Merge cert-manager-feature-branch into master (#166)

Co-authored-by: Prafull Ladha <prafull.ladha@gmail.com>
Co-authored-by: Yandu Oppacher <yandu@cockroachlabs.com>

Author: 3 people

.github/workflows/build.yaml

@@ -0,0 +1,57 @@
+name: Helm Chart Build
+on:
+  push:
+    branches:
+      - 'master'
+      - 'cert-manager-feature-branch'
+    tags:
+      - 'v*.*.*'
+
+jobs:
+
+  needs-build:
+    name: is-building-self-signer-utility-required
+    runs-on: ubuntu-latest
+    outputs:
+      tagChange: ${{ steps.changetag.outputs.tagChange }}
+    steps:
+      - name: Checkout sources
+        uses: actions/checkout@v2
+        with:
+          fetch-depth: 2
+
+      - name: Install yq
+        run: make install-yq
+
+      - name: Check Tag Change
+        id: changetag
+        shell: bash
+        run: |
+          ./build/self-signer-utility.sh
+          if [[ $? -eq 0 ]]; then
+            echo ::set-output name=tagChange::true
+          fi
+
+
+  # Post job to build and push the self signer utility whenever any PR gets merged
+  post-build:
+    name: build-self-signer-cert-utility
+    runs-on: ubuntu-latest
+    needs: needs-build
+    if: (needs.needs-build.outputs.tagChange == 'true')
+    steps:
+      - name: Checkout sources
+        uses: actions/checkout@v2
+
+      - name: Login to GCR
+        uses: docker/login-action@v1
+        with:
+          registry: gcr.io
+          username: _json_key
+          password: ${{ secrets.GCR_HELM_CHART_SA_JSON }}
+
+      - name: Build Self-signer
+        run: make build-self-signer
+
+      - name: Push Self-signer
+        run: make push-self-signer

.github/workflows/ci.yaml

@@ -0,0 +1,178 @@
+name: Helm Chart Package CI
+on:
+  pull_request:
+    branches:
+      - 'master'
+      - 'cert-manager-feature-branch'
+
+jobs:
+
+
+  detect-self-signer-change:
+    name: is-self-signer-changed
+    runs-on: ubuntu-latest
+    outputs:
+      certUtility: ${{ steps.filter.outputs.certUtility }}
+    steps:
+      - name: Checkout sources
+        uses: actions/checkout@v2
+        with:
+          fetch-depth: 2
+          ref: ${{github.event.pull_request.head.ref}}
+          repository: ${{github.event.pull_request.head.repo.full_name}}
+
+      - name: Verify Changed files
+        uses: dorny/paths-filter@v2
+        id: filter
+        with:
+          filters: |
+              certUtility: &certUtility
+              - 'pkg/**'
+              - 'cmd/**'
+
+  # pre job run golangci-lint
+  go-lint:
+    name: 'Golint'
+    runs-on: ubuntu-latest
+    needs: detect-self-signer-change
+    if: (needs.detect-self-signer-change.outputs.certUtility == 'true')
+    steps:
+      - name: Checkout sources
+        uses: actions/checkout@v2
+        with:
+          ref: ${{github.event.pull_request.head.ref}}
+          repository: ${{github.event.pull_request.head.repo.full_name}}
+
+      - name: Run golangci-lint
+        uses: golangci/golangci-lint-action@v2
+        with:
+          version: v1.30
+          working-directory: .
+          args: --timeout=5m
+
+  # pre job to run helm lint
+  helm:
+    name: HelmLint
+    runs-on: ubuntu-20.04
+    steps:
+      - name: Checkout sources
+        uses: actions/checkout@v2
+        with:
+          ref: ${{github.event.pull_request.head.ref}}
+          repository: ${{github.event.pull_request.head.repo.full_name}}
+
+      - name: Get repositories
+        uses: hiberbee/github-action-helm@latest
+
+      - name: Lint chart
+        run: helm lint cockroachdb
+        working-directory: .
+
+  # pre job to run the unit tests
+  unitTest:
+    name: UnitTest
+    runs-on: ubuntu-latest
+    steps:
+      - name: Checkout sources
+        uses: actions/checkout@v2
+        with:
+          ref: ${{github.event.pull_request.head.ref}}
+          repository: ${{github.event.pull_request.head.repo.full_name}}
+
+      - name: Setup Go
+        uses: actions/setup-go@v2
+        with:
+          go-version: 1.15
+
+      - name: Install cockroach binary
+        run: make install-cockroach
+ 
+      - name: HelmTemplate
+        run: go test -v ./tests/template/...
+
+      - name: Unit
+        run: go test -v ./pkg/...
+
+  self-signer-tag-change:
+    name: Tag Change
+    runs-on: ubuntu-latest
+    needs: detect-self-signer-change
+    if: (needs.detect-self-signer-change.outputs.certUtility == 'true')
+    steps:
+      - name: Checkout
+        uses: actions/checkout@v2
+        with:
+          fetch-depth: 2
+          ref: ${{github.event.pull_request.head.ref}}
+          repository: ${{github.event.pull_request.head.repo.full_name}}
+
+      - name: Install yq
+        run: make install-yq
+
+      - name: Verify tag change
+        run: |
+          ./build/self-signer-utility.sh
+          if [[ $? -ne 0 ]]; then
+            exit 1
+          fi
+
+  # pre job to run helm e2e tests
+  helm-install-e2e:
+    name: Helm-E2E-Test
+    runs-on: ubuntu-latest
+    steps:
+      - name: Checkout sources
+        uses: actions/checkout@v2
+        with:
+          ref: ${{github.event.pull_request.head.ref}}
+          repository: ${{github.event.pull_request.head.repo.full_name}}
+
+      - name: Install Kind
+        uses: helm/kind-action@v1.2.0
+
+      - name: Install cockroach binary
+        run: make install-cockroach
+
+      - name: Build Self-signer
+        run: make build-self-signer
+
+      - name: Load docker images to kind
+        run: make load-docker-image-to-kind
+
+      - name: Setup Go
+        uses: actions/setup-go@v2
+        with:
+          go-version: 1.15
+
+      - name: Run E2E Test
+        run: go test -v ./tests/e2e/install/...
+
+  helm-rotate-cert-e2e:
+    name: Helm-rotate-cert-Test
+    runs-on: ubuntu-latest
+    steps:
+      - name: Checkout sources
+        uses: actions/checkout@v2
+        with:
+          ref: ${{github.event.pull_request.head.ref}}
+          repository: ${{github.event.pull_request.head.repo.full_name}}
+
+      - name: Install Kind
+        uses: helm/kind-action@v1.2.0
+
+      - name: Install cockroach binary
+        run: make install-cockroach
+
+      - name: Build Self-signer
+        run: make build-self-signer
+
+      - name: Load docker images to kind
+        run: make load-docker-image-to-kind
+
+      - name: Setup Go
+        uses: actions/setup-go@v2
+        with:
+          go-version: 1.15
+
+      - name: Run E2E Test
+        run: go test -v ./tests/e2e/rotate/...

