feat: RBAC make RoleBinding in kube-system optional #338
Workflow file for this run
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| name: Lint and Test Chart | |
| on: | |
| pull_request: | |
| branches: | |
| - master | |
| - release-v* | |
| paths: | |
| - charts/metrics-server/** | |
| permissions: | |
| contents: read | |
| jobs: | |
| lint-test: | |
| name: Lint & Test | |
| if: github.repository == 'kubernetes-sigs/metrics-server' | |
| runs-on: ubuntu-latest | |
| defaults: | |
| run: | |
| shell: bash | |
| steps: | |
| - name: Checkout | |
| uses: actions/checkout@08c6903cd8c0fde910a37f88322edcfb5dd907a8 #v5.0.0 | |
| with: | |
| fetch-depth: 0 | |
| - name: Setup | |
| id: setup | |
| run: | | |
| set -euo pipefail | |
| chart_version="$(yq eval '.version' ./charts/metrics-server/Chart.yaml)" | |
| changed=false | |
| if [[ -n "$(ct list-changed --target-branch=${{ github.event.repository.default_branch }})" ]]; then | |
| changed=true | |
| fi | |
| { | |
| echo "chart_version=${chart_version}" | |
| echo "changed=${changed}" | |
| } >> "${GITHUB_OUTPUT}" | |
| - name: Set-up Python | |
| uses: actions/setup-python@e797f83bcb11b83ae66e0230d6156d7c80228e7c # v6.0.0 | |
| with: | |
| python-version: "3.x" | |
| - name: Set-up Helm | |
| uses: azure/setup-helm@1a275c3b69536ee54be43f2070a358922e12c8d4 # v4.3.1 | |
| with: | |
| version: latest | |
| - name: Set-up chart-testing | |
| uses: helm/chart-testing-action@0d28d3144d3a25ea2cc349d6e59901c4ff469b3b # v2.7.0 | |
| - name: Get changelog entry | |
| if: steps.setup.outputs.changed == 'true' | |
| uses: mindsers/changelog-reader-action@32aa5b4c155d76c94e4ec883a223c947b2f02656 # v2.2.3 | |
| with: | |
| path: charts/metrics-server/CHANGELOG.md | |
| version: ${{ steps.setup.outputs.chart_version }} | |
| - name: Set-up Artifact Hub CLI | |
| if: steps.setup.outputs.changed == 'true' | |
| uses: action-stars/install-tool-from-github-release@f2e83e089fa618aa7e9fd3452fbcf4fe1598ede2 # v0.2.5 | |
| with: | |
| github_token: ${{ github.token }} | |
| owner: artifacthub | |
| repository: hub | |
| name: ah | |
| check_command: ah version | |
| version: latest | |
| - name: Run Artifact Hub lint | |
| if: steps.setup.outputs.changed == 'true' | |
| run: ah lint --kind helm || exit 1 | |
| - name: Run chart-testing lint | |
| if: steps.setup.outputs.changed == 'true' | |
| run: ct lint --target-branch=${{ github.event.repository.default_branch }} --check-version-increment=false | |
| - name: Create Kind cluster | |
| if: steps.setup.outputs.changed == 'true' | |
| uses: helm/kind-action@a1b0e391336a6ee6713a0583f8c6240d70863de3 # v1.12.0 | |
| with: | |
| wait: 120s | |
| - name: Install cert-manager dependency | |
| if: steps.setup.outputs.changed == 'true' | |
| run: | | |
| helm repo add jetstack https://charts.jetstack.io | |
| helm install cert-manager jetstack/cert-manager \ | |
| --namespace cert-manager \ | |
| --create-namespace \ | |
| --wait \ | |
| --set installCRDs=true \ | |
| --set extraArgs='{--enable-certificate-owner-ref}' | |
| - name: Prepare existing secret test scenario | |
| if: steps.setup.outputs.changed == 'true' | |
| run: | | |
| openssl req -x509 -newkey rsa:2048 -sha256 -days 365 \ | |
| -nodes -keyout ${{ runner.temp }}/tls.key -out ${{ runner.temp }}/tls.crt \ | |
| -subj "/CN=metrics-server" \ | |
| -addext "subjectAltName=DNS:metrics-server,DNS:metrics-server.kube-system.svc" | |
| kubectl -n kube-system create secret generic metrics-server-existing \ | |
| --from-file=${{ runner.temp }}/tls.key \ | |
| --from-file=${{ runner.temp }}/tls.crt | |
| cat <<EOF >> charts/metrics-server/ci/tls-existingSecret-values.yaml | |
| apiService: | |
| insecureSkipTLSVerify: false | |
| caBundle: | | |
| $(cat ${{ runner.temp }}/tls.crt | sed -e "s/^/ /g") | |
| EOF | |
| rm ${{ runner.temp }}/tls.key ${{ runner.temp }}/tls.crt | |
| - name: Run chart-testing install | |
| if: steps.setup.outputs.changed == 'true' | |
| run: ct install --target-branch=${{ github.event.repository.default_branch }} --namespace kube-system |