From bb366594f1e6602baf8eb57b057e61fd76eb18aa Mon Sep 17 00:00:00 2001
From: Matthew Cane <39704070+MatthewCane@users.noreply.github.com>
Date: Wed, 19 Apr 2023 11:07:03 +0100
Subject: [PATCH] Allow tests to use private ECR images (#19)

* Fix Mokta test with registry credential injection

* Add permissions

* Set args correctly

* Run on PRs

* Fix ECR auth with Mokta

* Add concurrency for workflow

* Remove = in ct install

* Limit testing workflows

* Use workaround for --helm-extra-set-args not working

* Bump kubernetes versions

* Bump kind version

* Bump chart testing
---
 .github/workflows/publish-chart.yml    | 60 ++++++++++++++++++--------
 charts/mokta/Chart.yaml                |  4 +-
 charts/mokta/templates/deployment.yaml |  4 ++
 charts/mokta/values.yaml               |  4 +-
 4 files changed, 50 insertions(+), 22 deletions(-)

diff --git a/.github/workflows/publish-chart.yml b/.github/workflows/publish-chart.yml
index 1506178..54f2051 100644
--- a/.github/workflows/publish-chart.yml
+++ b/.github/workflows/publish-chart.yml
@@ -1,12 +1,20 @@
 name: Publish Charts
 
 on:
-  push
+  push:
+    branches:
+      - main
+  pull_request:
+    branches:
+      - main
+
+concurrency:
+  group: chart-test-${{ github.ref }}
+  cancel-in-progress: true
 
 jobs:
   validate-charts:
     runs-on: ubuntu-22.04
-
     steps:
       - name: Git Checkout
         uses: actions/checkout@v3
@@ -23,7 +31,7 @@ jobs:
           python-version: '3.10'
 
       - name: Set up chart-testing
-        uses: helm/chart-testing-action@v2.2.1
+        uses: helm/chart-testing-action@v2.4.0
 
       - name: Add Helm Repos
         run:  helm repo add bitnami https://charts.bitnami.com/bitnami
@@ -39,50 +47,66 @@ jobs:
   test-charts:
     name: test-charts
     runs-on: ubuntu-latest
+    permissions:
+      id-token: write
+      contents: read
     needs: validate-charts
     strategy:
       matrix:
         k8s:
-          - v1.24.7
-          - v1.25.3
-          - v1.26.0
+          - v1.25.8
+          - v1.26.3
+          - v1.27.1
 
     steps:
       - name: Checkout
         uses: actions/checkout@v3
 
-      - name: Set up Helm
-        uses: azure/setup-helm@v3
-
       - name: Set up Python
         uses: actions/setup-python@v2
         with:
           python-version: '3.10'
 
       - name: Set up chart-testing
-        uses: helm/chart-testing-action@v2.2.1
-
-      - name: Install AWS CLI
-        uses: unfor19/install-aws-cli-action@v1.0.3
+        uses: helm/chart-testing-action@v2.4.0
 
       - name: Configure AWS Credentials
-        uses: aws-actions/configure-aws-credentials@v1
+        uses: aws-actions/configure-aws-credentials@v1-node16
         with:
-          aws-access-key-id: ${{ secrets.AWS_ACCESS_KEY_ID }}
-          aws-secret-access-key: ${{ secrets.AWS_SECRET_ACCESS_KEY }}
+          role-to-assume: arn:aws:iam::979633842206:role/HelmChartsDeployment
+          role-session-name: helm-charts-deploy
           aws-region: eu-west-1
 
       - name: Add Helm Repos
         run:  helm repo add bitnami https://charts.bitnami.com/bitnami
 
       - name: Create kind ${{ matrix.k8s }} cluster
-        uses: helm/kind-action@v1.3.0
+        uses: helm/kind-action@v1.5.0
         with:
           node_image: kindest/node:${{ matrix.k8s }}
 
+      - name: Authenticate with ECR
+        run: |
+          kubectl create secret docker-registry regcred \
+          --docker-server=979633842206.dkr.ecr.eu-west-1.amazonaws.com \
+          --docker-username=AWS \
+          --docker-password=$(aws ecr get-login-password) \
+          --namespace=default
+
+      - name: Add additional chart values
+        run: |
+          # Because the --helm-extra-set-args flag is apparently broken in CI
+          # this method is used instead
+          
+          mkdir charts/mokta/ci
+          tee charts/mokta/ci/*-values.yaml<<EOF>>/dev/null
+          image:
+            imagePullSecretsRegcred: true
+          EOF
+
       - name: Run chart-testing (install) ${{ matrix.k8s }}
         run: |
-          ct install --all
+          ct install --all --namespace=default
 
   publish-charts:
     runs-on: ubuntu-22.04
diff --git a/charts/mokta/Chart.yaml b/charts/mokta/Chart.yaml
index 50a883c..9a57d13 100644
--- a/charts/mokta/Chart.yaml
+++ b/charts/mokta/Chart.yaml
@@ -2,8 +2,8 @@ apiVersion: v2
 name: mokta
 description: Standalone implementation of Mokta 3 for use with review apps - https://github.com/citizensadvice/mokta
 type: application
-version: 0.3.8
-appVersion: 3.0.1
+version: 0.3.9
+appVersion: v3.0.1
 home: https://github.com/citizensadvice/helm-charts
 maintainers:
   - email: ca-devops@citizensadvice.org.uk
diff --git a/charts/mokta/templates/deployment.yaml b/charts/mokta/templates/deployment.yaml
index 9c2dd0e..675e7e9 100644
--- a/charts/mokta/templates/deployment.yaml
+++ b/charts/mokta/templates/deployment.yaml
@@ -19,6 +19,10 @@ spec:
         {{- include "selectorLabels" . | nindent 8 }}
     spec:
       # serviceAccountName: mokta
+      {{- if .Values.image.imagePullSecretsRegcred | default false }}
+      imagePullSecrets:
+        - name: regcred
+      {{- end }}
       securityContext:
         runAsUser: 1000
         runAsGroup: 1000
diff --git a/charts/mokta/values.yaml b/charts/mokta/values.yaml
index 747305f..c8f21ab 100644
--- a/charts/mokta/values.yaml
+++ b/charts/mokta/values.yaml
@@ -1,6 +1,6 @@
 image:
-  repository: public.ecr.aws/citizensadvice/mokta
-  tag: 3.0.0.pre3
+  repository: 979633842206.dkr.ecr.eu-west-1.amazonaws.com/mokta
+  tag: latest
 
 env:
   SAFE_HOSTS: https://*.qa.citizensadvice.org.uk