr.io
-          oci-registry-username: ${{ github.actor }}
+          oci-registry-username: ${{ github.repository_owner }}
           oci-registry-password: ${{ secrets.GITHUB_TOKEN }}

.github/workflows/__test-workflow-docker-build-images.yml

@@ -41,15 +41,15 @@ jobs:
             "context": ".",
             "dockerfile": "./tests/application/Dockerfile",
             "build-args": { "BUILD_RUN_ID": "${{ github.run_id }}" },
-            "target": "prod",
+            "target": "base",
             "platforms": ["linux/amd64","linux/arm64","linux/arm/v7"]
           },
           {
             "name": "test-mono-arch",
             "context": ".",
             "dockerfile": "./tests/application/Dockerfile",
             "build-args": { "BUILD_RUN_ID": "${{ github.run_id }}" },
-            "target": "prod",
+            "target": "base",
             "platforms": ["linux/amd64"],
             "tag": "0.1.0"
           }

.prettierignore

@@ -0,0 +1 @@
+**/tests/charts/*/**/*.yaml

Makefile

@@ -13,6 +13,15 @@ lint-fix: ## Execute linting and fix
 		-e FIX_MARKDOWN_PRETTIER=true \
 		-e FIX_NATURAL_LANGUAGE=true)
 
+test-build-application: ## Build the test application image
+	@docker buildx build \
+		--push --platform linux/amd64,linux/arm64 \
+		--target prod \
+		-t ghcr.io/hoverkraft-tech/ci-github-container/application-test:0.1.0 ./tests/application
+
+test-ct-install: ## Run ct install to install the test application
+	@ct install --config ct.yaml --helm-extra-set-args '--set=image.tag=0.1.0'
+
 define run_linter
 	DEFAULT_WORKSPACE="$(CURDIR)"; \
 	LINTER_IMAGE="linter:latest"; \

actions/helm/test-chart/action.yml

@@ -1,7 +1,9 @@
 ---
 name: "Test Helm Chart"
-# yamllint disable-line rule:line-length
-description: "Action to test a Helm chart. Mainly using [helm/chart-testing-action](https://github.com/helm/chart-testing-action)"
+description: |
+  Action to lint and test installing some Helm chart(s).
+  Mainly using [helm/chart-testing-action](https://github.com/helm/chart-testing-action).
+
 branding:
   icon: check-circle
   color: gray-dark
@@ -41,15 +43,20 @@ inputs:
       See <https://github.com/docker/login-action#usage>.
     default: ${{ github.token }}
     required: false
+  check-diff-only:
+    description: |
+      Only run lint and tests on changed charts.
+    required: false
+    default: "true"
   enable-lint:
     description: |
       Enable linting of the Helm chart.
       See <https://github.com/helm/chart-testing/blob/main/doc/ct_lint.md>.
     required: false
     default: "true"
-  enable-test:
+  enable-install:
     description: |
-      Enable testing of the Helm chart.
+      Enable installing the Helm chart.
       See <https://github.com/helm/chart-testing/blob/main/doc/ct_install.md>.
     required: false
     default: "true"
@@ -58,9 +65,9 @@ runs:
   using: "composite"
   steps:
     - shell: bash
-      if: ${{ inputs.enable-lint != 'true' && inputs.enable-test != 'true' }}
+      if: ${{ inputs.enable-lint != 'true' && inputs.enable-install != 'true' }}
       run: |
-        echo "::error ::At least one of 'enable-lint' or 'enable-test' input must be true"
+        echo "::error ::At least one of 'enable-lint' or 'enable-install' input must be true"
         exit 1
 
     - uses: hoverkraft-tech/ci-github-common/actions/[email protected]
@@ -92,8 +99,6 @@ runs:
         fi
 
     - uses: actions/setup-python@v5
-      with:
-        python-version: "3.12"
 
     - name: Set up chart-testing
       uses: helm/[email protected]
@@ -110,86 +115,109 @@ runs:
           helm repo add $line
         done
 
