From edd207c60c7f37845c54f2d1217d97c260f80e35 Mon Sep 17 00:00:00 2001 From: Emma Doyle Date: Sat, 27 Apr 2024 13:46:19 -0400 Subject: [PATCH 1/5] PLT-38: Use AWS ECR for Helm chart OCI artifacts --- src/jobs/helm/release/ecr.yml | 139 ++++++++++++++++++++++++++++++++ src/jobs/helm/release/nexus.yml | 2 +- 2 files changed, 140 insertions(+), 1 deletion(-) create mode 100644 src/jobs/helm/release/ecr.yml diff --git a/src/jobs/helm/release/ecr.yml b/src/jobs/helm/release/ecr.yml new file mode 100644 index 0000000..d3ff265 --- /dev/null +++ b/src/jobs/helm/release/ecr.yml @@ -0,0 +1,139 @@ +description: |+ + Publish Helm packages to AWS ECR hosted Helm repositories. +parameters: + resource-class: + type: enum + enum: + - small + - medium + - large + - xlarge + - 2xlarge + - premiscale/small + - premiscale/medium + default: small + executor: + description: Executor image to run as. + default: default + type: executor + helm-version: + description: Helm version to install. + type: string + default: v3.14.4 + version: + description: Version of the package to publish (helm package --version) + type: string + default: $CIRCLE_TAG + app-version: + description: Application version of the package (helm package --app-version) + type: string + default: '' + path: + description: Path of the Helm chart to package. Allows the use of matrices for multiple charts. + type: string + default: helm/$CIRCLE_PROJECT_REPONAME + repo: + description: Nexus Helm repository URL. + type: string + default: $HELM_REPOSITORY_URL + image-tag: + description: Update a Docker image tag in the chart. By default empty, do not execute this step. + default: '' + type: string + image-tag-path: + description: If path is different from .image.tag, update the path here for yq. + default: .image.tag + type: string + pre-command: + description: Run a command prior to packaging. + type: string + default: '' + aws-access-key-id: + description: AWS Access Key ID. + type: string + default: $AWS_ACCESS_KEY_ID + aws-secret-access-key: + description: AWS Secret Access Key ID. + type: string + default: $AWS_SECRET_ACCESS_KEY + aws-region: + description: Region of the ECR registry. + type: string + default: $AWS_DEFAULT_REGION + aws-account-id: + description: AWS Account ID. + type: string + default: $AWS_ACCOUNT_ID + aws-cli-version: + description: Version of the AWS CLI to install. + type: string + default: latest + immutable-repository: + description: Ensure image tags are immutable in an ECR repository if it has to create the repository. + type: boolean + default: false +executor: << parameters.executor >> +resource_class: << parameters.resource-class >> +steps: + - checkout + - helm/install-helm-client: + version: << parameters.helm-version >> + - aws-cli/install: + version: << parameters.aws-cli-version >> + # Optionally install yq for updating the Helm chart image tag. + - unless: + condition: + equal: [<< parameters.image-tag >>, ''] + steps: + - utils-install-yq + - run: + name: Update image tag + command: | + if [[ "<< parameters.image-tag >>" =~ v[0-9]+.[0-9]+.[0-9]+ ]]; then + export _DOCKER_TAG="$(printf "%s" "<< parameters.image-tag >>" | grep -oP "(?<=v).*" | awk NF)" + else + export _DOCKER_TAG="<< parameters.image-tag >>" + fi + yq -i "<< parameters.image-tag-path >> = \"$_DOCKER_TAG\"" << parameters.path >>/values.yaml + - run: + name: Helm registry login (ECR via 'aws ecr') + command: |+ + aws ecr get-login-password --region << parameters.aws-region >> | helm registry login --username AWS --password-stdin << parameters.aws-account-id >>.dkr.ecr.