diff --git a/.github/ct.yaml b/.github/ct.yaml new file mode 100644 index 0000000..7e33cf3 --- /dev/null +++ b/.github/ct.yaml @@ -0,0 +1,29 @@ +# Configuration for chart-testing (ct), used by .github/workflows/lint-and-test.yaml +# Full reference: https://github.com/helm/chart-testing + +chart-dirs: + - charts + +target-branch: main + +# Chart.yaml does not declare a maintainers list today; enabling this would +# block linting. Revisit if a maintainers list is added. +validate-maintainers: false + +# Defaults below are made explicit to document the chart's CI policy +# rather than relying on ct's built-in defaults. +check-version-increment: true +validate-chart-schema: true +validate-yaml: true + +# In-place upgrade testing (disabled). ct's `--upgrade` doesn't exercise +# `helm upgrade` against an existing deployed release the way users would +# expect; it installs the previous revision into an ephemeral namespace, +# upgrades to current, then tears down. Combined with the ~2x CI runtime +# cost, not worth enabling right now. Revisit if ct's upgrade semantics +# change or maintainers want to opt in. +upgrade: false + +# Passed through to `helm install` during `ct install`. 15-minute timeout +# accommodates Graylog's startup time on minimal-resource CI runners. +helm-extra-args: --timeout=900s diff --git a/.github/workflows/lint-and-test.yaml b/.github/workflows/lint-and-test.yaml index a79a3eb..18b937c 100644 --- a/.github/workflows/lint-and-test.yaml +++ b/.github/workflows/lint-and-test.yaml @@ -7,8 +7,87 @@ on: branches: ["main"] jobs: - lint: + helm-ct-lint: runs-on: ubuntu-latest + strategy: + fail-fast: false + matrix: + helm-version: + - v3.16.4 + - v4.2.0 steps: - - uses: actions/checkout@v3 - - run: helm lint charts/graylog + - name: Checkout + uses: actions/checkout@v6 + with: + fetch-depth: 0 + + - name: Set up Helm + uses: azure/setup-helm@v5 + with: + version: ${{ matrix.helm-version }} + + - name: Set up chart-testing + uses: helm/chart-testing-action@v2.8.0 + + - name: Run ct lint + run: ct lint --config .github/ct.yaml --all + + helm-ct-install: + runs-on: ubuntu-latest + needs: helm-ct-lint + strategy: + fail-fast: false + # Asymmetric K8s × Helm matrix: full K8s coverage on Helm 3 (the chart's + # stated minimum per docs/TESTING.md), with Helm 4 added as bonus coverage + # on the most recent K8s version. Expand by adding more `include:` entries. + matrix: + include: + - helm-version: v3.16.4 + k8s-version: v1.32.11 + - helm-version: v3.16.4 + k8s-version: v1.33.7 + - helm-version: v3.16.4 + k8s-version: v1.34.3 + - helm-version: v4.2.0 + k8s-version: v1.34.3 + steps: + - name: Checkout + uses: actions/checkout@v6 + with: + fetch-depth: 0 + + - name: Set up Helm + uses: azure/setup-helm@v5 + with: + version: ${{ matrix.helm-version }} + + - name: Set up chart-testing + uses: helm/chart-testing-action@v2.8.0 + + - name: Create kind cluster + uses: helm/kind-action@v1.14.0 + with: + node_image: kindest/node:${{ matrix.k8s-version }} + + - name: Install MongoDB Kubernetes Operator + run: | + helm upgrade --install mongodb-kubernetes-operator mongodb-kubernetes \ + --repo https://mongodb.github.io/helm-charts \ + --version "1.6.1" \ + --set operator.watchNamespace="*" \ + --namespace operators \ + --create-namespace \ + --wait \ + --timeout 5m + + - name: Generate ephemeral CI rootPassword and mask in workflow logs + id: ci-root-password + run: | + password=$(openssl rand -hex 16) + echo "::add-mask::${password}" + echo "value=${password}" >> "$GITHUB_OUTPUT" + + - name: Run ct install + run: | + ct install --config .github/ct.yaml --all \ + --helm-extra-set-args "--set graylog.config.rootPassword=${{ steps.ci-root-password.outputs.value }}" diff --git a/charts/graylog/Chart.yaml b/charts/graylog/Chart.yaml index 2f301d3..052f68d 100644 --- a/charts/graylog/Chart.yaml +++ b/charts/graylog/Chart.yaml @@ -65,4 +65,4 @@ annotations: # This is the chart version. version: 1.0.0 # This is the version number of the Graylog application bundled with this chart. -appVersion: "7.0" \ No newline at end of file +appVersion: "7.0" diff --git a/charts/graylog/ci/ci-values.yaml b/charts/graylog/ci/ci-values.yaml new file mode 100644 index 0000000..303ebf8 --- /dev/null +++ b/charts/graylog/ci/ci-values.yaml @@ -0,0 +1,33 @@ +# CI overlay used by `ct install` (auto-discovered via charts/graylog/ci/*-values.yaml). +# Minimal-resource configuration tuned to fit a default GitHub-hosted runner +# (~7 GB RAM, 4 vCPU). Not intended for production-like validation. + +graylog: + replicas: 1 + config: + serverJavaOpts: "-Xms512m -Xmx768m" + resources: + requests: + cpu: "250m" + memory: "768Mi" + limits: + cpu: "1" + memory: "1500Mi" + +datanode: + replicas: 1 + config: + opensearchHeap: "1g" + javaOpts: "-Xms512m -Xmx512m" + resources: + requests: + cpu: "250m" + memory: "1Gi" + limits: + cpu: "1" + memory: "2Gi" + +mongodb: + replicas: 1 + arbiters: 0 + version: "8.0.23" diff --git a/charts/graylog/values.yaml b/charts/graylog/values.yaml index 958eb5a..ea388b4 100644 --- a/charts/graylog/values.yaml +++ b/charts/graylog/values.yaml @@ -341,11 +341,11 @@ mongodb: role: create: true rules: - - apiGroups: [ "" ] - resources: [ "secrets" ] - resourceNames: [ ] - verbs: [ "get" ] - - apiGroups: [ "" ] - resources: [ "pods" ] - resourceNames: [ ] - verbs: [ "get", "patch", "delete" ] \ No newline at end of file + - apiGroups: [""] + resources: ["secrets"] + resourceNames: [] + verbs: ["get"] + - apiGroups: [""] + resources: ["pods"] + resourceNames: [] + verbs: ["get", "patch", "delete"]