Skip to content
Helm Chart CI/CD

feat: support for postgres 18 #9

Sign in to view logs

feat: support for postgres 18

feat: support for postgres 18 #9

Workflow file for this run

.github/workflows/helm.yml at 1a979f2
name: Helm Chart CI/CD
on:
push:
branches:
- main
paths:
- 'chart/**'
- '.github/workflows/helm.yml'
pull_request:
branches:
- main
paths:
- 'chart/**'
- '.github/workflows/helm.yml'
workflow_dispatch:
env:
REGISTRY: ghcr.io
HELM_REGISTRY: oci://ghcr.io/flanksource/charts
jobs:
lint-and-test:
runs-on: ubuntu-latest
steps:
- name: Checkout
uses: actions/checkout@v4
with:
fetch-depth: 0
- name: Set up Helm
uses: azure/setup-helm@v4
with:
version: '3.14.0'
- name: Set up chart-testing
uses: helm/chart-testing-action@v2.6.1
- name: Add Helm repositories
run: |
helm repo add bitnami https://charts.bitnami.com/bitnami
helm repo update
- name: Lint Helm chart
run: |
helm lint chart/
ct lint --config .github/ct.yaml --charts chart/
- name: Create kind cluster
uses: helm/kind-action@v1.8.0
with:
cluster_name: postgres-upgrade-test
- name: Load Docker images
run: |
# Pull the latest PostgreSQL upgrade images for testing
docker pull ghcr.io/flanksource/postgres-upgrade:to-17-latest || echo "Image not found, will use fallback"
- name: Install and test Helm chart
run: |
# Install chart with test values
helm install postgres-upgrade-test chart/ \
--set postgresql.password=testpassword123 \
--set image.tag=to-17-latest \
--set resources.requests.memory=512Mi \
--set resources.limits.memory=1Gi \
--wait --timeout=5m
# Wait for PostgreSQL to be ready
kubectl wait --for=condition=ready pod -l app.kubernetes.io/name=postgres-upgrade --timeout=300s
# Run Helm tests
helm test postgres-upgrade-test --timeout=10m
# Check if StatefulSet is ready
kubectl get statefulset
kubectl describe statefulset postgres-upgrade-test
# Check PostgreSQL logs
kubectl logs -l app.kubernetes.io/name=postgres-upgrade --tail=50
- name: Cleanup
if: always()
run: |
helm uninstall postgres-upgrade-test || true
kubectl delete pvc --all || true
package-and-publish:
needs: lint-and-test
runs-on: ubuntu-latest
if: github.ref == 'refs/heads/main' || github.ref == 'refs/heads/master'
permissions:
contents: read
packages: write
steps:
- name: Checkout
uses: actions/checkout@v4
with:
fetch-depth: 0
- name: Set up Helm
uses: azure/setup-helm@v4
with:
version: '3.14.0'
- name: Log in to Container Registry
uses: docker/login-action@v3
with:
registry: ${{ env.REGISTRY }}
username: ${{ github.actor }}
password: ${{ secrets.GITHUB_TOKEN }}
- name: Package and push Helm chart
run: |
# Package the chart
helm package chart/ --destination .helm-packages/
# Get the chart version
CHART_VERSION=$(helm show chart chart/ | grep '^version:' | cut -d' ' -f2)
CHART_NAME=$(helm show chart chart/ | grep '^name:' | cut -d' ' -f2)
echo "Packaging $CHART_NAME version $CHART_VERSION"
# Push to OCI registry
helm push .helm-packages/${CHART_NAME}-${CHART_VERSION}.tgz ${{ env.HELM_REGISTRY }}
echo "Successfully pushed $CHART_NAME:$CHART_VERSION to ${{ env.HELM_REGISTRY }}"
security-scan:
runs-on: ubuntu-latest
steps:
- name: Checkout
uses: actions/checkout@v4
- name: Run Checkov
uses: bridgecrewio/checkov-action@master
with:
directory: chart/
framework: kubernetes
soft_fail: true
output_format: sarif
output_file_path: checkov-results.sarif
- name: Upload Checkov results
uses: github/codeql-action/upload-sarif@v3
if: always()
with:
sarif_file: checkov-results.sarif