<< parameters.aws-region >>.amazonaws.com + - run: + name: Check ECR repository target + command: |+ + # If it does not exist, just create it. + if [ -z "$(aws ecr describe-repositories | jq -rMC ".repositories[] | select(.repositoryName == \"<< parameters.image-name >>\") | .repositoryName")" ]; then + printf "WARNING: Repository \"<< parameters.image-name >>\" does not exist. Creating.\\n" >&2 + if [ "<< parameters.immutable-repository >>" = "true" ]; then + printf "INFO: Creating image tag immutable repository.\\n" + aws ecr create-repository --repository-name "<< parameters.image-name >>" --image-tag-mutability IMMUTABLE + else + aws ecr create-repository --repository-name "<< parameters.image-name >>" --image-tag-mutability MUTABLE + fi + else + printf "INFO: Repository \"<< parameters.image-name >>\" already exists.\\n" + fi + - unless: + condition: + equal: [<< parameters.pre-command >>, ''] + steps: + - run: + name: Pre-command + command: << parameters.pre-command >> + - run: + name: Helm package + command: |+ + if [ -n "<< parameters.version >>" ] && [ -n "<< parameters.app-version >>" ]; then + helm package << parameters.path >> --dependency-update --version << parameters.version >> --app-version << parameters.app-version >> --destination << parameters.path >> + elif [ -n "<< parameters.version >>" ] && [ -z "<< parameters.app-version >>" ]; then + helm package << parameters.path >> --dependency-update --version << parameters.version >> --destination << parameters.path >> + elif [ -z "<< parameters.version >>" ] && [ -n "<< parameters.app-version >>" ]; then + helm package << parameters.path >> --dependency-update --app-version << parameters.app-version >> --destination << parameters.path >> + else + helm package << parameters.path >> --dependency-update --destination << parameters.path >> + fi + - run: + name: Helm push + command: |+ + helm push << parameters.path >>/*.tgz oci://<< parameters.aws-account-id >>.dkr.ecr.<< parameters.aws-region >>.amazonaws.com/ \ No newline at end of file diff --git a/src/jobs/helm/release/nexus.yml b/src/jobs/helm/release/nexus.yml index 7aae18f..0eecb7b 100644 --- a/src/jobs/helm/release/nexus.yml +++ b/src/jobs/helm/release/nexus.yml @@ -19,7 +19,7 @@ parameters: helm-version: description: Helm version to install. type: string - default: v3.8.2 + default: v3.14.4 version: description: Version of the package to publish (helm package --version) type: string From ae82918c91e060b86ddc1ad54a3c4c19bda2b2b0 Mon Sep 17 00:00:00 2001 From: Emma Doyle Date: Sat, 27 Apr 2024 13:52:53 -0400 Subject: [PATCH 2/5] PLT-38: Fix field name from image-name -> chart-name --- .pre-commit-config.yaml | 4 ++-- src/jobs/docker/ecr.yml | 4 ++-- src/jobs/helm/release/ecr.yml | 14 +++++++++----- 3 files changed, 13 insertions(+), 9 deletions(-) diff --git a/.pre-commit-config.yaml b/.pre-commit-config.yaml index 56f1131..689b28b 100644 --- a/.pre-commit-config.yaml +++ b/.pre-commit-config.yaml @@ -1,7 +1,7 @@ fail_fast: true repos: - repo: https://github.com/pre-commit/pre-commit-hooks - rev: v4.5.0 + rev: v4.6.0 hooks: - id: trailing-whitespace - id: check-added-large-files @@ -18,7 +18,7 @@ repos: - -x - repo: https://github.com/emmeowzing/dynamic-continuation-orb - rev: v3.7.1 + rev: v3.8.1 hooks: - id: circleci-config-validate diff --git a/src/jobs/docker/ecr.yml b/src/jobs/docker/ecr.yml index c323187..0bff7b4 100644 --- a/src/jobs/docker/ecr.yml +++ b/src/jobs/docker/ecr.yml @@ -65,7 +65,7 @@ parameters: type: string default: latest immutable-repository: - description: Ensure image tags are immutable in an ECR repository if it has to create the repository. + description: Ensure image tags are immutable in an ECR repository if it has to create the repository.. type: boolean default: false buildkit: @@ -86,7 +86,7 @@ steps: # If it does not exist, just create it. if [ -z "$(aws ecr describe-repositories | jq -rMC ".repositories[] | select(.repositoryName == \"<< parameters.image-name >>\") | .repositoryName")" ]; then printf "WARNING: Repository \"<< parameters.image-name >>\" does not exist. Creating.\\n" >&2 - if [ "<< parameters.immutable-repository >>" = "true" ]; then + if [ "<< parameters.ecr-immutable-repository >>" = "true" ]; then printf "INFO: Creating image tag immutable repository.\\n" aws ecr create-repository --repository-name "<< parameters.image-name >>" --image-tag-mutability IMMUTABLE else diff --git a/src/jobs/helm/release/ecr.yml b/src/jobs/helm/release/ecr.yml index d3ff265..7fefeda 100644 --- a/src/jobs/helm/release/ecr.yml +++ b/src/jobs/helm/release/ecr.yml @@ -16,6 +16,10 @@ parameters: description: Executor image to run as. default: default type: executor + chart-name: + description: Name of the Helm chart, and also the ECR repository. + default: $CIRCLE_PROJECT_REPONAME + type: string helm-version: description: Helm version to install. type: string @@ -103,16 +107,16 @@ steps: name: Check ECR repository target command: |+ # If it does not exist, just create it. - if [ -z "$(aws ecr describe-repositories | jq -rMC ".repositories[] | select(.repositoryName == \"<< parameters.image-name >>\") | .repositoryName")" ]; then - printf "WARNING: Repository \"<< parameters.image-name >>\" does not exist. Creating.\\n" >&2 + if [ -z "$(aws ecr describe-repositories | jq -rMC ".repositories[] | select(.repositoryName == \"<< parameters.chart-name >>\") | .repositoryName")" ]; then + printf "WARNING: Repository \"<< parameters.chart-name >>\" does not exist. Creating.\\n" >&2 if [ "<< parameters.immutable-repository >>" = "true" ]; then printf "INFO: Creating image tag immutable repository.\\n" - aws ecr create-repository --repository-name "<< parameters.image-name >>" --image-tag-mutability IMMUTABLE + aws ecr create-repository --repository-name "<< parameters.chart-name >>" --image-tag-mutability IMMUTABLE else - aws ecr create-repository --repository-name "<< parameters.image-name >>" --image-tag-mutability MUTABLE + aws ecr create-repository --repository-name "<< parameters.chart-name >>" --image-tag-mutability MUTABLE fi else - printf "INFO: Repository \"<< parameters.image-name >>\" already exists.\\n" + printf "INFO: Repository \"<< parameters.chart-name >>\" already exists.\\n" fi - unless: condition: From 065c8565314089f6c47a526b3f2bb1a46fef3ebd Mon Sep 17 00:00:00 2001 From: Emma Doyle Date: Sat, 27 Apr 2024 13:54:36 -0400 Subject: [PATCH 3/5] PLT-38: Fix field name / update --- src/jobs/docker/ecr.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/src/jobs/docker/ecr.yml b/src/jobs/docker/ecr.yml index 0bff7b4..1e19190 100644 --- a/src/jobs/docker/ecr.yml +++ b/src/jobs/docker/ecr.yml @@ -86,7 +86,7 @@ steps: # If it does not exist, just create it. if [ -z "$(aws ecr describe-repositories | jq -rMC ".repositories[] | select(.repositoryName == \"<< parameters.image-name >>\") | .repositoryName")" ]; then printf "WARNING: Repository \"<< parameters.image-name >>\" does not exist. Creating.