Merge pull request #38 from premiscale/PLT-38

PLT-38: Use AWS ECR for Helm chart OCI artifacts

.pre-commit-config.yaml

@@ -1,7 +1,7 @@
 fail_fast: true
 repos:
   - repo: https://github.com/pre-commit/pre-commit-hooks
-    rev: v4.5.0
+    rev: v4.6.0
     hooks:
       - id: trailing-whitespace
       - id: check-added-large-files
@@ -18,7 +18,7 @@ repos:
           - -x
 
   - repo: https://github.com/emmeowzing/dynamic-continuation-orb
-    rev: v3.7.1
+    rev: v3.8.1
     hooks:
       - id: circleci-config-validate
 

src/jobs/docker/ecr.yml

@@ -65,7 +65,7 @@ parameters:
     type: string
     default: latest
   immutable-repository:
-    description: Ensure image tags are immutable in an ECR repository if it has to create the repository.
+    description: Ensure image tags are immutable in an ECR repository if it has to create the repository..
     type: boolean
     default: false
   buildkit:

src/jobs/helm/release/ecr.yml

@@ -0,0 +1,144 @@
+description: |+
+  Publish Helm packages to AWS ECR hosted Helm repositories.
+parameters:
+  resource-class:
+    type: enum
+    enum:
+      - small
+      - medium
+      - large
+      - xlarge
+      - 2xlarge
+      - premiscale/small
+      - premiscale/medium
+    default: small
+  executor:
+    description: Executor image to run as.
+    default: default
+    type: executor
+  helm-version:
+    description: Helm version to install.
+    type: string
+    default: v3.14.4
+  version:
+    description: Version of the package to publish (helm package --version)
+    type: string
+    default: $CIRCLE_TAG
+  app-version:
+    description: Application version of the package (helm package --app-version)
+    type: string
+    default: ''
+  path:
+    description: Path of the Helm chart to package. Allows the use of matrices for multiple charts.
+    type: string
+    default: helm/$CIRCLE_PROJECT_REPONAME
+  repo:
+    description: Nexus Helm repository URL.
+    type: string
+    default: $HELM_REPOSITORY_URL
+  image-tag:
+    description: Update a Docker image tag in the chart. By default empty, do not execute this step.
+    default: ''
+    type: string
+  image-tag-path:
+    description: If path is different from .image.tag, update the path here for yq.
+    default: .image.tag
+    type: string
+  pre-command:
+    description: Run a command prior to packaging.
+    type: string
+    default: ''
+  aws-access-key-id:
+    description: AWS Access Key ID.
+    type: string
+    default: $AWS_ACCESS_KEY_ID
+  aws-secret-access-key:
+    description: AWS Secret Access Key ID.
+    type: string
+    default: $AWS_SECRET_ACCESS_KEY
+  aws-region:
+    description: Region of the ECR registry.
+    type: string
+    default: $AWS_DEFAULT_REGION
+  aws-account-id:
+    description: AWS Account ID.
+    type: string
+    default: $AWS_ACCOUNT_ID
+  aws-cli-version:
+    description: Version of the AWS CLI to install.
+    type: string
+    default: latest
+  immutable-repository:
+    description: Ensure image tags are immutable in an ECR repository if it has to create the repository.
+    type: boolean
+    default: false
+executor: << parameters.executor >>
+resource_class: << parameters.resource-class >>
+steps:
+  - checkout
+  - helm/install-helm-client:
+      version: << parameters.helm-version >>
+  - aws-cli/install:
+      version: << parameters.aws-cli-version >>
+  # Optionally install yq for updating the Helm chart image tag.
+  - unless:
+      condition:
+        equal: [<< parameters.image-tag >>, '']
+      steps:
+        - utils-install-yq
+        - run:
+            name: Update image tag
+            command: |+
+              if [[ "<< parameters.image-tag >>" =~ v[0-9]+.[0-9]+.[0-9]+ ]]; then
+                  export _DOCKER_TAG="$(printf "%s" "<< parameters.image-tag >>" | grep -oP "(?<=v).*" | awk NF)"
+              else
+                  export _DOCKER_TAG="<< parameters.image-tag >>"
+              fi
+
+              yq -i "<< parameters.image-tag-path >> = \"$_DOCKER_TAG\"" << parameters.path >>/values.yaml
+  - run:
+      name: Helm registry login (ECR via 'aws ecr')
+      command: |+
+        aws ecr get-login-password --region << parameters.aws-region >> | helm registry login --username AWS --password-stdin << parameters.aws-account-id >>.dkr.ecr.<< parameters.aws-region >>.amazonaws.com
+  - run:
+      name: Check ECR repository target
+      command: |+
+        # If it does not exist, just create it.
+
+        # Respect the package name set by the user in the Chart.yaml.
+        _CHART_NAME="$(yq '.name' << parameters.path >>/Chart.yaml)"
+
+        if [ -z "$(aws ecr describe-repositories | jq -rMC ".repositories[] | select(.repositoryName == \"$_CHART_NAME\") | .repositoryName")" ]; then
+            printf "WARNING: Repository \"$_CHART_NAME\" does not exist. Creating.\\n" >&2
+            if [ "<< parameters.immutable-repository >>" = "true" ]; then
+                printf "INFO: Creating image tag immutable repository.\\n"
+                aws ecr create-repository --repository-name "$_CHART_NAME" --image-tag-mutability IMMUTABLE
+            else
+                aws ecr create-repository --repository-name "$_CHART_NAME" --image-tag-mutability MUTABLE
+            fi
+        else
+            printf "INFO: Repository \"$_CHART_NAME\" already exists.\\n"
+        fi
+  - unless:
+      condition:
+        equal: [<< parameters.pre-command >>, '']
+      steps:
+        - run:
+            name: Pre-command
+            command: << parameters.pre-command >>
+  - run:
+      name: Helm package
+      command: |+
+        if [ -n "<< parameters.version >>" ] && [ -n "<< parameters.app-version >>" ]; then
+            helm package << parameters.path >> --dependency-update --version << parameters.version >> --app-version << parameters.app-version >> --destination << parameters.path >>
+        elif [ -n "<< parameters.version >>" ] && [ -z "<< parameters.app-version >>" ]; then
+            helm package << parameters.path >> --dependency-update --version << parameters.version >> --destination << parameters.path >>
+        elif [ -z "<< parameters.version >>" ] && [ -n "<< parameters.app-version >>" ]; then
+            helm package << parameters.path >> --dependency-update --app-version << parameters.app-version >> --destination << parameters.path >>
+        else
+            helm package << parameters.path >> --dependency-update --destination << parameters.path >>
+        fi
+  - run:
+      name: Helm push
+      command: |+
+        helm push << parameters.path >>/*.tgz oci://<< parameters.aws-account-id >>.dkr.ecr.<< parameters.aws-region >>.amazonaws.com/

src/jobs/helm/release/nexus.yml

@@ -19,7 +19,7 @@ parameters:
   helm-version:
     description: Helm version to install.
     type: string
-    default: v3.8.2
+    default: v3.14.4
   version:
     description: Version of the package to publish (helm package --version)
     type: string