added helm releasing workflow

.github/release.yaml

@@ -0,0 +1,18 @@
+# .github/release.yml
+
+changelog:
+  categories:
+    - title: Bug Fixes 🐛
+      labels:
+        - bug
+    - title: Breaking Changes 🛠
+      labels:
+        - Semver-Major
+        - breaking-change
+    - title: Exciting New Features 🎉
+      labels:
+        - Semver-Minor
+        - enhancement
+    - title: Other Changes
+      labels:
+        - "*"

.github/workflows/build.yaml → .github/workflows/build-release.yaml

@@ -1,14 +1,16 @@
-name: Build Container Image
+name: Build and Release
 
 on:
   push:
     tags:
       - 'v*'
 
 jobs:
-  docker:
-    name: docker
+  build-push-operator:
+    name: build-push-operator
     runs-on: ubuntu-latest
+    env:
+      OPERATOR_SDK_VERSION: v1.31.0
     steps:
       - uses: actions/checkout@v3
       - uses: docker/setup-qemu-action@v2
@@ -35,12 +37,42 @@ jobs:
 
       - name: Install operator-sdk
         run: |
-          curl -L https://github.com/operator-framework/operator-sdk/releases/download/v1.31.0/operator-sdk_linux_amd64 -o /usr/local/bin/operator-sdk
+          curl -L https://github.com/operator-framework/operator-sdk/releases/download/${OPERATOR_SDK_VERSION}/operator-sdk_linux_amd64 -o /usr/local/bin/operator-sdk
           chmod +x /usr/local/bin/operator-sdk
 
       - name: Build and push the bundle
         run: |
           TAG_VERSION=${{ github.ref_name }}
           # remove "v" character at the first of the version.
           VERSION="${TAG_VERSION#v}"
-          make bundle bundle-build bundle-push IMAGE_TAG_BASE=ghcr.io/${{ github.repository }} VERSION=$VERSION IMG=ghcr.io/${{ github.repository }}:$TAG_VERSION
+          make bundle bundle-build bundle-push IMAGE_TAG_BASE=ghcr.io/${{ github.repository }} VERSION=$VERSION IMG=ghcr.io/${{ github.repository }}:$TAG_VERSION
+
+  helm-chart:
+    name: helm-chart
+    needs: build-push-operator
+    runs-on: ubuntu-latest
+    steps:
+      - uses: actions/checkout@v3
+      - name: helmify
+        run: make helm
+      - name: Chart | Push
+        uses: appany/[email protected]
+        with:
+          name: simple-authenticator
+          repository: ${{ github.repository }}/helm-charts
+          tag: ${{ github.ref_name }}
+          path: charts/simple-authenticator # Default charts/{name}
+          registry: ghcr.io
+          registry_username:  ${{ github.repository_owner }}
+          registry_password: ${{ secrets.GITHUB_TOKEN }}
+
+  release:
+    needs: build-push-operator
+    name: release
+    runs-on: ubuntu-latest
+    env:
+      GH_TOKEN: ${{ secrets.GITHUB_TOKEN }}
+    steps:
+      - uses: actions/checkout@v3
+      - name: release
+        run: gh release create ${{ github.ref_name }} --generate-notes --verify-tag

Makefile

@@ -289,3 +289,14 @@ catalog-build: opm ## Build a catalog image.
 .PHONY: catalog-push
 catalog-push: ## Push a catalog image.
 	$(MAKE) docker-push IMG=$(CATALOG_IMG)
+
+########################## Helmify
+HELMIFY ?= $(LOCALBIN)/helmify
+
+.PHONY: helmify
+helmify: $(HELMIFY) ## Download helmify locally if necessary.
+$(HELMIFY): $(LOCALBIN)
+	test -s $(LOCALBIN)/helmify || GOBIN=$(LOCALBIN) go install github.com/arttor/helmify/cmd/helmify@latest
+
+helm: manifests kustomize helmify
+	$(KUSTOMIZE) build config/default | $(HELMIFY) deploy/charts/simple-authenticator

chart/Chart.yaml → charts/simple-authenticator/Chart.yaml

@@ -1,5 +1,5 @@
 apiVersion: v2
-name: chart
+name: simple-authenticator
 description: A Helm chart for Kubernetes
 # A chart can be either an 'application' or a 'library' chart.
 #

chart/templates/_helpers.tpl → charts/simple-authenticator/templates/_helpers.tpl

