Publish the Helm chart tarball with each release

[bgoareguer]

Fixes #3778

Pre-requisites:

• The gh-pages branch needs to be created by hand
• Github Pages need to be activated for the django-DefectDojo repository with gh-pages as source branch and / (root) as the folder

The Helm chart tarball is published as a release asset.
The gh-pages branch is used to store the Helm repository index. Each version of the chart points to the asset added to the corresponding release.

The resulting Helm repository should be added with the following command (not sure about the capital letters):

helm repo add defectdojo https://defectdojo.github.io/django-defectdojo

[madchap]

I took a look tonight, I'd rather we try to use the action I suggested in the other PR.

That being said, your PR would not be working either because you also need to add the other helm repos for the build to work at least.

Cheers and thanks for the feature idea :)

[madchap]

Needs at least helm repo add.

[madchap]

I think this is more flexible and can offer what we'd want, compared to my testing done through https://github.com/DefectDojo/django-DefectDojo/pull/3923/files

If you could please make the suggested changes, I could test it further.

Cheers!

[madchap]

I would think the last easy change :) Cheers.

[madchap]

lgtm now, we'll see how it rolls and tune if needed :) Thank you!

[alles-klar]

Hi @bgoareguer,
a great Idea. I have two generell questions to your implementation:

We are already using the gh-pages branch to publish our defectdojo documentation. I am not sure if it is a good idea to use this branch for publishing helm charts too. Can we use any other branch or is it not a problem?

There is already a predefined github action for publishing helm charts: https://github.com/stefanprodan/helm-gh-pages. Is there a reason for maintaining our own action?

[bgoareguer]

Hi @alles-klar,

I didn't know about https://github.com/stefanprodan/helm-gh-pages. I think it can be reused here.

Github seems to allow only a single Github Pages site per Github project, so it is not possible to publish the Helm chart to a different branch.
Another option would be to create a dedicated Github project to host the Helm chart. This would require to store (inside the django-defectdojo project settings) a Github token that can push code to the project hosting the Helm chart.
Here is an example: aquasecurity/trivy#888

[madchap]

I didn't know about https://github.com/stefanprodan/helm-gh-pages. I think it can be reused here.

I didn't know either, good find @alles-klar

Github seems to allow only a single Github Pages site per Github project, so it is not possible to publish the Helm chart to a different branch.

With the above action, it seems you can. Per their README:

branch The branch to publish charts, defaults to gh-pages

[bgoareguer]

With the above action, it seems you can. Per their README:

branch The branch to publish charts, defaults to gh-pages

Sorry if I was unclear. Yes, the above action lets you publish the chart to any branch, but the restriction is on Github side: you can only have a single Github Pages site per project. You already configured Github Pages to serve the DefectDojo documentation from the gh-pages branch, so no other branch will be served by Github Pages.

[bgoareguer]

I think that hosting the Helm chart in a dedicated project would be the cleanest solution.
What do you think?

[madchap]

I just did a test without gh-pages (after reading an article), seems to work.

Checked out a new branch in my fork, packaged the last from dev today

$ helm package helm/defectdojo
$ helm repo index .

committed and pushed the resulting tgz and index.yaml file.

$ helm repo add test-wo-ghpages 'https://raw.githubusercontent.com/madchap/django-DefectDojo/test-helm-repo-not-ghpages'
"test-wo-ghpages" has been added to your repositories

$ helm repo update

Search for defectdojo helm chart

$ helm search repo defectdojo
NAME                      	CHART VERSION	APP VERSION	DESCRIPTION                                      
test-wo-ghpages/defectdojo	1.5.1        	1.14.0-dev 	A Helm chart for Kubernetes to install DefectDojo

Could that be a viable option? If so, we could just modify @bgoareguer 's method and just tweak it, and not reinvent any of any wheels.

[madchap]

Idea of actual name for the official branch: defectdojo-charts

[alles-klar]

I like the idea @madchap!

Naming: Do we want to push more then the helm package to this branch? If not I suggest to name the branch "helm-charts" because the name doesn't have to contain "defectdojo" - it is already in the name of this repository.

Reinvent the wheel: We can start with the solution from @bgoareguer but in the feature I prefer to the predefined action https://github.com/stefanprodan/helm-gh-pages. Less code to maintain and easier to read.

[madchap]

Reinvent the wheel: We can start with the solution from @bgoareguer but in the feature I prefer to the predefined action https://github.com/stefanprodan/helm-gh-pages. Less code to maintain and easier to read.

But incompatible with our documentation.

Let's start with that and see how it behaves for 1.14.0. I will make the small mods to the PR now.

[alles-klar]

Ok, lets go.

Anyhow, a short paragraph in the documentation would be nice!

[madchap]

Ok, lets go.

Anyhow, a short paragraph in the documentation would be nice!

Yep, pinged you on the companion PR ;-)