Makefile

@@ -1,3 +1,5 @@
+REPOSITORY ?= gcr.io/cockroachlabs-helm-charts/cockroach-self-signer-cert
+
 .DEFAULT_GOAL := all
 all: build
 
@@ -16,3 +18,33 @@ release:
 .PHONY: clean
 clean:
 	rm -r build/artifacts/
+
+get-tag: install-yq
+	yq r ./cockroachdb/values.yaml 'tls.selfSigner.image.tag'
+
+build-self-signer: install-yq
+	$(eval TAG=$(shell yq r ./cockroachdb/values.yaml 'tls.selfSigner.image.tag'))
+	docker build -f build/docker-image/Dockerfile -t ${REPOSITORY}:${TAG} .
+
+push-self-signer:
+	$(eval TAG=$(shell yq r ./cockroachdb/values.yaml 'tls.selfSigner.image.tag'))
+	docker push ${REPOSITORY}:${TAG}
+
+install-yq:
+	curl -Lo yq https://github.com/mikefarah/yq/releases/download/2.2.1/yq_linux_amd64 && \
+	chmod +x yq && sudo mv yq /usr/bin/
+
+install-cockroach:
+	sudo apt-get install wget -y
+	wget https://binaries.cockroachdb.com/cockroach-v20.2.5.linux-amd64.tgz
+	tar zxf cockroach-v20.2.5.linux-amd64.tgz
+	sudo cp cockroach-v20.2.5.linux-amd64/cockroach /usr/local/bin/
+
+load-docker-image-to-kind:
+	$(eval TAG=$(shell yq r ./cockroachdb/values.yaml 'tls.selfSigner.image.tag'))
+	wget https://kind.sigs.k8s.io/dl/v0.11.1/kind-linux-amd64
+	sudo mv kind-linux-amd64 /usr/local/bin/kind
+	sudo chmod +x /usr/local/bin/kind
+	docker pull cockroachdb/cockroach:v21.1.1
+	kind load docker-image ${REPOSITORY}:${TAG} --name chart-testing
+	kind load docker-image cockroachdb/cockroach:v21.1.1 --name chart-testing