fix(helm-chart): don't change postgres secret at helm upgrade (#33)

- helm chart: don't change postgres secret from dependency at helm upgrade - helm-test: enable upgradeability check and set check-version-increment for ct lint to false
eclipse-tractusx · Feb 13, 2024 · b7b4b8f · b7b4b8f
1 parent a937062
commit b7b4b8f
Show file tree

Hide file tree

Showing 6 changed files with 42 additions and 16 deletions.
diff --git a/.github/workflows/policy-hub-chart-test.yml b/.github/workflows/policy-hub-chart-test.yml
@@ -100,20 +100,19 @@ jobs:
           fi
 
       - name: Run chart-testing (lint)
-        run: ct lint --validate-maintainers=false --target-branch ${{ github.event.repository.default_branch }}
+        run: ct lint --validate-maintainers=false --check-version-increment=false --target-branch ${{ github.event.repository.default_branch }}
 
       - name: Run service chart-testing (install)
         run: ct install --charts charts/policy-hub --config charts/chart-testing-config.yaml --helm-extra-set-args "--set=policyhub.image=kind-registry:5000/policy-hub-service:testing --set=policyhubmigrations.image=kind-registry:5000/policy-hub-migrations:testing"
         if: github.event_name != 'pull_request' || steps.list-changed.outputs.changed == 'true'
 
-        # currently the update is commented out, at the moment we're working for the initial version, after that the update will be enabled
-        # Upgrade the released chart version with the locally available chart
-        # default value for event_name != workflow_dispatch
-        # - name: Run helm upgrade
-        #   run: |
-        #     helm repo add bitnami https://charts.bitnami.com/bitnami
-        #     helm repo add tractusx-dev https://eclipse-tractusx.github.io/charts/dev
-        #     helm install policy-hub-service tractusx-dev/policy-hub-service --version ${{ github.event.inputs.upgrade_from || '1.0.0' }} 
-        #     helm dependency update charts/policy-hub-service
-        #     helm upgrade policy-hub-service charts/policy-hub-service
-        #   if: github.event_name != 'pull_request' || steps.list-changed.outputs.changed == 'true'
+      # Upgrade the released chart version with the locally available chart
+      # default value for event_name != workflow_dispatch
+      - name: Run helm upgrade
+        run: |
+          helm repo add bitnami https://charts.bitnami.com/bitnami
+          helm repo add tractusx-dev https://eclipse-tractusx.github.io/charts/dev
+          helm install policy-hub tractusx-dev/policy-hub --version ${{ github.event.inputs.upgrade_from || '0.1.0-rc.2' }} --namespace upgrade --create-namespace
+          helm dependency update charts/policy-hub
+          helm upgrade policy-hub charts/policy-hub --set policyhub.image=kind-registry:5000/policy-hub-service:testing --set=policyhubmigrations.image=kind-registry:5000/policy-hub-migrations:testing --namespace upgrade
+        if: github.event_name != 'pull_request' || steps.list-changed.outputs.changed == 'true'
diff --git a/charts/policy-hub/templates/_helpers.tpl b/charts/policy-hub/templates/_helpers.tpl
@@ -30,6 +30,13 @@ Create chart name and version as used by the chart label.
 {{- printf "%s-%s" .Chart.Name .Chart.Version | replace "+" "_" | trunc 63 | trimSuffix "-" }}
 {{- end }}
 
+{{/*
+Define secret name of postgres dependency.
+*/}}
+{{- define "phub.postgresSecretName" -}}
+{{- printf "%s-%s" .Release.Name "phub-postgres" }}
+{{- end }}
+
 {{/*
 Common labels
 */}}

diff --git a/charts/policy-hub/templates/deployment-hub.yaml b/charts/policy-hub/templates/deployment-hub.yaml
@@ -54,7 +54,7 @@ spec:
         - name: "POLICY_HUB_PASSWORD"
           valueFrom:
             secretKeyRef:
-              name: "{{ .Release.Name }}-phub-postgres"
+              name: "{{ template "phub.postgresSecretName" . }}"
               key: "password"
         - name: "CONNECTIONSTRINGS__POLICYHUBDB"
           value: "Server={{ template "postgresql.primary.fullname" . }};Database={{ .Values.postgresql.auth.database }};Port={{ .Values.postgresql.auth.port }};User Id={{ .Values.postgresql.auth.username }};Password=$(POLICY_HUB_PASSWORD);Ssl Mode={{ .Values.dbConnection.sslMode }};"

diff --git a/charts/policy-hub/templates/job-policy-hub-migrations.yaml b/charts/policy-hub/templates/job-policy-hub-migrations.yaml
@@ -50,7 +50,7 @@ spec:
           - name: "POLICY_HUB_PASSWORD"
             valueFrom:
               secretKeyRef:
-                name: "{{ .Release.Name }}-phub-postgres"
+                name: "{{ template "phub.postgresSecretName" . }}"
                 key: "password"
           - name: "CONNECTIONSTRINGS__POLICYHUBDB"
             value: "Server={{ template "postgresql.primary.fullname" . }};Database={{ .Values.postgresql.auth.database }};Port={{ .Values.postgresql.auth.port }};User Id={{ .Values.postgresql.auth.username }};Password=$(POLICY_HUB_PASSWORD);Ssl Mode={{ .Values.dbConnection.sslMode }};"

diff --git a/charts/policy-hub/templates/secret-postgres.yaml b/charts/policy-hub/templates/secret-postgres.yaml
@@ -1,13 +1,32 @@
+{{- /*
+* Copyright (c) 2024 Contributors to the Eclipse Foundation
+*
+* See the NOTICE file(s) distributed with this work for additional
+* information regarding copyright ownership.
+*
+* This program and the accompanying materials are made available under the
+* terms of the Apache License, Version 2.0 which is available at
+* https://www.apache.org/licenses/LICENSE-2.0.
+*
+* Unless required by applicable law or agreed to in writing, software
+* distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
+* WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
+* License for the specific language governing permissions and limitations
+* under the License.
+*
+* SPDX-License-Identifier: Apache-2.0
+*/}}
 
 {{- if .Values.postgresql.enabled -}}
+{{- $secretName := include "phub.postgresSecretName" . -}}
 apiVersion: v1
 kind: Secret
 metadata:
-  name: {{ .Release.Name }}-phub-postgres
+  name: {{ $secretName }}
   namespace: {{ .Release.Namespace }}
 type: Opaque
 # use lookup function to check if secret exists
-{{- $secret := (lookup "v1" "Secret" .Release.Namespace .Values.postgresql.auth.existingSecret) }}
+{{- $secret := (lookup "v1" "Secret" .Release.Namespace $secretName) }}
 {{ if $secret -}}
 data:
   # if secret exists, use value provided from values file (to cover update scenario) or existing value from secret

diff --git a/charts/policy-hub/values.yaml b/charts/policy-hub/values.yaml
@@ -125,6 +125,7 @@ postgresql:
     # -- Database name.
     database: policy-hub
     # -- Secret containing the passwords for root usernames postgres and non-root username hub.
+    # Should not be changed without changing the "phub-postgresSecretName" template as well.
     existingSecret: "{{ .Release.Name }}-phub-postgres"
   architecture: replication
   audit: