Add helm chart

Add the-deep api helmchart: deployment, ingress, configmap, secrets, argohooks, workers

Author: susilnem

.github/workflows/ci.yml

@@ -1,42 +1,93 @@
 name: Deep server 🤓 GH Action 🚧
 
 on:
+  workflow_call:
+    inputs:
+      push_docker_image:
+        type: string  # true or false
+        default: "false"
+    outputs:
+      docker_image_name:
+        description: "Only docker image name"
+        value: ${{ jobs.build_test.outputs.docker_image_name }}
+      docker_image_tag:
+        description: "Only docker image tag"
+        value: ${{ jobs.build_test.outputs.docker_image_tag }}
+      docker_image:
+        description: "docker image with tag"
+        value: ${{ jobs.build_test.outputs.docker_image }}
   pull_request:
-  push:
-    branches:
-      - develop
+  # NOTE: For other, they should be run through helm github action ./helm-publish.yml
+
 
 jobs:
   build_test:
     name: 🚴 Build + Test 🚴  # Match the name below (8398a7/action-slack).
     runs-on: ubuntu-latest
+
+    outputs:
+      docker_image_name: ${{ steps.prep.outputs.tagged_image_name }}
+      docker_image_tag: ${{ steps.prep.outputs.tag }}
+      docker_image: ${{ steps.prep.outputs.tagged_image }}
+
     steps:
       - uses: actions/checkout@master
 
+      - name: Login to GitHub Container Registry
+        uses: docker/login-action@v3
+        if: ${{ inputs.push_docker_image }}
+        with:
+          registry: ghcr.io
+          username: ${{ github.actor }}
+          password: ${{ secrets.GITHUB_TOKEN }}
+
       - name: 🐳 Prepare Docker
         id: prep
+        env:
+          IMAGE_NAME: ghcr.io/${{ github.repository }}
         run: |
-          TAG=$(echo $GITHUB_SHA | head -c7)
-          IMAGE="docker.pkg.github.com/the-deep/server"
-          echo "tagged_image=${IMAGE}:${TAG}" >> $GITHUB_OUTPUT
+          BRANCH_NAME=$(echo $GITHUB_REF_NAME | sed 's|:|-|' | tr '[:upper:]' '[:lower:]' | sed 's/_/-/g' | cut -c1-100 | sed 's/-*$//')
+
+          # XXX: Check if there is a slash in the BRANCH_NAME eg: project/add-docker
+          if [[ "$BRANCH_NAME" == *"/"* ]]; then
+              # XXX: Change the docker image package to -alpha
+              IMAGE_NAME="$IMAGE_NAME-alpha"
+              TAG="$(echo "$BRANCH_NAME" | sed 's|/|-|g').$(echo $GITHUB_SHA | head -c7)"
+          else
+              TAG="$BRANCH_NAME.$(echo $GITHUB_SHA | head -c7)"
+          fi
+
+          IMAGE_NAME=$(echo $IMAGE_NAME | tr '[:upper:]' '[:lower:]')
+          echo "tagged_image_name=${IMAGE_NAME}" >> $GITHUB_OUTPUT
           echo "tag=${TAG}" >> $GITHUB_OUTPUT
+          echo "tagged_image=${IMAGE_NAME}:${TAG}" >> $GITHUB_OUTPUT
+          echo "::notice::Tagged docker image: ${IMAGE_NAME}:${TAG}"
+
       - name: 🐳 Set up Docker Buildx
         id: buildx
-        uses: docker/setup-buildx-action@master
+        uses: docker/setup-buildx-action@v3
+
+      - name: 🐳 Cache Docker layers
+        uses: actions/cache@v4
+        with:
+          path: /tmp/.buildx-cache
+          key: ${{ runner.os }}-buildx-${{ github.ref }}
+          restore-keys: |
+            ${{ runner.os }}-buildx-refs/develop
+            ${{ runner.os }}-buildx-
 
       - name: 🐳 Build image
-        uses: docker/build-push-action@v4
+        uses: docker/build-push-action@v6
         with:
           context: .
           builder: ${{ steps.buildx.outputs.name }}
           file: Dockerfile
           push: false # This would be set to true in a real world deployment scenario.
           load: true
-          target: worker # this has all the dep
+          provenance: false  # XXX: Without this we have untagged images in ghcr.io
           tags: ${{ steps.prep.outputs.tagged_image }}
-          # Using experimental GH api: https://docs.docker.com/build/ci/github-actions/cache/#cache-backend-api
-          cache-from: type=gha
-          cache-to: type=gha,mode=max
+          cache-from: type=local,src=/tmp/.buildx-cache
+          cache-to: type=local,dest=/tmp/.buildx-cache-new
 
       - name: 🕮 Validate latest graphql schema.
         env:
@@ -78,6 +129,22 @@ jobs:
           branch: gh-pages
           folder: ./coverage/htmlcov
 
+      - name: 🐳 Docker push
+        if: ${{ inputs.push_docker_image }}
+        uses: docker/build-push-action@v6
+        with:
+          tags: ${{ steps.prep.outputs.tagged_image }}
+          push: true
+
+        # Temp fix
+        # https://github.com/docker/build-push-action/blob/master/docs/advanced/cache.md#github-cache
+        # https://github.com/docker/build-push-action/issues/252
+        # https://github.com/moby/buildkit/issues/1896
+      - name: 🐳 Move docker cache (🧙 Hack fix)
+        run: |
+          rm -rf /tmp/.buildx-cache
+          mv /tmp/.buildx-cache-new /tmp/.buildx-cache
+
       - uses: 8398a7/action-slack@v3
         with:
           status: custom
@@ -94,3 +161,24 @@ jobs:
         env:
           SLACK_WEBHOOK_URL: ${{ secrets.SLACK_WEBHOOK }}
         if: always() # Pick up events even if the job fails or is canceled.
+
+  validate_helm:
+    name: 🚴 Validate Helm 🚴
+    runs-on: ubuntu-latest
+
+    steps:
+      - uses: actions/checkout@main
+
+      - name: Install Helm
+        uses: azure/setup-helm@v4
+
+      - name: 🐳 Helm dependency
+        run: |
+          yq --indent 0 '.dependencies | map(["helm", "repo", "add", .name, .repository] | join(" ")) | .[]' ./helm/Chart.lock  | sh --
+          helm dependency build ./helm
+
+      - name: 🐳 Helm lint
+        run: helm lint ./helm --values ./helm/values-test.yaml
+
+      - name: 🐳 Helm template
+        run: helm template ./helm --values ./helm/values-test.yaml

.github/workflows/helm-publish.yml

@@ -0,0 +1,83 @@
+name: Builds and pushes Docker Images and Helm charts to Github Registry
+
+on:
+  workflow_dispatch:
+  push:
+    branches:
+      - develop
+      - project/*
+    # XXX: To add tags: Update the -alpha logic
+
+permissions:
+  packages: write
+
+jobs:
+  ci:
+    name: CI
+    uses: ./.github/workflows/ci.yml
+    with:
+      push_docker_image: true
+
+  build:
+    name: Publish Helm
+    needs: ci
+    runs-on: ubuntu-latest
+
+    steps:
+    - name: Checkout code
+      uses: actions/checkout@v4
+
+    - name: Login to GitHub Container Registry
+      uses: docker/login-action@v3
+      with:
+        registry: ghcr.io
+        username: ${{ github.actor }}
+        password: ${{ secrets.GITHUB_TOKEN }}
+
+    - name: Install Helm
+      uses: azure/setup-helm@v3
+
+    - name: 🐳 Helm dependency
+      run: |
+        yq --indent 0 '.dependencies | map(["helm", "repo", "add", .name, .repository] | join(" ")) | .[]' ./helm/Chart.lock  | sh --
+        helm dependency build ./helm
+
+    - name: Tag docker image in Helm Chart values.yaml
+      env:
+        IMAGE_NAME: ${{ needs.ci.outputs.docker_image_name }}
+        IMAGE_TAG: ${{ needs.ci.outputs.docker_image_tag }}
+      run: |
+        # Update values.yaml with latest docker image
+        sed -i "s|SET-BY-CICD-IMAGE|$IMAGE_NAME|" helm/values.yaml
+        sed -i "s/SET-BY-CICD-TAG/$IMAGE_TAG/" helm/values.yaml
+
+    - name: Package Helm Chart
+      id: set-variables
+      env:
+        IMAGE_TAG: ${{ needs.ci.outputs.docker_image_tag }}
+      run: |
+        # XXX: Check if there is a slash in the BRANCH_NAME eg: project/add-docker
+        if [[ "$GITHUB_REF_NAME" == *"/"* ]]; then
+            # XXX: Change the helm chart to <chart-name>-alpha
+            sed -i 's/^name: \(.*\)/name: \1-alpha/' helm/Chart.yaml
+        fi
+
+        sed -i "s/SET-BY-CICD/$IMAGE_TAG/g" helm/Chart.yaml
+        helm package ./helm -d .helm-charts
+
+    - name: Push Helm Chart
+      env:
+        IMAGE: ${{ needs.ci.outputs.docker_image }}
+        OCI_REPO: oci://ghcr.io/${{ github.repository }}
+      run: |
+        OCI_REPO=$(echo $OCI_REPO | tr '[:upper:]' '[:lower:]')
+        PACKAGE_FILE=$(ls .helm-charts/*.tgz | head -n 1)
+        echo "# Helm Chart" >> $GITHUB_STEP_SUMMARY
+        echo "" >> $GITHUB_STEP_SUMMARY
+        echo "Tagged Image: **$IMAGE**" >> $GITHUB_STEP_SUMMARY
+        echo "" >> $GITHUB_STEP_SUMMARY
+        echo "Helm push output" >> $GITHUB_STEP_SUMMARY
+        echo "" >> $GITHUB_STEP_SUMMARY
+        echo '```bash' >> $GITHUB_STEP_SUMMARY
+        helm push "$PACKAGE_FILE" $OCI_REPO >> $GITHUB_STEP_SUMMARY
+        echo '```' >> $GITHUB_STEP_SUMMARY

