From 9f9d4902cfe852365c9d9c94a11f67303460e72c Mon Sep 17 00:00:00 2001 From: Robert Date: Sun, 26 Sep 2021 22:49:49 -0700 Subject: [PATCH 1/5] update dockerhub URLs: tvial -> mailserver increment chart version bump versions of lint workflow packages --- README.md | 2 +- charts/docker-mailserver/README.md | 2 +- charts/docker-mailserver/values.yaml | 4 ++-- 3 files changed, 4 insertions(+), 4 deletions(-) diff --git a/README.md b/README.md index 99a3faa2..d74d0dc1 100644 --- a/README.md +++ b/README.md @@ -196,7 +196,7 @@ The following table lists the configurable parameters of the docker-mailserver c | Parameter | Description | Default | |---------------------------------------------------|--------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------|------------------------------------------------------| -| `image.name` | The name of the container image to use | `tvial/docker-mailserver` | +| `image.name` | The name of the container image to use | `mailserver/docker-mailserver` | | `image.tag` | The image tag to use (You may prefer "latest" over "v6.1.0", for example) | `release-v6.1.0` | | `demoMode.enabled` | Start the container with a demo "user@example.com" user (password is "password") | `true` | | `haproxy.enabled` | Support HAProxy PROXY protocol on SMTP, IMAP(S), and POP3(S) connections. Provides real source IP instead of load balancer IP | `true` | diff --git a/charts/docker-mailserver/README.md b/charts/docker-mailserver/README.md index efd6ab36..c29bcd78 100644 --- a/charts/docker-mailserver/README.md +++ b/charts/docker-mailserver/README.md @@ -196,7 +196,7 @@ The following table lists the configurable parameters of the docker-mailserver c | Parameter | Description | Default | |---------------------------------------------------|--------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------|------------------------------------------------------| -| `image.name` | The name of the container image to use | `tvial/docker-mailserver` | +| `image.name` | The name of the container image to use | `mailserver/docker-mailserver` | | `image.tag` | The image tag to use (You may prefer "latest" over "v6.1.0", for example) | `release-v6.1.0` | | `demoMode.enabled` | Start the container with a demo "user@example.com" user (password is "password") | `true` | | `haproxy.enabled` | Support HAProxy PROXY protocol on SMTP, IMAP(S), and POP3(S) connections. Provides real source IP instead of load balancer IP | `true` | diff --git a/charts/docker-mailserver/values.yaml b/charts/docker-mailserver/values.yaml index 79df0b03..697da1a4 100644 --- a/charts/docker-mailserver/values.yaml +++ b/charts/docker-mailserver/values.yaml @@ -1,8 +1,8 @@ --- image: - # image.name is the name of the container image to use. Refer to https://hub.docker.com/r/tvial/docker-mailserver + # image.name is the name of the container image to use. Refer to https://hub.docker.com/r/mailserver/docker-mailserver name: "mailserver/docker-mailserver" - # image.tag is the tag of the container image to use. Refer to https://hub.docker.com/r/tvial/docker-mailserver + # image.tag is the tag of the container image to use. Refer to https://hub.docker.com/r/mailserver/docker-mailserver tag: "8.0.1" pullPolicy: "IfNotPresent" From 24ea8a5f5d34f29b8cbdf271506fd8fd3a14c050 Mon Sep 17 00:00:00 2001 From: Robert Date: Sat, 23 Oct 2021 09:09:31 -0700 Subject: [PATCH 2/5] ci: upgrade to helm/chart-testing-action@v2.1.0 and helm/kind-action@v1.2.0 This helps with timeouts when testing kubernetes 1.20 cluster. --- .github/workflows/on-push-lint-charts.yml | 8 ++++---- 1 file changed, 4 insertions(+), 4 deletions(-) diff --git a/.github/workflows/on-push-lint-charts.yml b/.github/workflows/on-push-lint-charts.yml index c522b177..524c9f17 100644 --- a/.github/workflows/on-push-lint-charts.yml +++ b/.github/workflows/on-push-lint-charts.yml @@ -50,7 +50,7 @@ jobs: python-version: 3.7 - name: Set up chart-testing - uses: helm/chart-testing-action@v2.0.1 + uses: helm/chart-testing-action@v2.1.0 - name: Run chart-testing (list-changed) id: list-changed @@ -65,7 +65,7 @@ jobs: # Refer to https://github.com/kubernetes-sigs/kind/releases when updating the node_images - name: Create 1.20 kind cluster - uses: helm/kind-action@v1.1.0 + uses: helm/kind-action@v1.2.0 with: node_image: kindest/node:v1.20.2@sha256:8f7ea6e7642c0da54f04a7ee10431549c0257315b3a634f6ef2fecaaedb19bab cluster_name: kubernetes-1.20 @@ -75,7 +75,7 @@ jobs: run: ct install --config .ci/ct-config.yaml - name: Create 1.19 kind cluster - uses: helm/kind-action@v1.1.0 + uses: helm/kind-action@v1.2.0 with: node_image: kindest/node:v1.19.7@sha256:a70639454e97a4b733f9d9b67e12c01f6b0297449d5b9cbbef87473458e26dca cluster_name: kubernetes-1.19 @@ -85,7 +85,7 @@ jobs: run: ct install --config .ci/ct-config.yaml - name: Create 1.18 kind cluster - uses: helm/kind-action@v1.1.0 + uses: helm/kind-action@v1.2.0 with: node_image: kindest/node:v1.18.15@sha256:5c1b980c4d0e0e8e7eb9f36f7df525d079a96169c8a8f20d8bd108c0d0889cc4 cluster_name: kubernetes-1.18 From 191203946d5b6fee8129f865099dcc1d590a7391 Mon Sep 17 00:00:00 2001 From: Robert Date: Sat, 23 Oct 2021 09:31:36 -0700 Subject: [PATCH 3/5] ci: Make kube-score work again - upgrade to latest kube-score 1.20 - get rid of reference to non-existent sample values file - ignore more failing tests (for now) - use the shell script in the repository as the single source of kube-score flags and how it gets run (to prevent divergence between the repo and the action config.) Fixes #43 --- .../{local-kube-score.sh => kube-score.sh} | 8 ++++++-- .github/workflows/on-push-lint-charts.yml | 18 +++++++----------- 2 files changed, 13 insertions(+), 13 deletions(-) rename .ci/scripts/{local-kube-score.sh => kube-score.sh} (61%) diff --git a/.ci/scripts/local-kube-score.sh b/.ci/scripts/kube-score.sh similarity index 61% rename from .ci/scripts/local-kube-score.sh rename to .ci/scripts/kube-score.sh index 958d62e3..1300673a 100755 --- a/.ci/scripts/local-kube-score.sh +++ b/.ci/scripts/kube-score.sh @@ -1,14 +1,18 @@ #!/bin/bash +KUBE_SCORE=${KUBE_SCORE:-kube-score} for chart in `ls charts`; do -helm template --values charts/$chart/ci/ci-values.yaml charts/$chart | kube-score score - \ +helm template --values charts/$chart/ci/ci-values.yaml charts/$chart | ${KUBE_SCORE} score - \ --ignore-test pod-networkpolicy \ --ignore-test deployment-has-poddisruptionbudget \ --ignore-test deployment-has-host-podantiaffinity \ --ignore-test pod-probes \ --ignore-test container-image-tag \ --enable-optional-test container-security-context-privileged \ - --ignore-test container-security-context + --ignore-test container-security-context \ + --ignore-test container-security-context-user-group-id \ + --ignore-test container-security-context-readonlyrootfilesystem \ + # done \ No newline at end of file diff --git a/.github/workflows/on-push-lint-charts.yml b/.github/workflows/on-push-lint-charts.yml index 524c9f17..598b65a3 100644 --- a/.github/workflows/on-push-lint-charts.yml +++ b/.github/workflows/on-push-lint-charts.yml @@ -12,7 +12,7 @@ on: workflow_dispatch: env: - KUBE_SCORE_VERSION: 1.10.0 + KUBE_SCORE_VERSION: 1.12.0 HELM_VERSION: v3.4.1 jobs: @@ -31,18 +31,14 @@ jobs: - name: Set up kube-score run: | - wget https://github.com/zegl/kube-score/releases/download/v${{ env.KUBE_SCORE_VERSION }}/kube-score_${{ env.KUBE_SCORE_VERSION }}_linux_amd64 -O kube-score - chmod 755 kube-score + mkdir /tmp/bin + wget https://github.com/zegl/kube-score/releases/download/v${{ env.KUBE_SCORE_VERSION }}/kube-score_${{ env.KUBE_SCORE_VERSION }}_linux_amd64 -O /tmp/bin/kube-score + chmod 755 /tmp/bin/kube-score - name: Kube-score generated manifests - run: helm template --values .ci/values-kube-score.yaml charts/* | ./kube-score score - - --ignore-test pod-networkpolicy - --ignore-test deployment-has-poddisruptionbudget - --ignore-test deployment-has-host-podantiaffinity - --ignore-test container-security-context - --ignore-test