@@ -1,7 +1,7 @@
 {{/*
 Expand the name of the chart.
 */}}
-{{- define "chart.name" -}}
+{{- define "simple-authenticator.name" -}}
 {{- default .Chart.Name .Values.nameOverride | trunc 63 | trimSuffix "-" }}
 {{- end }}
 
@@ -10,7 +10,7 @@ Create a default fully qualified app name.
 We truncate at 63 chars because some Kubernetes name fields are limited to this (by the DNS naming spec).
 If release name contains chart name it will be used as a full name.
 */}}
-{{- define "chart.fullname" -}}
+{{- define "simple-authenticator.fullname" -}}
 {{- if .Values.fullnameOverride }}
 {{- .Values.fullnameOverride | trunc 63 | trimSuffix "-" }}
 {{- else }}
@@ -26,16 +26,16 @@ If release name contains chart name it will be used as a full name.
 {{/*
 Create chart name and version as used by the chart label.
 */}}
-{{- define "chart.chart" -}}
+{{- define "simple-authenticator.chart" -}}
 {{- printf "%s-%s" .Chart.Name .Chart.Version | replace "+" "_" | trunc 63 | trimSuffix "-" }}
 {{- end }}
 
 {{/*
 Common labels
 */}}
-{{- define "chart.labels" -}}
-helm.sh/chart: {{ include "chart.chart" . }}
-{{ include "chart.selectorLabels" . }}
+{{- define "simple-authenticator.labels" -}}
+helm.sh/chart: {{ include "simple-authenticator.chart" . }}
+{{ include "simple-authenticator.selectorLabels" . }}
 {{- if .Chart.AppVersion }}
 app.kubernetes.io/version: {{ .Chart.AppVersion | quote }}
 {{- end }}
@@ -45,17 +45,17 @@ app.kubernetes.io/managed-by: {{ .Release.Service }}
 {{/*
 Selector labels
 */}}
-{{- define "chart.selectorLabels" -}}
-app.kubernetes.io/name: {{ include "chart.name" . }}
+{{- define "simple-authenticator.selectorLabels" -}}
+app.kubernetes.io/name: {{ include "simple-authenticator.name" . }}
 app.kubernetes.io/instance: {{ .Release.Name }}
 {{- end }}
 
 {{/*
 Create the name of the service account to use
 */}}
-{{- define "chart.serviceAccountName" -}}
+{{- define "simple-authenticator.serviceAccountName" -}}
 {{- if .Values.serviceAccount.create }}
-{{- default (include "chart.fullname" .) .Values.serviceAccount.name }}
+{{- default (include "simple-authenticator.fullname" .) .Values.serviceAccount.name }}
 {{- else }}
 {{- default "default" .Values.serviceAccount.name }}
 {{- end }}

chart/templates/basicauthenticator-crd.yaml → charts/simple-authenticator/templates/basicauthenticator-crd.yaml

@@ -3,18 +3,18 @@ kind: CustomResourceDefinition
 metadata:
   name: basicauthenticators.authenticator.snappcloud.io
   annotations:
-    cert-manager.io/inject-ca-from: '{{ .Release.Namespace }}/{{ include "chart.fullname"
+    cert-manager.io/inject-ca-from: '{{ .Release.Namespace }}/{{ include "simple-authenticator.fullname"
       . }}-serving-cert'
     controller-gen.kubebuilder.io/version: v0.11.1
   labels:
-  {{- include "chart.labels" . | nindent 4 }}
+  {{- include "simple-authenticator.labels" . | nindent 4 }}
 spec:
   conversion:
     strategy: Webhook
     webhook:
       clientConfig:
         service:
-          name: '{{ include "chart.fullname" . }}-webhook-service'
+          name: '{{ include "simple-authenticator.fullname" . }}-webhook-service'
           namespace: '{{ .Release.Namespace }}'
           path: /convert
       conversionReviewVersions:

chart/templates/deployment.yaml → charts/simple-authenticator/templates/deployment.yaml

