From d265c06ce7688318d576f5e9b71c357cf85f3f85 Mon Sep 17 00:00:00 2001 From: Thomas Ferrandiz Date: Thu, 10 Aug 2023 09:13:57 +0000 Subject: [PATCH] Add chart validation tests validate-charts runs as part of 'make validate' step and checks that all images used in packaged charts: - use systemGlobalRegistry - are present in script/build-images --- Dockerfile | 24 +++----- Makefile | 7 ++- chart_versions.csv | 15 +++++ scripts/validate-charts | 130 ++++++++++++++++++++++++++++++++++++++++ 4 files changed, 159 insertions(+), 17 deletions(-) create mode 100644 chart_versions.csv create mode 100755 scripts/validate-charts diff --git a/Dockerfile b/Dockerfile index a2a0e59695b..67f49df6806 100644 --- a/Dockerfile +++ b/Dockerfile @@ -18,7 +18,8 @@ RUN set -x && \ py3-pip \ pigz \ tar \ - yq + yq \ + helm RUN if [ "${ARCH}" = "amd64" ]; then \ apk --no-cache add mingw-w64-gcc; \ @@ -105,21 +106,12 @@ ARG KUBERNETES_VERSION="" ARG CACHEBUST="cachebust" COPY charts/ /charts/ RUN echo ${CACHEBUST}>/dev/null -RUN CHART_VERSION="1.14.000" CHART_FILE=/charts/rke2-cilium.yaml CHART_BOOTSTRAP=true /charts/build-chart.sh -RUN CHART_VERSION="v3.26.1-build2023080200" CHART_FILE=/charts/rke2-canal.yaml CHART_BOOTSTRAP=true /charts/build-chart.sh -RUN CHART_VERSION="v3.26.100" CHART_FILE=/charts/rke2-calico.yaml CHART_BOOTSTRAP=true /charts/build-chart.sh -RUN CHART_VERSION="v3.26.100" CHART_FILE=/charts/rke2-calico-crd.yaml CHART_BOOTSTRAP=true /charts/build-chart.sh -RUN CHART_VERSION="1.24.004" CHART_FILE=/charts/rke2-coredns.yaml CHART_BOOTSTRAP=true /charts/build-chart.sh -RUN CHART_VERSION="4.6.100" CHART_FILE=/charts/rke2-ingress-nginx.yaml CHART_BOOTSTRAP=false /charts/build-chart.sh -RUN CHART_VERSION="2.11.100-build2023051509" CHART_FILE=/charts/rke2-metrics-server.yaml CHART_BOOTSTRAP=false /charts/build-chart.sh -RUN CHART_VERSION="v4.0.2-build2023070703" CHART_FILE=/charts/rke2-multus.yaml CHART_BOOTSTRAP=true /charts/build-chart.sh -RUN CHART_VERSION="1.5.100" CHART_FILE=/charts/rancher-vsphere-cpi.yaml CHART_BOOTSTRAP=true /charts/build-chart.sh -RUN CHART_VERSION="3.0.1-rancher101" CHART_FILE=/charts/rancher-vsphere-csi.yaml CHART_BOOTSTRAP=true /charts/build-chart.sh -RUN CHART_VERSION="0.2.200" CHART_FILE=/charts/harvester-cloud-provider.yaml CHART_BOOTSTRAP=true /charts/build-chart.sh -RUN CHART_VERSION="0.1.1600" CHART_FILE=/charts/harvester-csi-driver.yaml CHART_BOOTSTRAP=true /charts/build-chart.sh -RUN CHART_VERSION="1.7.202" CHART_FILE=/charts/rke2-snapshot-controller.yaml CHART_BOOTSTRAP=false /charts/build-chart.sh -RUN CHART_VERSION="1.7.202" CHART_FILE=/charts/rke2-snapshot-controller-crd.yaml CHART_BOOTSTRAP=false /charts/build-chart.sh -RUN CHART_VERSION="1.7.300" CHART_FILE=/charts/rke2-snapshot-validation-webhook.yaml CHART_BOOTSTRAP=false /charts/build-chart.sh +COPY chart_versions.csv /charts/chart_versions.csv +RUN while IFS="," read -r version filename bootstrap; do \ + CHART_VERSION=$version CHART_FILE=$filename CHART_BOOTSTRAP=$bootstrap /charts/build-chart.sh; \ + done < /charts/chart_versions.csv + + RUN rm -vf /charts/*.sh /charts/*.md # rke2-runtime image diff --git a/Makefile b/Makefile index 335b790eef7..73444032fa0 100644 --- a/Makefile +++ b/Makefile @@ -17,7 +17,7 @@ ci-shell: clean .dapper ## Launch a shell in the CI environment .PHONY: dapper-ci dapper-ci: .ci ## Used by Drone CI, does the same as "ci" but in a Drone way -.ci: validate build package +.ci: validate validate-charts build package .PHONY: build build: ## Build using host go tools @@ -71,6 +71,11 @@ validate: ## Run go fmt/vet validate-release: ./scripts/validate-release +.PHONY: validate-charts +validate-charts: + ./scripts/validate-charts + + .PHONY: run run: build-debug ./scripts/run diff --git a/chart_versions.csv b/chart_versions.csv new file mode 100644 index 00000000000..d9a6214126a --- /dev/null +++ b/chart_versions.csv @@ -0,0 +1,15 @@ +1.14.000,/charts/rke2-cilium.yaml,true +v3.26.1-build2023080200,/charts/rke2-canal.yaml,true +v3.26.100,/charts/rke2-calico.yaml,true +v3.26.100,/charts/rke2-calico-crd.yaml,true +1.24.004,/charts/rke2-coredns.yaml,true +4.6.100,/charts/rke2-ingress-nginx.yaml,false +2.11.100-build2023051509,/charts/rke2-metrics-server.yaml,false +v4.0.2-build2023070703,charts/rke2-multus.yaml,true +1.5.100,/charts/rancher-vsphere-cpi.yaml,true +3.0.1-rancher101,/charts/rancher-vsphere-csi.yaml,true +0.2.200,/charts/harvester-cloud-provider.yaml,true +0.1.1600,/charts/harvester-csi-driver.yaml,true +1.7.202,/charts/rke2-snapshot-controller.yaml,false +1.7.202,/charts/rke2-snapshot-controller-crd.yaml,false +1.7.300,/charts/rke2-snapshot-validation-webhook.yaml,false diff --git a/scripts/validate-charts b/scripts/validate-charts new file mode 100755 index 00000000000..74ec17f0cf6 --- /dev/null +++ b/scripts/validate-charts @@ -0,0 +1,130 @@ +#!/usr/bin/env bash +set -e + +info() { + echo '[INFO] ' "$@" +} + +error() { + echo '[ERROR] ' "$@" >&2 +} + +fatal() { + echo '[ERROR] ' "$@" >&2 + exit 1 +} + +cleanup() { + exit_code=$? + trap - EXIT INT + rm -rf /tmp/tmp.*.tar.gz + exit ${exit_code} +} +trap cleanup EXIT INT + + +download_chart() { + chart_version=$1 + chart_name=$2 + bootstrap=$3 + + chart_package=${chart_name%%-crd} + + chart_url=${CHART_REPO:="https://rke2-charts.rancher.io"}/assets/${chart_package}/${chart_name}-${chart_version:="v0.0.0"}.tgz + + chart_tmp=$(mktemp --suffix .tar.gz) + + curl -fsSL "${chart_url}" -o "${chart_tmp}" + + echo $chart_tmp +} + +check_system_registry() { + chart_version=$1 + chart_name=$2 + chart_tmp=$3 + + yaml_tmp=$(mktemp --suffix .yaml) + + values="global.systemDefaultRegistry=my-registry" + if [[ $chart_name == 'rancher-vsphere-csi' ]]; then + values="$values,vCenter.clusterId=test-id" + fi + helm template test-chart --set $values $chart_tmp > $yaml_tmp; + + awk '$1 ~ /^image:/ { + if( $2 !~ /my-registry/) { + print $2 + } + } + ' $yaml_tmp +} + +check_airgap() { + chart_version=$1 + chart_name=$2 + chart_tmp=$3 + + yaml_tmp=$(mktemp --suffix .yaml) + values="global.systemDefaultRegistry=my-registry" + if [[ $chart_name == 'rancher-vsphere-csi' ]]; then + values="$values,vCenter.clusterId=test-id" + fi + helm template test-chart --set $values $chart_tmp > $yaml_tmp; + + awk '$1 ~ /^image:/ { + sub(/my-registry\//, "", $2) + gsub(/"/, "", $2) + print $2 + } + ' $yaml_tmp | \ + while read image + do + if ! grep -q $image scripts/build-images; then + echo $image + fi + done +} + +declare -A NO_SYSTEM_REGISTRY +declare -A NOT_FOUND + +while IFS="," read -r version filename bootstrap +do + chart_name=$(basename "${filename%%.yaml}") + chart_tmp=$(download_chart $version $chart_name $bootstrap) + + info "Validating chart $chart_name..." + + no_system_registry=$(check_system_registry $version $chart_name $chart_tmp) + if ! [ -z "$no_system_registry" ]; then + NO_SYSTEM_REGISTRY[$chart_name]=$no_system_registry + fi + + not_found=$(check_airgap $version $chart_name $chart_tmp) + if ! [ -z "$not_found" ]; then + NOT_FOUND[$chart_name]=$not_found + fi +done < chart_versions.csv + +failed=false + +if [ ${#NO_SYSTEM_REGISTRY[@]} -ge 0 ]; then + failed=true + for chart in "${!NO_SYSTEM_REGISTRY[@]}" + do + error "Images not using systemGlobalRegistry in chart '$chart': ${NO_SYSTEM_REGISTRY[$chart]}" + done + error "Please use systemGlobalRegistry for above images" +fi + +if [ ${#NOT_FOUND[@]} -ge 0 ]; then + failed=true + for chart in "${!NOT_FOUND[@]}" + do + error "Missing images for chart '$chart': ${NOT_FOUND[$chart]}" + done + error "Please include above images in build-images" +fi + +fatal "Please fix the issues above"