helm/.gitignore

@@ -0,0 +1,2 @@
+charts
+values-local.yaml

helm/.helmignore

@@ -0,0 +1,23 @@
+# Patterns to ignore when building packages.
+# This supports shell glob matching, relative path matching, and
+# negation (prefixed with !). Only one pattern per line.
+.DS_Store
+# Common VCS dirs
+.git/
+.gitignore
+.bzr/
+.bzrignore
+.hg/
+.hgignore
+.svn/
+# Common backup files
+*.swp
+*.bak
+*.tmp
+*.orig
+*~
+# Various IDEs
+.project
+.idea/
+*.tmproj
+.vscode/

helm/Chart.lock

@@ -0,0 +1,9 @@
+dependencies:
+- name: redis
+  repository: https://charts.bitnami.com/bitnami
+  version: 20.2.1
+- name: postgresql
+  repository: https://charts.bitnami.com/bitnami
+  version: 15.5.32
+digest: sha256:d9755a578cb81acf58b8d5fe937eb76d14f210666d8e2859328c9055a9dfba8a
+generated: "2024-12-29T10:25:00.270180265+05:45"

helm/Chart.yaml

@@ -0,0 +1,18 @@
+apiVersion: v2
+name: the-deep-helm
+description: "Helm Chart to deploy the deep server Infrastructure"
+
+type: application
+version: 0.0.1-SET-BY-CICD
+sources:
+  - https://github.com/the-deep/server
+
+dependencies:
+  - name: redis
+    version: "20.2.1"
+    repository: https://charts.bitnami.com/bitnami
+    condition: redis.enabled
+  - name: postgresql
+    version: 15.5.32
+    condition: postgresql.enabled
+    repository: https://charts.bitnami.com/bitnami

helm/templates/_helpers.tpl

@@ -0,0 +1,54 @@
+{{/*
+    Expand the name of the chart.
+*/}}
+{{- define "the-deep.name" -}}
+    {{- default .Chart.Name .Values.nameOverride | trunc 63 | trimSuffix "-" }}
+{{- end }}
+
+{{/*
+    Create a default fully qualified app name.
+    We truncate at 63 chars because some Kubernetes name fields are limited to this (by the DNS naming spec).
+    If release name contains chart name it will be used as a full name.
+    https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#dns-label-names
+*/}}
+    {{- define "the-deep.fullname" -}}
+        {{- if .Values.fullnameOverride }}
+            {{- .Values.fullnameOverride | trunc 63 | trimSuffix "-" }}
+        {{- else }}
+            {{- $name := default .Chart.Name .Values.nameOverride }}
+            {{- if contains $name .Release.Name }}
+                {{- .Release.Name | trunc 63 | trimSuffix "-" }}
+            {{- else }}
+                {{- printf "%s-%s" .Release.Name $name | trunc 63 | trimSuffix "-" }}
+        {{- end }}
+    {{- end }}
+{{- end }}
+
+{{/*
+    Create chart name and version as used by the chart label.
+*/}}
+{{- define "the-deep.chart" -}}
+    {{- printf "%s-%s" .Chart.Name .Chart.Version | replace "+" "_" | trunc 63 | trimSuffix "-" }}
+{{- end }}
+
+{{/*
+    Create the name of the service account to use
+*/}}
+    {{- define "the-deep.serviceAccountName" -}}
+        {{- if .Values.serviceAccount.create }}
+            {{- default (include "the-deep.fullname" .) .Values.serviceAccount.name }}
+        {{- else }}
+            {{- default "default" .Values.serviceAccount.name }}
+    {{- end }}
+{{- end }}
+
+{{/*
+    Create the name of the secret to be used by the the-deep
+*/}}
+{{- define "the-deep.secretname" -}}
+    {{- if .Values.secretsName }}
+        {{- .Values.secretsName -}}
+    {{- else }}
+        {{- printf "%s-secret" (include "the-deep.fullname" .) -}}
+    {{- end -}}
+{{- end -}}