@@ -1,24 +1,24 @@
 apiVersion: apps/v1
 kind: Deployment
 metadata:
-  name: {{ include "chart.fullname" . }}-controller-manager
+  name: {{ include "simple-authenticator.fullname" . }}-controller-manager
   labels:
     app.kubernetes.io/component: manager
     app.kubernetes.io/created-by: basicauthenticator
     app.kubernetes.io/part-of: basicauthenticator
     control-plane: controller-manager
-  {{- include "chart.labels" . | nindent 4 }}
+  {{- include "simple-authenticator.labels" . | nindent 4 }}
 spec:
   replicas: {{ .Values.controllerManager.replicas }}
   selector:
     matchLabels:
       control-plane: controller-manager
-    {{- include "chart.selectorLabels" . | nindent 6 }}
+    {{- include "simple-authenticator.selectorLabels" . | nindent 6 }}
   template:
     metadata:
       labels:
         control-plane: controller-manager
-      {{- include "chart.selectorLabels" . | nindent 8 }}
+      {{- include "simple-authenticator.selectorLabels" . | nindent 8 }}
       annotations:
         kubectl.kubernetes.io/default-container: manager
     spec:
@@ -90,7 +90,7 @@ spec:
           | nindent 10 }}
       securityContext:
         runAsNonRoot: true
-      serviceAccountName: {{ include "chart.fullname" . }}-controller-manager
+      serviceAccountName: {{ include "simple-authenticator.fullname" . }}-controller-manager
       terminationGracePeriodSeconds: 10
       volumes:
       - name: cert

chart/templates/leader-election-rbac.yaml → charts/simple-authenticator/templates/leader-election-rbac.yaml

@@ -1,12 +1,12 @@
 apiVersion: rbac.authorization.k8s.io/v1
 kind: Role
 metadata:
-  name: {{ include "chart.fullname" . }}-leader-election-role
+  name: {{ include "simple-authenticator.fullname" . }}-leader-election-role
   labels:
     app.kubernetes.io/component: rbac
     app.kubernetes.io/created-by: basicauthenticator
     app.kubernetes.io/part-of: basicauthenticator
-  {{- include "chart.labels" . | nindent 4 }}
+  {{- include "simple-authenticator.labels" . | nindent 4 }}
 rules:
 - apiGroups:
   - ""
@@ -43,17 +43,17 @@ rules:
 apiVersion: rbac.authorization.k8s.io/v1
 kind: RoleBinding
 metadata:
-  name: {{ include "chart.fullname" . }}-leader-election-rolebinding
+  name: {{ include "simple-authenticator.fullname" . }}-leader-election-rolebinding
   labels:
     app.kubernetes.io/component: rbac
     app.kubernetes.io/created-by: basicauthenticator
     app.kubernetes.io/part-of: basicauthenticator
-  {{- include "chart.labels" . | nindent 4 }}
+  {{- include "simple-authenticator.labels" . | nindent 4 }}
 roleRef:
   apiGroup: rbac.authorization.k8s.io
   kind: Role
-  name: '{{ include "chart.fullname" . }}-leader-election-role'
+  name: '{{ include "simple-authenticator.fullname" . }}-leader-election-role'
 subjects:
 - kind: ServiceAccount
-  name: '{{ include "chart.fullname" . }}-controller-manager'
+  name: '{{ include "simple-authenticator.fullname" . }}-controller-manager'
   namespace: '{{ .Release.Namespace }}'

chart/templates/manager-rbac.yaml → charts/simple-authenticator/templates/manager-rbac.yaml