pod-probes - --ignore-test container-image-tag - --enable-optional-test container-security-context-privileged + env: + KUBE_SCORE: /tmp/bin/kube-score + run: .ci/scripts/kube-score.sh # python is a requirement for the chart-testing action below (supports yamllint among other tests) - uses: actions/setup-python@v2 From ab589567befef44397ca33d49b7553da9fa39753 Mon Sep 17 00:00:00 2001 From: Robert Date: Sat, 23 Oct 2021 09:44:00 -0700 Subject: [PATCH 4/5] CI: switch to matrix strategy for kube chart testing to enable parallelism. Brings CI runtime down to 3 minutes instead of ~9. Also: Makes it easier to test new versions (just add new lists) --- .github/workflows/on-push-lint-charts.yml | 48 +++++++++++------------ 1 file changed, 22 insertions(+), 26 deletions(-) diff --git a/.github/workflows/on-push-lint-charts.yml b/.github/workflows/on-push-lint-charts.yml index 598b65a3..ad67e637 100644 --- a/.github/workflows/on-push-lint-charts.yml +++ b/.github/workflows/on-push-lint-charts.yml @@ -15,6 +15,10 @@ env: KUBE_SCORE_VERSION: 1.12.0 HELM_VERSION: v3.4.1 +concurrency: + group: ${{ github.head_ref }} + cancel-in-progress: true + jobs: lint-test: runs-on: ubuntu-latest @@ -40,6 +44,19 @@ jobs: KUBE_SCORE: /tmp/bin/kube-score run: .ci/scripts/kube-score.sh + chart-testing: + runs-on: ubuntu-latest + strategy: + matrix: + # Choose from https://hub.docker.com/r/kindest/node/tags + KubeVersion: [1.18.15,1.19.11,1.20.2] + + steps: + - name: Checkout + uses: actions/checkout@v2 + with: + fetch-depth: 0 + # python is a requirement for the chart-testing action below (supports yamllint among other tests) - uses: actions/setup-python@v2 with: @@ -59,33 +76,12 @@ jobs: - name: Run chart-testing (lint) run: ct lint --config .ci/ct-config.yaml - # Refer to https://github.com/kubernetes-sigs/kind/releases when updating the node_images - - name: Create 1.20 kind cluster - uses: helm/kind-action@v1.2.0 - with: - node_image: kindest/node:v1.20.2@sha256:8f7ea6e7642c0da54f04a7ee10431549c0257315b3a634f6ef2fecaaedb19bab - cluster_name: kubernetes-1.20 - if: steps.list-changed.outputs.changed == 'true' - - - name: Run chart-testing (install) against 1.20 - run: ct install --config .ci/ct-config.yaml - - - name: Create 1.19 kind cluster - uses: helm/kind-action@v1.2.0 - with: - node_image: kindest/node:v1.19.7@sha256:a70639454e97a4b733f9d9b67e12c01f6b0297449d5b9cbbef87473458e26dca - cluster_name: kubernetes-1.19 - if: steps.list-changed.outputs.changed == 'true' - - - name: Run chart-testing (install) against 1.19 - run: ct install --config .ci/ct-config.yaml - - - name: Create 1.18 kind cluster + - name: Create ${{matrix.KubeVersion}} kind cluster uses: helm/kind-action@v1.2.0 with: - node_image: kindest/node:v1.18.15@sha256:5c1b980c4d0e0e8e7eb9f36f7df525d079a96169c8a8f20d8bd108c0d0889cc4 - cluster_name: kubernetes-1.18 + node_image: kindest/node:v${{matrix.KubeVersion}} + cluster_name: kubernetes-${{matrix.KubeVersion}} if: steps.list-changed.outputs.changed == 'true' - - name: Run chart-testing (install) against 1.18 - run: ct install --config .ci/ct-config.yaml + - name: Run chart-testing (install) against ${{matrix.KubeVersion}} + run: ct install --config .ci/ct-config.yaml \ No newline at end of file From e4acd3e21ac7c54e4fc7d351b603d1b9a5765b6b Mon Sep 17 00:00:00 2001 From: Robert Date: Sat, 23 Oct 2021 09:14:15 -0700 Subject: [PATCH 5/5] Bump chart version to 3.0.1 --- charts/docker-mailserver/Chart.yaml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/charts/docker-mailserver/Chart.yaml b/charts/docker-mailserver/Chart.yaml index 3ff5baa5..c7711cd5 100644 --- a/charts/docker-mailserver/Chart.yaml +++ b/charts/docker-mailserver/Chart.yaml @@ -2,7 +2,7 @@ apiVersion: v2 appVersion: "8.0.1" description: A fullstack but simple mailserver (smtp, imap, antispam, antivirus, ssl...) using Docker. name: docker-mailserver -version: 0.3.0 +version: 0.3.1 sources: - https://github.com/funkypenguin/helm-docker-mailserver maintainers: