feat: add probot chart

Signed-off-by: Andrew Ellis <[email protected]>

.github/workflows/lint-test.yml

@@ -37,11 +37,38 @@ jobs:
       - name: Set up chart-testing
         uses: helm/[email protected]
 
+      - name: Scaffold Kind Config
+        run: |
+          mkdir /tmp/kind
+          cat <<EOF > /tmp/kind/config.json
+          {
+            "auths": { "us-central1-docker.pkg.dev": {} }
+          }
+          EOF
+
+      - name: Authenticate With Google
+        uses: docker/login-action@v1
+        env:
+          DOCKER_CONFIG: /tmp/kind
+        with:
+          registry: us-central1-docker.pkg.dev
+          username: _json_key
+          password: ${{ secrets.ARTIFACT_REGISTRY_SERVICE_ACCOUNT }}
+
       - name: Create kind cluster
         uses: helm/[email protected]
         with:
           # We need to support K8S v1.18 until we're off the old infra.
+          cluster_name: kind
           node_image: kindest/node:v1.18.19
 
+      - name: Copy Docker Config to Kind
+        run: |
+          for node in $(kind get nodes --name "kind"); do
+            node_name=${node#node/}
+            docker cp /tmp/kind/config.json "${node_name}:/var/lib/kubelet/config.json"
+            docker exec "${node_name}" systemctl restart kubelet.service
+          done
+
       - name: Run chart-testing (install)
         run: ct install --config .github/ct-install.yaml

charts/probot/.helmignore

@@ -0,0 +1,23 @@
+# Patterns to ignore when building packages.
+# This supports shell glob matching, relative path matching, and
+# negation (prefixed with !). Only one pattern per line.
+.DS_Store
+# Common VCS dirs
+.git/
+.gitignore
+.bzr/
+.bzrignore
+.hg/
+.hgignore
+.svn/
+# Common backup files
+*.swp
+*.bak
+*.tmp
+*.orig
+*~
+# Various IDEs
+.project
+.idea/
+*.tmproj
+.vscode/

charts/probot/Chart.lock

@@ -0,0 +1,6 @@
+dependencies:
+- name: common
+  repository: https://fluidtruck.github.io/helm-charts
+  version: 1.1.1
+digest: sha256:cd4e2293072287dad1f03f80def0b465954debb45ba84cefe16f1366c830b18e
+generated: "2021-11-04T15:56:31.856072-06:00"

charts/probot/Chart.yaml

@@ -0,0 +1,18 @@
+apiVersion: v2
+name: probot
+description: A chart for deploying Probot apps.
+icon: https://probot.github.io/assets/img/logo.png
+version: 1.0.0
+appVersion: 12.1.1
+type: application
+keywords:
+  - probot
+maintainers:
+  - name: devops
+    email: [email protected]
+dependencies:
+  - name: common
+    repository: https://fluidtruck.github.io/helm-charts
+    tags:
+      - fluidtruck-common
+    version: 1.x.x

charts/probot/README.md

@@ -0,0 +1,66 @@
+# probot
+
+Installs a Probot image onto a Kubernetes cluster.
+
+## Prerequisites
+
+- Kubernetes 1.20+
+- Helm 3+
+
+## Get Repo Info
+
+```console
+helm repo add fluidtruck https://fluidtruck.github.io/helm-charts
+helm repo update
+```
+
+_See [helm repo](https://helm.sh/docs/helm/helm_repo/) for command documentation._
+
+## Install Chart
+
+```console
+# Helm
+$ helm install [RELEASE_NAME] fluidtruck/probot
+```
+
+_See [configuration](#configuration) below._
+
+_See [helm install](https://helm.sh/docs/helm/helm_install/) for command documentation._
+
+## Uninstall Chart
+
+```console
+# Helm
+$ helm uninstall [RELEASE_NAME]
+```
+
+This removes all the Kubernetes components associated with the chart and deletes the release.
+
+_See [helm uninstall](https://helm.sh/docs/helm/helm_uninstall/) for command documentation._
+
+## Upgrading Chart
+
+```console
+# Helm
+$ helm upgrade [RELEASE_NAME] fluidtruck/probot
+```
+
+_See [helm upgrade](https://helm.sh/docs/helm/helm_upgrade/) for command documentation._
+
+### Upgrading an existing Release to a new major version
+
+A major chart version change (like v1.2.3 -> v2.0.0) indicates that there is an incompatible breaking change needing manual actions.
+
+### From 1.x to 2.x
+
+This has not happened yet; so a placeholder will exist here until then.
+
+## Configuration
+
+See [Customizing the Chart Before Installing](https://helm.sh/docs/intro/using_helm/#customizing-the-chart-before-installing). To see all configurable options with detailed comments:
+
+```console
+helm show values fluidtruck/probot
+```
+
+You may also `helm show values` on this chart's [dependencies](#dependencies) for additional options.

charts/probot/ci/default-values.yaml

@@ -0,0 +1 @@
+# Leave this file empty to ensure that CI runs builds against the default configuration in values.yaml.