\\n" >&2 - if [ "<< parameters.ecr-immutable-repository >>" = "true" ]; then + if [ "<< parameters.immutable-repository >>" = "true" ]; then printf "INFO: Creating image tag immutable repository.\\n" aws ecr create-repository --repository-name "<< parameters.image-name >>" --image-tag-mutability IMMUTABLE else From 3399b94c76eb6d7c105fa0d2aa912a836810adeb Mon Sep 17 00:00:00 2001 From: Emma Doyle Date: Sat, 27 Apr 2024 14:06:34 -0400 Subject: [PATCH 4/5] PLT-38: Respect the chart name set by the user. --- src/jobs/helm/release/ecr.yml | 18 +++++++++--------- 1 file changed, 9 insertions(+), 9 deletions(-) diff --git a/src/jobs/helm/release/ecr.yml b/src/jobs/helm/release/ecr.yml index 7fefeda..6a9958f 100644 --- a/src/jobs/helm/release/ecr.yml +++ b/src/jobs/helm/release/ecr.yml @@ -16,10 +16,6 @@ parameters: description: Executor image to run as. default: default type: executor - chart-name: - description: Name of the Helm chart, and also the ECR repository. - default: $CIRCLE_PROJECT_REPONAME - type: string helm-version: description: Helm version to install. type: string @@ -107,16 +103,20 @@ steps: name: Check ECR repository target command: |+ # If it does not exist, just create it. - if [ -z "$(aws ecr describe-repositories | jq -rMC ".repositories[] | select(.repositoryName == \"<< parameters.chart-name >>\") | .repositoryName")" ]; then - printf "WARNING: Repository \"<< parameters.chart-name >>\" does not exist. Creating.\\n" >&2 + + # Respect the package name set by the user in the Chart.yaml. + _CHART_NAME="$(yq '.name' << parameters.path >>/Chart.yaml)" + + if [ -z "$(aws ecr describe-repositories | jq -rMC ".repositories[] | select(.repositoryName == \"$_CHART_NAME\") | .repositoryName")" ]; then + printf "WARNING: Repository \"$_CHART_NAME\" does not exist. Creating.\\n" >&2 if [ "<< parameters.immutable-repository >>" = "true" ]; then printf "INFO: Creating image tag immutable repository.\\n" - aws ecr create-repository --repository-name "<< parameters.chart-name >>" --image-tag-mutability IMMUTABLE + aws ecr create-repository --repository-name "$_CHART_NAME" --image-tag-mutability IMMUTABLE else - aws ecr create-repository --repository-name "<< parameters.chart-name >>" --image-tag-mutability MUTABLE + aws ecr create-repository --repository-name "$_CHART_NAME" --image-tag-mutability MUTABLE fi else - printf "INFO: Repository \"<< parameters.chart-name >>\" already exists.\\n" + printf "INFO: Repository \"$_CHART_NAME\" already exists.\\n" fi - unless: condition: From c811654b387e06b43f38ae8e0680539baf9ca06c Mon Sep 17 00:00:00 2001 From: Emma Doyle Date: Sat, 27 Apr 2024 14:07:46 -0400 Subject: [PATCH 5/5] PLT-38: Minor nits --- src/jobs/helm/release/ecr.yml | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/src/jobs/helm/release/ecr.yml b/src/jobs/helm/release/ecr.yml index 6a9958f..898274b 100644 --- a/src/jobs/helm/release/ecr.yml +++ b/src/jobs/helm/release/ecr.yml @@ -88,12 +88,13 @@ steps: - utils-install-yq - run: name: Update image tag - command: | + command: |+ if [[ "<< parameters.image-tag >>" =~ v[0-9]+.[0-9]+.[0-9]+ ]]; then export _DOCKER_TAG="$(printf "%s" "<< parameters.image-tag >>" | grep -oP "(?<=v).*" | awk NF)" else export _DOCKER_TAG="<< parameters.image-tag >>" fi + yq -i "<< parameters.image-tag-path >> = \"$_DOCKER_TAG\"" << parameters.path >>/values.yaml - run: name: Helm registry login (ECR via 'aws ecr')