Allow tests to use private ECR images (#19)

* Fix Mokta test with registry credential injection * Add permissions * Set args correctly * Run on PRs * Fix ECR auth with Mokta * Add concurrency for workflow * Remove = in ct install * Limit testing workflows * Use workaround for --helm-extra-set-args not working * Bump kubernetes versions * Bump kind version * Bump chart testing
citizensadvice · Apr 19, 2023 · bb36659 · bb36659
1 parent f80f3c0
commit bb36659
Show file tree

Hide file tree

Showing 4 changed files with 50 additions and 22 deletions.
diff --git a/.github/workflows/publish-chart.yml b/.github/workflows/publish-chart.yml
@@ -1,12 +1,20 @@
 name: Publish Charts
 
 on:
-  push
+  push:
+    branches:
+      - main
+  pull_request:
+    branches:
+      - main
+
+concurrency:
+  group: chart-test-${{ github.ref }}
+  cancel-in-progress: true
 
 jobs:
   validate-charts:
     runs-on: ubuntu-22.04
-
     steps:
       - name: Git Checkout
         uses: actions/checkout@v3
@@ -23,7 +31,7 @@ jobs:
           python-version: '3.10'
 
       - name: Set up chart-testing
-        uses: helm/chart-testing-action@v2.2.1
+        uses: helm/chart-testing-action@v2.4.0
 
       - name: Add Helm Repos
         run:  helm repo add bitnami https://charts.bitnami.com/bitnami
@@ -39,50 +47,66 @@ jobs:
   test-charts:
     name: test-charts
     runs-on: ubuntu-latest
+    permissions:
+      id-token: write
+      contents: read
     needs: validate-charts
     strategy:
       matrix:
         k8s:
-          - v1.24.7
-          - v1.25.3
-          - v1.26.0
+          - v1.25.8
+          - v1.26.3
+          - v1.27.1
 
     steps:
       - name: Checkout
         uses: actions/checkout@v3
 
-      - name: Set up Helm
-        uses: azure/setup-helm@v3
-
       - name: Set up Python
         uses: actions/setup-python@v2
         with:
           python-version: '3.10'
 
       - name: Set up chart-testing
-        uses: helm/[email protected]
-
-      - name: Install AWS CLI
-        uses: unfor19/[email protected]
+        uses: helm/[email protected]
 
       - name: Configure AWS Credentials
-        uses: aws-actions/configure-aws-credentials@v1
+        uses: aws-actions/configure-aws-credentials@v1-node16
         with:
-          aws-access-key-id: ${{ secrets.AWS_ACCESS_KEY_ID }}
-          aws-secret-access-key: ${{ secrets.AWS_SECRET_ACCESS_KEY }}
+          role-to-assume: arn:aws:iam::979633842206:role/HelmChartsDeployment
+          role-session-name: helm-charts-deploy
           aws-region: eu-west-1
 
       - name: Add Helm Repos
         run:  helm repo add bitnami https://charts.bitnami.com/bitnami
 
       - name: Create kind ${{ matrix.k8s }} cluster
-        uses: helm/kind-action@v1.3.0
+        uses: helm/kind-action@v1.5.0
         with:
           node_image: kindest/node:${{ matrix.k8s }}
 
+      - name: Authenticate with ECR
+        run: |
+          kubectl create secret docker-registry regcred \
+          --docker-server=979633842206.dkr.ecr.eu-west-1.amazonaws.com \
+          --docker-username=AWS \
+          --docker-password=$(aws ecr get-login-password) \
+          --namespace=default
+
+      - name: Add additional chart values
+        run: |
+          # Because the --helm-extra-set-args flag is apparently broken in CI
+          # this method is used instead
+          
+          mkdir charts/mokta/ci
+          tee charts/mokta/ci/*-values.yaml<<EOF>>/dev/null
+          image:
+            imagePullSecretsRegcred: true
+          EOF
+
       - name: Run chart-testing (install) ${{ matrix.k8s }}
         run: |
-          ct install --all
+          ct install --all --namespace=default
 
   publish-charts:
     runs-on: ubuntu-22.04

diff --git a/charts/mokta/Chart.yaml b/charts/mokta/Chart.yaml
@@ -2,8 +2,8 @@ apiVersion: v2
 name: mokta
 description: Standalone implementation of Mokta 3 for use with review apps - https://github.com/citizensadvice/mokta
 type: application
-version: 0.3.8
-appVersion: 3.0.1
+version: 0.3.9
+appVersion: v3.0.1
 home: https://github.com/citizensadvice/helm-charts
 maintainers:
   - email: [email protected]

diff --git a/charts/mokta/templates/deployment.yaml b/charts/mokta/templates/deployment.yaml
@@ -19,6 +19,10 @@ spec:
         {{- include "selectorLabels" . | nindent 8 }}
     spec:
       # serviceAccountName: mokta
+      {{- if .Values.image.imagePullSecretsRegcred | default false }}
+      imagePullSecrets:
+        - name: regcred
+      {{- end }}
       securityContext:
         runAsUser: 1000
         runAsGroup: 1000

diff --git a/charts/mokta/values.yaml b/charts/mokta/values.yaml
@@ -1,6 +1,6 @@
 image:
-  repository: public.ecr.aws/citizensadvice/mokta
-  tag: 3.0.0.pre3
+  repository: 979633842206.dkr.ecr.eu-west-1.amazonaws.com/mokta
+  tag: latest
 
 env:
   SAFE_HOSTS: https://*.qa.citizensadvice.org.uk