-    - name: Run chart-testing (lint)
-      if: ${{ inputs.enable-lint == 'true' }}
+    - name: Prepare ct variables
+      id: prepare-ct-variables
       shell: bash
-      working-directory: ${{ inputs.working-directory }}
       run: |
-        LINT_ARGS="--check-version-increment=false --target-branch ${{ github.event.repository.default_branch }}"
+        if [ "${{ inputs.check-diff-only }}" == "true" ]; then
+          if [ "${{ github.event_name }}" == "pull_request" ]; then
+            TARGET_BRANCH="${{ github.event.pull_request.base.ref }}"
+          else
+            TARGET_BRANCH="${{ github.event.repository.default_branch }}"
+          fi
+          CT_ARGS="--target-branch $TARGET_BRANCH"
+        fi
+
         if [ -n "${{ steps.check-ct-yaml.outputs.path }}" ]; then
-          LINT_ARGS="--config ${{ steps.check-ct-yaml.outputs.path }}"
+          CT_ARGS="$CT_ARGS --config ${{ steps.check-ct-yaml.outputs.path }}"
         fi
 
-        ct lint $LINT_ARGS
+        if [ -z "$CT_ARGS" ]; then
+          CT_ARGS="--all"
+        fi
 
-    - name: Create kind cluster
-      if: ${{ inputs.enable-test == 'true' }}
-      uses: helm/[email protected]
+        echo "args=$CT_ARGS" >> "$GITHUB_OUTPUT"
+
+        # Namespace for the test cluster
+        NAMESPACE="test-chart-${{ github.run_id}}-$(uuidgen)"
+        echo "namespace=$NAMESPACE" >> "$GITHUB_OUTPUT"
 
-    - name: Install default registry secrets
-      if: ${{ inputs.enable-test == 'true' }}
+    - name: Run chart-testing (lint)
+      if: ${{ inputs.enable-lint == 'true' }}
       shell: bash
+      working-directory: ${{ inputs.working-directory }}
       run: |
-        echo "DOCKER_REGISTRY=$DOCKER_REGISTRY"
-        echo "DOCKER_USERNAME=${DOCKER_USERNAME: -4}" # last 4 characters
-        echo "DOCKER_PASSWORD=${DOCKER_PASSWORD: -4}" # last 4 characters
-        if [ -n "$DOCKER_USERNAME" ] && [ -n "$DOCKER_PASSWORD" ]; then
-          kubectl create secret docker-registry regcred \
-            --docker-server=$DOCKER_REGISTRY \
-            --docker-username=$DOCKER_USERNAME \
-            --docker-password=$DOCKER_PASSWORD
-        else
-          echo "Docker credentials not provided, skipping secret creation"
-        fi
-      env:
-        DOCKER_REGISTRY: ${{ inputs.oci-registry }}
-        DOCKER_USERNAME: ${{ inputs.oci-registry-username }}
-        DOCKER_PASSWORD: ${{ inputs.oci-registry-password }}
+        ct lint ${{ steps.prepare-ct-variables.outputs.args }}
 
-    - name: Define target branch
-      if: ${{ inputs.enable-test == 'true' }}
-      id: define-target-branch
+    - name: Create kind cluster
+      if: ${{ inputs.enable-install == 'true' }}
+      uses: helm/[email protected]
+
+    - name: Install default OCI registry secrets
+      id: oci-registry-secret
+      if: ${{ inputs.enable-install == 'true' && inputs.oci-registry != '' && inputs.oci-registry-username != '' && inputs.oci-registry-password != '' }}
       shell: bash
       run: |
-        if [ "${{ github.event_name }}" == "pull_request" ]; then
-          TARGET_BRANCH="${{ github.event.pull_request.base.ref }}"
-        else
-          TARGET_BRANCH="${{ github.event.repository.default_branch }}"
-        fi
-        echo "target-branch=$TARGET_BRANCH" >> "$GITHUB_OUTPUT"
+        # See https://kubernetes.io/docs/tasks/configure-pod-container/pull-image-private-registry/
+        NAMESPACE="${{ steps.prepare-ct-variables.outputs.namespace }}"
+        kubectl --context kind-chart-testing create namespace "$NAMESPACE"
+
+        SECRET_NAME="regcred"
+        DOCKER_REGISTRY="${{ inputs.oci-registry }}"
+        DOCKER_USERNAME="${{ inputs.oci-registry-username }}"
+        DOCKER_PASSWORD="${{ inputs.oci-registry-password }}"
+
+        kubectl --context kind-chart-testing create secret docker-registry "$SECRET_NAME" \
+          --namespace="$NAMESPACE" \
+          --docker-server=$DOCKER_REGISTRY \
+          --docker-username=$DOCKER_USERNAME \
+          --docker-password=$DOCKER_PASSWORD
+
+        echo "oci-registry-secret=$SECRET_NAME" >> "$GITHUB_OUTPUT"
 
     - name: Run chart-testing (install)
-      if: ${{ inputs.enable-test == 'true' }}
+      if: ${{ inputs.enable-install == 'true' }}
       shell: bash
       working-directory: ${{ inputs.working-directory }}
       env:
         HELM_EXPERIMENTAL_OCI: true
       run: |
-        HELM_SET="${{ inputs.helm-set }}"
-        HELM_EXTRA_SET_ARGS="imagePullSecrets[0].name=regcred"
+        NAMESPACE="${{ steps.prepare-ct-variables.outputs.namespace }}"
+
+        HELM_SET="namespace=$NAMESPACE
+        ${{ inputs.helm-set }}"
+
+        OCI_REGISTRY_SECRET="${{ steps.oci-registry-secret.outputs.oci-registry-secret }}"
+        if [ -n "$OCI_REGISTRY_SECRET" ]; then
+          # Ensure secret exists
+          kubectl --context kind-chart-testing get secret "$OCI_REGISTRY_SECRET" --output=yaml --namespace=$NAMESPACE
+
+          HELM_SET="$HELM_SET
+          imagePullSecrets[0].name=${OCI_REGISTRY_SECRET}"
+        fi
+
+        HELM_EXTRA_SET_ARGS=""
         if [ -n "$HELM_SET" ]; then
           IFS=$'\n' read -r -d '' -a lines <<< "$HELM_SET" || true
-
           for line in "${lines[@]}"; do
             if [ -z "$line" ]; then
               continue
             fi
             # Escape commas in the line
             line=$(echo "$line" | sed 's/,/\\,/g') || true
-            HELM_EXTRA_SET_ARGS+=",${line}"
-          done
 
-          # Format HELM_EXTRA_SET_ARGS for helm command
-          if [ -n "$HELM_EXTRA_SET_ARGS" ]; then
-            HELM_EXTRA_SET_ARGS="--set ${HELM_EXTRA_SET_ARGS:1}"
-          fi
+            if [ -n "$HELM_EXTRA_SET_ARGS" ]; then
+              HELM_EXTRA_SET_ARGS="${HELM_EXTRA_SET_ARGS},"
+            fi
 
-          echo "::debug::helm-extra-set-args: $HELM_EXTRA_SET_ARGS"
+            HELM_EXTRA_SET_ARGS="${HELM_EXTRA_SET_ARGS}${line}"
+          done
         fi
 
-        TARGET_BRANCH="${{ steps.define-target-branch.outputs.target-branch }}"
+        HELM_EXTRA_SET_ARGS="--set=${HELM_EXTRA_SET_ARGS}"
+
+        echo "::debug::ct install ${{ steps.prepare-ct-variables.outputs.args }} --helm-extra-set-args ${HELM_EXTRA_SET_ARGS}"
 
-        ct install \
-          --target-branch "$TARGET_BRANCH" \
-          --helm-extra-args "--wait" \
-          --helm-extra-set-args "$HELM_EXTRA_SET_ARGS"
+        ct install ${{ steps.prepare-ct-variables.outputs.args }} \
+          --namespace $NAMESPACE \
+          --helm-extra-set-args ${HELM_EXTRA_SET_ARGS}

tests/application/Dockerfile

@@ -1,10 +1,18 @@
 FROM scratch AS base
 
-HEALTHCHECK --interval=5s --timeout=3s --retries=3 CMD ["/healthcheck"]
-
 USER test
 
-FROM base AS prod
+FROM nginx:1-alpine AS prod
+
+HEALTHCHECK --interval=5s --timeout=3s --retries=3 CMD ["curl", "-f", "http://localhost:8080/health/check"]
+
+# Configure nginx to listen on port 8080
+RUN sed -i 's/listen       80;/listen       8080;/' /etc/nginx/conf.d/default.conf
+
+# Create a hmtl page for healthcheck
+RUN mkdir -p /usr/share/nginx/html/health/check && echo "<html><body><h1>OK</h1></body></html>" > /usr/share/nginx/html/health/check/index.html
+
+EXPOSE 8080
 
 FROM alpine:3 AS test