@@ -1,9 +1,9 @@
 apiVersion: rbac.authorization.k8s.io/v1
 kind: ClusterRole
 metadata:
-  name: {{ include "chart.fullname" . }}-manager-role
+  name: {{ include "simple-authenticator.fullname" . }}-manager-role
   labels:
-  {{- include "chart.labels" . | nindent 4 }}
+  {{- include "simple-authenticator.labels" . | nindent 4 }}
 rules:
 - apiGroups:
   - apps
@@ -83,17 +83,17 @@ rules:
 apiVersion: rbac.authorization.k8s.io/v1
 kind: ClusterRoleBinding
 metadata:
-  name: {{ include "chart.fullname" . }}-manager-rolebinding
+  name: {{ include "simple-authenticator.fullname" . }}-manager-rolebinding
   labels:
     app.kubernetes.io/component: rbac
     app.kubernetes.io/created-by: basicauthenticator
     app.kubernetes.io/part-of: basicauthenticator
-  {{- include "chart.labels" . | nindent 4 }}
+  {{- include "simple-authenticator.labels" . | nindent 4 }}
 roleRef:
   apiGroup: rbac.authorization.k8s.io
   kind: ClusterRole
-  name: '{{ include "chart.fullname" . }}-manager-role'
+  name: '{{ include "simple-authenticator.fullname" . }}-manager-role'
 subjects:
 - kind: ServiceAccount
-  name: '{{ include "chart.fullname" . }}-controller-manager'
+  name: '{{ include "simple-authenticator.fullname" . }}-controller-manager'
   namespace: '{{ .Release.Namespace }}'

chart/templates/metrics-reader-rbac.yaml → charts/simple-authenticator/templates/metrics-reader-rbac.yaml

@@ -1,12 +1,12 @@
 apiVersion: rbac.authorization.k8s.io/v1
 kind: ClusterRole
 metadata:
-  name: {{ include "chart.fullname" . }}-metrics-reader
+  name: {{ include "simple-authenticator.fullname" . }}-metrics-reader
   labels:
     app.kubernetes.io/component: kube-rbac-proxy
     app.kubernetes.io/created-by: basicauthenticator
     app.kubernetes.io/part-of: basicauthenticator
-  {{- include "chart.labels" . | nindent 4 }}
+  {{- include "simple-authenticator.labels" . | nindent 4 }}
 rules:
 - nonResourceURLs:
   - /metrics

chart/templates/metrics-service.yaml → charts/simple-authenticator/templates/metrics-service.yaml

@@ -1,17 +1,17 @@
 apiVersion: v1
 kind: Service
 metadata:
-  name: {{ include "chart.fullname" . }}-controller-manager-metrics-service
+  name: {{ include "simple-authenticator.fullname" . }}-controller-manager-metrics-service
   labels:
     app.kubernetes.io/component: kube-rbac-proxy
     app.kubernetes.io/created-by: basicauthenticator
     app.kubernetes.io/part-of: basicauthenticator
     control-plane: controller-manager
-  {{- include "chart.labels" . | nindent 4 }}
+  {{- include "simple-authenticator.labels" . | nindent 4 }}
 spec:
   type: {{ .Values.metricsService.type }}
   selector:
     control-plane: controller-manager
-  {{- include "chart.selectorLabels" . | nindent 4 }}
+  {{- include "simple-authenticator.selectorLabels" . | nindent 4 }}
   ports:
 	{{- .Values.metricsService.ports | toYaml | nindent 2 -}}

chart/templates/mutating-webhook-configuration.yaml → charts/simple-authenticator/templates/mutating-webhook-configuration.yaml

@@ -1,17 +1,17 @@
 apiVersion: admissionregistration.k8s.io/v1
 kind: MutatingWebhookConfiguration
 metadata:
-  name: {{ include "chart.fullname" . }}-mutating-webhook-configuration
+  name: {{ include "simple-authenticator.fullname" . }}-mutating-webhook-configuration
   annotations:
-    cert-manager.io/inject-ca-from: {{ .Release.Namespace }}/{{ include "chart.fullname" . }}-serving-cert
+    cert-manager.io/inject-ca-from: {{ .Release.Namespace }}/{{ include "simple-authenticator.fullname" . }}-serving-cert
   labels:
-  {{- include "chart.labels" . | nindent 4 }}
+  {{- include "simple-authenticator.labels" . | nindent 4 }}
 webhooks:
 - admissionReviewVersions:
   - v1
   clientConfig:
     service:
-      name: '{{ include "chart.fullname" . }}-webhook-service'
+      name: '{{ include "simple-authenticator.fullname" . }}-webhook-service'
       namespace: '{{ .Release.Namespace }}'
       path: /mutate-authenticator-snappcloud-io-v1alpha1-basicauthenticator
   failurePolicy: Fail