From d94e87c5570e71b5460d328eaf905f736ca13baa Mon Sep 17 00:00:00 2001 From: vik Date: Mon, 26 May 2025 11:20:04 +1000 Subject: [PATCH] fix pipeline --- .github/workflows/auto-tag.yml | 10 +++++----- .github/workflows/helm-release.yml | 14 +++++++------- .github/workflows/pr-validation.yml | 16 ++++++++-------- .../nullify-k8s-collector/templates/NOTES.txt | 4 ++-- .../nullify-k8s-collector/templates/_helpers.tpl | 4 ++-- .../templates/clusterrole.yaml | 2 +- .../templates/clusterrolebinding.yaml | 4 ++-- .../nullify-k8s-collector/templates/cronjob.yaml | 6 +++--- .../templates/namespace.yaml | 2 +- .../templates/pre-install-job.yaml | 4 ++-- 10 files changed, 33 insertions(+), 33 deletions(-) diff --git a/.github/workflows/auto-tag.yml b/.github/workflows/auto-tag.yml index 619e64b..8f041d1 100644 --- a/.github/workflows/auto-tag.yml +++ b/.github/workflows/auto-tag.yml @@ -4,7 +4,7 @@ on: push: branches: [ main ] paths: - - 'charts/nullify-k8s-collector/Chart.yaml' + - 'aws-integration-setup/charts/nullify-k8s-collector/Chart.yaml' jobs: tag-release: @@ -18,7 +18,7 @@ jobs: - name: Get Chart Version id: chart-version run: | - version=$(grep '^version:' charts/nullify-k8s-collector/Chart.yaml | awk '{print $2}' | tr -d '"') + version=$(grep '^version:' aws-integration-setup/charts/nullify-k8s-collector/Chart.yaml | awk '{print $2}' | tr -d '"') echo "version=$version" >> $GITHUB_OUTPUT echo "tag=v$version" >> $GITHUB_OUTPUT @@ -38,8 +38,8 @@ jobs: git config user.email "github-actions[bot]@users.noreply.github.com" # Create annotated tag with chart information - app_version=$(grep '^appVersion:' charts/nullify-k8s-collector/Chart.yaml | awk '{print $2}' | tr -d '"') - description=$(grep '^description:' charts/nullify-k8s-collector/Chart.yaml | cut -d':' -f2- | xargs) + app_version=$(grep '^appVersion:' aws-integration-setup/charts/nullify-k8s-collector/Chart.yaml | awk '{print $2}' | tr -d '"') + description=$(grep '^description:' aws-integration-setup/charts/nullify-k8s-collector/Chart.yaml | cut -d':' -f2- | xargs) git tag -a ${{ steps.chart-version.outputs.tag }} -m "Release ${{ steps.chart-version.outputs.tag }} - Chart Version: ${{ steps.chart-version.outputs.version }}" git push origin ${{ steps.chart-version.outputs.tag }} @@ -70,6 +70,6 @@ jobs: - [Installation Guide](https://github.com/${{ github.repository }}/blob/main/README.md) - [Security Guidelines](https://github.com/${{ github.repository }}/blob/main/SECURITY.md) - - [Chart Values](https://github.com/${{ github.repository }}/blob/main/charts/nullify-k8s-collector/values.yaml) + - [Chart Values](https://github.com/${{ github.repository }}/blob/main/aws-integration-setup/charts/nullify-k8s-collector/values.yaml) draft: false prerelease: false \ No newline at end of file diff --git a/.github/workflows/helm-release.yml b/.github/workflows/helm-release.yml index dc1db34..9e583ce 100644 --- a/.github/workflows/helm-release.yml +++ b/.github/workflows/helm-release.yml @@ -4,7 +4,7 @@ on: push: branches: [ main ] paths: - - 'charts/**' + - 'aws-integration-setup/charts/**' - '.github/workflows/helm-release.yml' workflow_dispatch: @@ -47,7 +47,7 @@ jobs: mkdir -p docs # Package the chart - helm package charts/nullify-k8s-collector -d docs/ + helm package aws-integration-setup/charts/nullify-k8s-collector -d docs/ # Generate/update the index helm repo index docs/ --url https://${{ github.repository_owner }}.github.io/${{ github.event.repository.name }}/ @@ -77,25 +77,25 @@ jobs: - name: Validate Helm Chart run: | - helm lint charts/nullify-k8s-collector - helm template charts/nullify-k8s-collector --debug + helm lint aws-integration-setup/charts/nullify-k8s-collector + helm template aws-integration-setup/charts/nullify-k8s-collector --debug - name: Check for sensitive data run: | echo "🔍 Checking for sensitive data in chart..." # Check for real account IDs, ARNs, bucket names - if grep -r "arn:aws:iam::[0-9]\{12\}:role/" charts/ --exclude-dir=.git; then + if grep -r "arn:aws:iam::[0-9]\{12\}:role/" aws-integration-setup/charts/ --exclude-dir=.git; then echo "❌ Found real AWS ARN in chart files" exit 1 fi - if grep -r "nullify-.*-death-star" charts/ --exclude-dir=.git; then + if grep -r "nullify-.*-death-star" aws-integration-setup/charts/ --exclude-dir=.git; then echo "❌ Found real Nullify bucket names in chart files" exit 1 fi - if grep -r "[0-9]\{12\}" charts/ --exclude-dir=.git | grep -v "123456789012"; then + if grep -r "[0-9]\{12\}" aws-integration-setup/charts/ --exclude-dir=.git | grep -v "123456789012"; then echo "❌ Found potential real AWS account ID in chart files" exit 1 fi diff --git a/.github/workflows/pr-validation.yml b/.github/workflows/pr-validation.yml index b448e51..eb3c8a7 100644 --- a/.github/workflows/pr-validation.yml +++ b/.github/workflows/pr-validation.yml @@ -4,7 +4,7 @@ on: pull_request: branches: [ main ] paths: - - 'charts/**' + - 'aws-integration-setup/charts/**' - 'docs/**' - '.github/workflows/**' @@ -23,12 +23,12 @@ jobs: - name: Lint Helm Chart run: | echo "🔍 Linting Helm chart..." - helm lint charts/nullify-k8s-collector + helm lint aws-integration-setup/charts/nullify-k8s-collector - name: Validate Helm Templates run: | echo "🔍 Validating Helm templates..." - helm template test-release charts/nullify-k8s-collector \ + helm template test-release aws-integration-setup/charts/nullify-k8s-collector \ --set collector.s3.bucket="test-bucket" \ --set serviceAccount.annotations."eks\.amazonaws\.com/role-arn"="arn:aws:iam::123456789012:role/test-role" \ --debug @@ -36,7 +36,7 @@ jobs: - name: Test Chart Installation (dry-run) run: | echo "🔍 Testing chart installation..." - helm install test-release charts/nullify-k8s-collector \ + helm install test-release aws-integration-setup/charts/nullify-k8s-collector \ --set collector.s3.bucket="test-bucket" \ --set serviceAccount.annotations."eks\.amazonaws\.com/role-arn"="arn:aws:iam::123456789012:role/test-role" \ --dry-run --debug @@ -52,21 +52,21 @@ jobs: echo "🔍 Checking for sensitive data..." # Check for real AWS account IDs (but allow example ones) - if grep -r "arn:aws:iam::[0-9]\{12\}:role/" charts/ --exclude-dir=.git | grep -v "123456789012" | grep -v "NULLIFY-ACCOUNT" | grep -v "YOUR-ACCOUNT"; then + if grep -r "arn:aws:iam::[0-9]\{12\}:role/" aws-integration-setup/charts/ --exclude-dir=.git | grep -v "123456789012" | grep -v "NULLIFY-ACCOUNT" | grep -v "YOUR-ACCOUNT"; then echo "❌ Found potentially real AWS ARN in chart files" exit 1 fi # Check for real Nullify bucket names - if grep -r "nullify-.*-death-star" charts/ --exclude-dir=.git; then + if grep -r "nullify-.