charts/probot/ci/with-envvars-values.yaml

@@ -0,0 +1,6 @@
+envVars:
+  BOOLEAN_TEST: true
+  NUMBER_TEST: 99
+  FLOAT_TEST: 0.2
+  STRING_TEST: "test"
+  TEMPLATE_TEST: "{{ .Release.Name }}-test"

charts/probot/ci/with-hpa-values.yaml

@@ -0,0 +1,2 @@
+hpa:
+  enabled: true

charts/probot/ci/with-ingress-values.yaml

@@ -0,0 +1,6 @@
+ingress:
+  enabled: true
+  hostname: "{{ .Release.Name }}.local"
+  tls:
+    enabled: true
+    issuer: "testing"

charts/probot/ci/with-vault-values.yaml

@@ -0,0 +1,11 @@
+vault:
+  enabled: true
+  secrets:
+    - name: env
+      path: "secret/data/env"
+      value: |-
+        export NEWRELIC_LICENSE="{{ .Data.data.NEWRELIC_LICENSE }}"
+    - name: db-creds
+      path: "secret/data/db"
+      value: |-
+        export POSTGRES_URL="postgresql://{{ .Data.data.PGUSER }}:{{ .Data.data.PGPASSWORD }}@postgres/{{ .Data.data.PGDATABASE }}"

charts/probot/templates/NOTES.txt

@@ -0,0 +1,16 @@
+{{- if .Values.ingress.enabled }}
+{{- $protocol := ternary "https" "http" .Values.ingress.tls.enabled }}
+To access your application using your browser, open the following URL(s):
+  {{ $protocol }}://{{ tpl .Values.ingress.hostname . }}
+
+{{- end }}
+
+To access your application using kubectl port forwarding, use the following command:
+
+  kubectl port-forward --namespace {{ .Release.Namespace }} svc/{{ template "common.names.fullname" . }} 8080:{{ .Values.service.port }}
+
+Then access your application using your browser, open the following URL:
+
+  http://127.0.0.1:8080
+
+{{- include "probot.validateValues" . }}

charts/probot/templates/_helpers.tpl

@@ -0,0 +1,26 @@
+{{/*
+Return the proper image name
+*/}}
+{{- define "probot.image" -}}
+{{- include "common.images.image" (dict "imageRoot" .Values.image) -}}
+{{- end -}}
+
+{{/*
+Return the proper Docker Image Registry Secret Names
+*/}}
+{{- define "probot.imagePullSecrets" -}}
+{{- include "common.images.pullSecrets" (dict "images" (list .Values.image)) -}}
+{{- end -}}
+
+{{/*
+Compile all warnings into a single message, and call fail.
+*/}}
+{{- define "probot.validateValues" -}}
+{{- $messages := list -}}
+{{- $messages := without $messages "" -}}
+{{- $message := join "\n" $messages -}}
+
+{{- if $message -}}
+{{-   printf "\nVALUES VALIDATION:\n%s" $message | fail -}}
+{{- end -}}
+{{- end -}}

