Support helm gcs repository and kustomize

README.md

@@ -76,7 +76,8 @@ PASS - flagger/templates/deployment.yaml contains a valid Deployment
 
 ## Usage with private charts repositories
 
-To allow the action to be able to clone private charts repositories, you must [create a GitHub private access token](https://help.github.com/en/github/authenticating-to-github/creating-a-personal-access-token-for-the-command-line) and [add it as a secret](https://help.github.com/en/actions/automating-your-workflow-with-github-actions/creating-and-using-encrypted-secrets#creating-encrypted-secrets) to the target repository. NOTE: secret names *cannot* start with `GITHUB_` as these are reserved.
+To allow the action to be able to clone private charts repositories, you must [create a GitHub private access token](https://help.github.com/en/github/authenticating-to-github/creating-a-personal-access-token-for-the-command-line)
+and [add it as a secret](https://help.github.com/en/actions/automating-your-workflow-with-github-actions/creating-and-using-encrypted-secrets#creating-encrypted-secrets) to the target repository. NOTE: secret names *cannot* start with `GITHUB_` as these are reserved.
 
 You can then pass the secret (in this case, `GH_TOKEN`) into the action like so:
 ```yaml
@@ -123,6 +124,30 @@ jobs:
 
 ```
 
+If you set `gcsRepo: true`,  make sure you set the appropriate environment variables for helm gcs plugin to work.  Example:
+```yaml
+name: CI
+
+on: [push, pull_request]
+
+jobs:
+  hrval:
+    runs-on: ubuntu-latest
+    steps:
+      - uses: actions/checkout@v1
+      - name: Validate Helm Releases in test dir
+        uses: stefanprodan/hrval-action@master
+        with:
+          helmRelease: test
+          helmVersion: v3
+          gcsRepo: true
+          helmSourcesCacheEnabled: true
+        env:
+          GCP_PROJECT_ID: ${{ secrets.GCP_PROJECT_ID }}
+          GCP_SERVICE_ACCOUNT_KEY: ${{ secrets.GCP_SA_KEY }}
+
+```
+
 Gitlab CI Token is also possible using `GITLAB_CI_TOKEN`.
 
 ## Usage with pull requests containing changes of Helm chart source located in base repository branch

action.yml

@@ -26,6 +26,12 @@ inputs:
   awsS3Plugin:
     description: '(Optional) AWS S3 Plugin to be used in the helm plugin install command'
     default: ''
+  gcsRepo:
+    description: '(Optional) Set to true if using an GCS Helm Repo'
+    default: false
+  gcsPlugin:
+    description: '(Optional) GCS Plugin to be used in the helm plugin install command'
+    default: 'https://github.com/hayorov/helm-gcs.git'
   helmSourcesCacheEnabled:
     description: '(Optional) Enabled Helm source caching, so same release or ref will not be downloaded twice.'
     default: 'false'
@@ -44,4 +50,6 @@ runs:
     - ${{ inputs.awsS3Repo }}
     - ${{ inputs.awsS3RepoName }}
     - ${{ inputs.awsS3RepoPlugin }}
+    - ${{ inputs.gcsRepo }}
+    - ${{ inputs.gcsPlugin }}
     - ${{ inputs.helmSourcesCacheEnabled }}

src/deps.sh

@@ -6,8 +6,14 @@ curl -sL "https://storage.googleapis.com/kubernetes-release/release/$(curl -s ht
 
 curl -sL https://github.com/mikefarah/yq/releases/download/3.4.1/yq_linux_amd64 -o /usr/local/bin/yq && chmod +x /usr/local/bin/yq
 
-curl -sSL https://get.helm.sh/helm-v2.16.3-linux-amd64.tar.gz | tar xz && mv linux-amd64/helm /bin/helm && rm -rf linux-amd64
+curl -sSL https://get.helm.sh/helm-v2.17.0-linux-amd64.tar.gz | tar xz && mv linux-amd64/helm /bin/helm && rm -rf linux-amd64
 helm init --client-only --kubeconfig="${HOME}/.kube/kubeconfig"
 
-curl -sSL https://get.helm.sh/helm-v3.1.1-linux-amd64.tar.gz | tar xz && mv linux-amd64/helm /bin/helmv3 && rm -rf linux-amd64
+curl -sSL https://get.helm.sh/helm-v3.7.2-linux-amd64.tar.gz | tar xz && mv linux-amd64/helm /bin/helmv3 && rm -rf linux-amd64
 helmv3 version
+
+KUSTOMIZE=3.5.5
+echo "downloading kustomize ${KUSTOMIZE}"
+curl -sL https://github.com/kubernetes-sigs/kustomize/releases/download/kustomize%2Fv${KUSTOMIZE}/kustomize_v${KUSTOMIZE}_linux_amd64.tar.gz | \
+tar xz && mv kustomize /usr/local/bin/kustomize
+kustomize version

src/hrval-all.sh

@@ -2,15 +2,17 @@
 
 set -o errexit
 
-DIR=${1}
+DIRS=${1}
 IGNORE_VALUES=${2-false}
 KUBE_VER=${3-master}
 HELM_VER=${4-v2}
 HRVAL="$( cd "$( dirname "${BASH_SOURCE[0]}" )" >/dev/null 2>&1 && pwd )/hrval.sh"
 AWS_S3_REPO=${5-false}
 AWS_S3_REPO_NAME=${6-""}
 AWS_S3_PLUGIN="${7-""}"
-HELM_SOURCES_CACHE_ENABLED=${8-""}
+GCS_REPO=${8-false}
+GCS_PLUGIN=${9-""}
+HELM_SOURCES_CACHE_ENABLED=${10-""}
 
 if [ "${HELM_SOURCES_CACHE_ENABLED}" == "true" ]; then
   CACHEDIR=$(mktemp -d)
@@ -28,42 +30,75 @@ if [[ ${AWS_S3_REPO} == true ]]; then
     helm repo update
 fi
 
-# If the path provided is actually a file, just run hrval against this one file
-if test -f "${DIR}"; then
-  ${HRVAL} "${DIR}" "${IGNORE_VALUES}" "${KUBE_VER}" "${HELM_VER}" "${CACHEDIR}"
-  exit 0
-fi
+if [[ ${GCS_REPO} == true ]]; then
+  if [[ -n "${GCP_SERVICE_ACCOUNT_KEY}" ]]; then
+    GCP_SA_KEY_FILE="$TMPDIR/service_account_key.json"
+    echo "${GCP_SERVICE_ACCOUNT_KEY}" > "${GCP_SA_KEY_FILE}"
+    export GOOGLE_APPLICATION_CREDENTIALS="${GCP_SA_KEY_FILE}"
+  fi
+  if [[ -n "${GCP_PROJECT_ID}" ]]; then
+    export GCP_PROJECT="${GCP_PROJECT_ID}"
+  fi
 
-# If the path provided is not a directory, print error message and exit
-if [ ! -d "$DIR" ]; then
-  echo "\"${DIR}\" directory not found!"
-  exit 1
+  if [[ "${HELM_VER}" == "v3" ]]; then
+    helmv3 plugin install "${GCS_PLUGIN}"
+  else
+    helm plugin install "${GCS_PLUGIN}"
+  fi
 fi
 
-function isHelmRelease {
-  KIND=$(yq r "${1}" kind)
-  if [[ ${KIND} == "HelmRelease" ]]; then
-      echo true
-  else
-    echo false
+function validate {
+  DIR=${1}
+  # If the path provided is actually a file, just run hrval against this one file
+  if test -f "${DIR}"; then
+    ${HRVAL} "${DIR}" "${IGNORE_VALUES}" "${KUBE_VER}" "${HELM_VER}" "${CACHEDIR}"
+    exit 0
   fi
-}
 
-# Find yaml files in directory recursively
-FILES_TESTED=0
-declare -a FOUND_FILES=()
-while read -r file; do
-    FOUND_FILES+=( "$file" )
-done < <(find "${DIR}" -type f -name '*.yaml' -o -name '*.yml')
+  # If the path provided is not a directory, print error message and exit
+  if [ ! -d "$DIR" ]; then
+    echo "\"${DIR}\" directory not found!"
+    exit 1
+  fi
 
-for f in "${FOUND_FILES[@]}"; do
-  if [[ $(isHelmRelease "${f}") == "true" ]]; then
-    ${HRVAL} "${f}" "${IGNORE_VALUES}" "${KUBE_VER}" "${HELM_VER}" "${CACHEDIR}"
-    FILES_TESTED=$(( FILES_TESTED+1 ))
-  else
-    echo "Ignoring ${f} not a HelmRelease"
+  function isHelmRelease {
+    KIND=$(yq r "${1}" kind)
+    if [[ ${KIND} == "HelmRelease" ]]; then
+        echo true
+    else
+      echo false
+    fi
+  }
+
+  # Run kustomize build
+  if [ -f "${DIR}/kustomization.yaml" ] || [ -f "${DIR}/kustomization.yml" ]; then
+    TMPDIR=$(mktemp -d)
+    kustomize build "${DIR}" -o "${TMPDIR}"
+    DIR=${TMPDIR}
   fi
-done
 
-# This will set the GitHub actions output 'numFilesTested'
-echo "::set-output name=numFilesTested::${FILES_TESTED}"
+  # Find yaml files in directory recursively
+  FILES_TESTED=0
+  declare -a FOUND_FILES=()
+  while read -r file; do
+      FOUND_FILES+=( "$file" )
+  done < <(find "${DIR}" -type f -name '*.yaml' -o -name '*.yml')
+
+  for f in "${FOUND_FILES[@]}"; do
+    if [[ $(isHelmRelease "${f}") == "true" ]]; then
+      ${HRVAL} "${f}" "${IGNORE_VALUES}" "${KUBE_VER}" "${HELM_VER}" "${CACHEDIR}"
+      FILES_TESTED=$(( FILES_TESTED+1 ))
+    else
+      echo "Ignoring ${f} not a HelmRelease"
+    fi
+  done
+
+  # This will set the GitHub actions output 'numFilesTested'
+  echo "::set-output name=numFilesTested::${FILES_TESTED}"
+}
+
+IFS=',' read -r -a array <<< "$DIRS"
+for dir in "${array[@]}"; do
+    echo "Validating $dir"
+    validate "${dir}"
+done

src/hrval.sh

@@ -181,6 +181,7 @@ function validate {
       helmv3 dependency build "${CHART_DIR}"
     fi
     helmv3 template "${HELM_RELEASE_NAME}" "${CHART_DIR}" \
+      --kube-version "${KUBE_VER}" \
       --namespace "${HELM_RELEASE_NAMESPACE}" \
       --skip-crds=true \
       -f "${TMPDIR}/${HELM_RELEASE_NAME}.values.yaml" > "${TMPDIR}/${HELM_RELEASE_NAME}.release.yaml"