*-death-star" aws-integration-setup/charts/ --exclude-dir=.git; then echo "❌ Found real Nullify bucket names in chart files" exit 1 fi # Check for common secrets - if grep -ri "password\|secret\|key" charts/ --exclude-dir=.git | grep -v "YOUR-" | grep -v "NULLIFY-" | grep -v "example" | grep -v "placeholder"; then + if grep -ri "password\|secret\|key" aws-integration-setup/charts/ --exclude-dir=.git | grep -v "YOUR-" | grep -v "NULLIFY-" | grep -v "example" | grep -v "placeholder"; then echo "⚠️ Found potential secrets - please review:" - grep -ri "password\|secret\|key" charts/ --exclude-dir=.git | grep -v "YOUR-" | grep -v "NULLIFY-" | grep -v "example" | grep -v "placeholder" + grep -ri "password\|secret\|key" aws-integration-setup/charts/ --exclude-dir=.git | grep -v "YOUR-" | grep -v "NULLIFY-" | grep -v "example" | grep -v "placeholder" fi echo "✅ Security check completed" diff --git a/aws-integration-setup/charts/nullify-k8s-collector/templates/NOTES.txt b/aws-integration-setup/charts/nullify-k8s-collector/templates/NOTES.txt index 7457a92..e1d548d 100644 --- a/aws-integration-setup/charts/nullify-k8s-collector/templates/NOTES.txt +++ b/aws-integration-setup/charts/nullify-k8s-collector/templates/NOTES.txt @@ -20,11 +20,11 @@ The data collected includes (but is not limited to): - AWS Region: {{ .Values.collector.aws.region }} - Schedule: {{ .Values.collector.schedule }} -{{- if .Values.collector.dataCollection.excludeNamespaces }} +{{- if and .Values.collector.dataCollection .Values.collector.dataCollection.excludeNamespaces }} - Excluded Namespaces: {{ .Values.collector.dataCollection.excludeNamespaces }} {{- end }} -{{- if .Values.collector.dataCollection.metadataOnly }} +{{- if and .Values.collector.dataCollection .Values.collector.dataCollection.metadataOnly }} - Collection Mode: Metadata only (no resource content) {{- else }} - Collection Mode: Full resource data diff --git a/aws-integration-setup/charts/nullify-k8s-collector/templates/_helpers.tpl b/aws-integration-setup/charts/nullify-k8s-collector/templates/_helpers.tpl index bd875f5..569d56c 100644 --- a/aws-integration-setup/charts/nullify-k8s-collector/templates/_helpers.tpl +++ b/aws-integration-setup/charts/nullify-k8s-collector/templates/_helpers.tpl @@ -54,9 +54,9 @@ app.kubernetes.io/instance: {{ .Release.Name }} {{/* Create the name of the service account to use */}} -{{- define "k8s-info-collector.serviceAccountName" -}} +{{- define "k8s-collector.serviceAccountName" -}} {{- if .Values.serviceAccount.create }} -{{- default (include "k8s-info-collector.fullname" .) .Values.serviceAccount.name }} +{{- default (include "k8s-collector.fullname" .) .Values.serviceAccount.name }} {{- else }} {{- default "default" .Values.serviceAccount.name }} {{- end }} diff --git a/aws-integration-setup/charts/nullify-k8s-collector/templates/clusterrole.yaml b/aws-integration-setup/charts/nullify-k8s-collector/templates/clusterrole.yaml index 2f0d11e..30c2b99 100644 --- a/aws-integration-setup/charts/nullify-k8s-collector/templates/clusterrole.yaml +++ b/aws-integration-setup/charts/nullify-k8s-collector/templates/clusterrole.yaml @@ -4,7 +4,7 @@ kind: ClusterRole metadata: name: {{ .Values.clusterRole.name }} labels: - {{- include "k8s-info-collector.labels" . | nindent 4 }} + {{- include "k8s-collector.labels" . | nindent 4 }} rules: # Access for collecting cluster information - apiGroups: [""] diff --git a/aws-integration-setup/charts/nullify-k8s-collector/templates/clusterrolebinding.yaml b/aws-integration-setup/charts/nullify-k8s-collector/templates/clusterrolebinding.yaml index b4964a0..7303e2a 100644 --- a/aws-integration-setup/charts/nullify-k8s-collector/templates/clusterrolebinding.yaml +++ b/aws-integration-setup/charts/nullify-k8s-collector/templates/clusterrolebinding.yaml @@ -4,13 +4,13 @@ kind: ClusterRoleBinding metadata: name: {{ .Values.clusterRoleBinding.name }} labels: - {{- include "k8s-info-collector.labels" . | nindent 4 }} + {{- include "k8s-collector.labels" . | nindent 4 }} roleRef: apiGroup: rbac.authorization.k8s.io kind: ClusterRole name: {{ .Values.clusterRole.name }} subjects: - kind: ServiceAccount - name: {{ include "k8s-info-collector.serviceAccountName" . }} + name: {{ include "k8s-collector.serviceAccountName" . }} namespace: {{ .Values.serviceAccount.namespace }} {{- end }} \ No newline at end of file diff --git a/aws-integration-setup/charts/nullify-k8s-collector/templates/cronjob.yaml b/aws-integration-setup/charts/nullify-k8s-collector/templates/cronjob.yaml index 62d64b1..8c7730f 100644 --- a/aws-integration-setup/charts/nullify-k8s-collector/templates/cronjob.yaml +++ b/aws-integration-setup/charts/nullify-k8s-collector/templates/cronjob.yaml @@ -34,15 +34,15 @@ spec: value: "{{ .Values.collector.s3.keyPrefix }}" - name: AWS_REGION value: "{{ .Values.collector.aws.region }}" - {{- if .Values.collector.dataCollection.excludeNamespaces }} + {{- if and .Values.collector.dataCollection .Values.collector.dataCollection.excludeNamespaces }} - name: EXCLUDE_NAMESPACES value: "{{ .Values.collector.dataCollection.excludeNamespaces }}" {{- end }} - {{- if .Values.collector.dataCollection.includeResources }} + {{- if and .Values.collector.dataCollection .Values.collector.dataCollection.includeResources }} - name: INCLUDE_RESOURCES value: "{{ .Values.collector.dataCollection.includeResources }}" {{- end }} - {{- if .Values.collector.dataCollection.metadataOnly }} + {{- if and .Values.collector.dataCollection .Values.collector.dataCollection.metadataOnly }} - name: METADATA_ONLY value: "true" {{- end }} diff --git a/aws-integration-setup/charts/nullify-k8s-collector/templates/namespace.yaml b/aws-integration-setup/charts/nullify-k8s-collector/templates/namespace.yaml index e6152c7..5dee179 100644 --- a/aws-integration-setup/charts/nullify-k8s-collector/templates/namespace.yaml +++ b/aws-integration-setup/charts/nullify-k8s-collector/templates/namespace.yaml @@ -4,7 +4,7 @@ kind: Namespace metadata: name: {{ .Values.serviceAccount.namespace }} labels: - {{- include "k8s-info-collector.labels" . | nindent 4 }} + {{- include "k8s-collector.labels" . | nindent 4 }} app.kubernetes.io/component: namespace annotations: # Add Helm hooks to ensure namespace is created at the beginning of the installation diff --git a/aws-integration-setup/charts/nullify-k8s-collector/templates/pre-install-job.yaml b/aws-integration-setup/charts/nullify-k8s-collector/templates/pre-install-job.yaml index ebbdad9..f18b20a 100644 --- a/aws-integration-setup/charts/nullify-k8s-collector/templates/pre-install-job.yaml +++ b/aws-integration-setup/charts/nullify-k8s-collector/templates/pre-install-job.yaml @@ -2,7 +2,7 @@ apiVersion: batch/v1 kind: Job metadata: - name: {{ include "k8s-info-collector.fullname" . }}-namespace-creator + name: {{ include "k8s-collector.fullname" . }}-namespace-creator annotations: "helm.sh/hook": "pre-install" "helm.sh/hook-weight": "-20" @@ -10,7 +10,7 @@ metadata: spec: template: metadata: - name: {{ include "k8s-info-collector.fullname" . }}-namespace-creator + name: {{ include "k8s-collector.fullname" . }}-namespace-creator spec: serviceAccountName: default restartPolicy: Never