charts/probot/templates/deployment.yaml

@@ -0,0 +1,110 @@
+apiVersion: {{ include "common.capabilities.deployment.apiVersion" . }}
+kind: Deployment
+metadata:
+  name: {{ template "common.names.fullname" . }}
+  labels: {{- include "common.labels.standard" . | nindent 4 }}
+    {{- if .Values.commonLabels }}
+    {{- include "common.tplvalues.render" ( dict "value" .Values.commonLabels "context" $ ) | nindent 4 }}
+    {{- end }}
+  {{- if .Values.commonAnnotations }}
+  annotations:
+    {{- if .Values.commonAnnotations }}
+    {{- include "common.tplvalues.render" ( dict "value" .Values.commonAnnotations "context" $ ) | nindent 4 }}
+    {{- end }}
+  {{- end }}
+spec:
+  selector:
+    matchLabels: {{- include "common.labels.matchLabels" . | nindent 6 }}
+  replicas: 1
+  {{- if .Values.strategy }}
+  strategy: {{- include "common.tplvalues.render" ( dict "value" .Values.strategy "context" $ ) | nindent 4 }}
+  {{- end }}
+  template:
+    metadata:
+      annotations:
+        rollme: {{ randAlphaNum 5 | quote }}
+        {{- if .Values.podAnnotations }}
+        {{- include "common.tplvalues.render" (dict "value" .Values.podAnnotations "context" $) | nindent 8 }}
+        {{- end }}
+        {{- if .Values.vault.enabled }}
+        vault.hashicorp.com/role: {{ tpl .Values.vault.role . | quote }}
+        vault.hashicorp.com/agent-inject: "true"
+        {{- range .Values.vault.secrets -}}
+        {{- printf "vault.hashicorp.com/agent-inject-secret-%s: \"%s\"" .name .path | nindent 8 }}
+        {{- printf "vault.hashicorp.com/agent-inject-template-%s: |" .name | nindent 8 }}
+          {{ printf "{{- with secret \"%s\" -}}" .path }}
+          {{ .value | default (printf "{{- range $k, $v := .Data.data -}}\n   export {{ $k }}=\"{{ $v }}\"\n{{ end -}}") | indent 10 | trim  }}
+          {{ printf "{{- end -}}" }}
+        {{- end }}
+        {{- end }}
+      labels: {{- include "common.labels.standard" . | nindent 8 }}
+        {{- if .Values.podLabels }}
+        {{- include "common.tplvalues.render" (dict "value" .Values.podLabels "context" $) | nindent 8 }}
+        {{- end }}
+    spec:
+      {{- include "probot.imagePullSecrets" . | nindent 6 }}
+      {{- if .Values.affinity }}
+      affinity: {{- include "common.tplvalues.render" (dict "value" .Values.affinity "context" $) | nindent 8 }}
+      {{- end }}
+      {{- if .Values.nodeSelector }}
+      nodeSelector: {{- include "common.tplvalues.render" (dict "value" .Values.nodeSelector "context" $) | nindent 8 }}
+      {{- end }}
+      {{- if .Values.tolerations }}
+      tolerations: {{- include "common.tplvalues.render" (dict "value" .Values.tolerations "context" $) | nindent 8 }}
+      {{- end }}
+      {{- if .Values.podSecurityContext.enabled }}
+      securityContext: {{- omit .Values.podSecurityContext "enabled" | toYaml | nindent 8 }}
+      {{- end }}
+      {{- if .Values.terminationGracePeriodSeconds }}
+      terminationGracePeriodSeconds: {{ .Values.terminationGracePeriodSeconds }}
+      {{- end }}
+      serviceAccountName: {{ include "common.names.fullname" . }}
+      containers:
+        - name: app
+          image: {{ template "probot.image" . }}
+          imagePullPolicy: {{ .Values.image.pullPolicy | quote }}
+          {{- if .Values.containerSecurityContext.enabled }}
+          securityContext: {{- omit .Values.containerSecurityContext "enabled" | toYaml | nindent 12 }}
+          {{- end }}
+          env:
+            {{- range $key, $value := .Values.envVars }}
+            - name: {{ $key }}
+              {{- if or (typeIs "string" $value) (typeIs "float64" $value) (typeIs "bool" $value) }}
+              value: {{ include "common.tplvalues.render" (dict "value" $value "context" $) | quote }}
+              {{- else }}
+              {{- include "common.tplvalues.render" (dict "value" $value "context" $) | nindent 14 }}
+              {{- end }}
+            {{- end }}
+          envFrom:
+            {{- if .Values.envVarsCM }}
+            - configMapRef:
+                name: {{ include "common.tplvalues.render" (dict "value" .Values.envVarsCM "context" $) }}
+            {{- end }}
+            {{- if .Values.envVarsSecret }}
+            - secretRef:
+                name: {{ include "common.tplvalues.render" (dict "value" .Values.envVarsSecret "context" $) }}
+            {{- end }}
+          ports:
+            - name: http
+              containerPort: {{ .Values.applicationPort }}
+          livenessProbe:
+            httpGet:
+              path: /
+              port: http
+            initialDelaySeconds: 30
+            periodSeconds: 10
+            timeoutSeconds: 5
+            successThreshold: 1
+            failureThreshold: 6
+          readinessProbe:
+            httpGet:
+              path: /
+              port: http
+            initialDelaySeconds: 10
+            periodSeconds: 5
+            timeoutSeconds: 3
+            successThreshold: 1
+            failureThreshold: 3
+          {{- if .Values.resources }}
+          resources: {{- toYaml .Values.resources | nindent 12 }}
+          {{- end }}

charts/probot/templates/hpa.yaml

@@ -0,0 +1,27 @@
+{{- if .Values.hpa.enabled }}
+apiVersion: autoscaling/v1
+kind: HorizontalPodAutoscaler
+metadata:
+  name: {{ template "common.names.fullname" . }}
+  labels: {{- include "common.labels.standard" . | nindent 4 }}
+    {{- if .Values.commonLabels }}
+    {{- include "common.tplvalues.render" ( dict "value" .Values.commonLabels "context" $ ) | nindent 4 }}
+    {{- end }}
+  {{- if or .Values.hpa.annotations .Values.commonAnnotations }}
+  annotations:
+    {{- if .Values.hpa.annotations }}
+    {{- include "common.tplvalues.render" ( dict "value" .Values.hpa.annotations "context" $) | nindent 4 }}
+    {{- end }}
+    {{- if .Values.commonAnnotations }}
+    {{- include "common.tplvalues.render" ( dict "value" .Values.commonAnnotations "context" $) | nindent 4 }}
+    {{- end }}
+  {{- end }}
+spec:
+  scaleTargetRef:
+    apiVersion: {{ include "common.capabilities.deployment.apiVersion" . }}
+    kind: Deployment
+    name: {{ template "common.names.fullname" . }}
+  minReplicas: {{ .Values.hpa.minReplicas }}
+  maxReplicas: {{ .Values.hpa.maxReplicas }}
+  targetCPUUtilizationPercentage: {{ .Values.hpa.targetCPUUtilizationPercentage }}
+{{- end }}