chore: add Makefile target to create a signed helm chart (#74)

* chore: add Makefile target to upload helm package to Github

* chore: add Makefile target to upload helm package to Github

Makefile

@@ -1,33 +1,42 @@
 .PHONY: help all bin controller node test image limage ubi openshift push clean
 
+VENDOR := seagate
+GITHUB_ORG := Seagate
+# Project name, without vendor
+NAME := exos-x-csi
+# Project name, including vendor
+PROJECT := $(VENDOR)-$(NAME)
+GITHUB_URL := github.com/$(GITHUB_ORG)/$(PROJECT)
+NAMESPACE := $(VENDOR)
+
 ifdef DOCKER_HUB_REPOSITORY
 DOCKER_HUB_REPOSITORY := $(DOCKER_HUB_REPOSITORY)
 else
 DOCKER_HUB_REPOSITORY := ghcr.io/seagate
 endif
 
+# Note: the version number takes the form "v1.2.3" when used as a repository tag, but
+# appears as "1.2.3" in other contexts such as the Helm chart.
 ifdef VERSION
 VERSION := $(VERSION)
 else
-VERSION := v1.5.7
+VERSION := v1.5.9
 endif
-
-VERSION_FLAG = -X github.com/Seagate/seagate-exos-x-csi/pkg/common.Version=$(VERSION)
+HELM_VERSION := $(subst v,,$(VERSION))
+VERSION_FLAG = -X $(GITHUB_URL)/pkg/common.Version=$(VERSION)
 
 ifndef BIN
-	BIN = seagate-exos-x-csi
+	BIN = $(PROJECT)
 endif
 
-HELM_VERSION := 1.0.1
+# $HELM_KEY must be the name of a secret key in the invoker's default keyring if package is to be signed
 HELM_KEY := css-host-software
-HELM_IMAGE_REPO := $(DOCKER_HUB_REPOSITORY)/$(BIN)
-# $HELM_KEY should be the name of a secret key in the invoker's default keyring
 ifneq (,$(HELM_KEY))
   HELM_KEYRING := ~/.gnupg/secring.gpg
   HELM_SIGN := --sign --key $(HELM_KEY) --keyring $(HELM_KEYRING)
 endif 
 HELM_PACKAGE := $(BIN)-$(HELM_VERSION).tgz
-
+HELM_IMAGE_REPO := $(DOCKER_HUB_REPOSITORY)/$(BIN)
 IMAGE = $(DOCKER_HUB_REPOSITORY)/$(BIN):$(VERSION)
 
 help:
@@ -83,6 +92,19 @@ ubi:
 	@echo "[] ubi"
 	docker build -f Dockerfile.ubi -t $(IMAGE) --build-arg version="$(VERSION)" --build-arg vcs_ref="$(shell git rev-parse HEAD)" --build-arg build_date="$(shell date --rfc-3339=seconds)" .
 
+
+push:
+	@echo ""
+	@echo "[] push"
+	docker push $(IMAGE)
+
+clean:
+	@echo ""
+	@echo "[] clean"
+	rm -vf $(BIN)-controller $(BIN)-node *.zip *.tgz *.prov helm/$(BIN)-$(HELM_VERSION)*
+
+######################## Openshift certification stuff ########################
+
 openshift:
 	@echo ""
 	@echo "[] openshift"
@@ -114,30 +136,36 @@ build-preflight:
 	(cd ..; git clone https://github.com/redhat-openshift-ecosystem/openshift-preflight.git)
 	cd ../openshift-preflight && make build
 
-push:
-	@echo ""
-	@echo "[] push"
-	docker push $(IMAGE)
-
-clean:
-	@echo ""
-	@echo "[] clean"
-	rm -vf $(BIN)-controller $(BIN)-node *.zip *.tgz *.prov helm/$(BIN)-$(HELM_VERSION)*
+######################## Helm package creation ########################
 
 
 # Create a helm package that can be installed from a remote HTTPS URL with, e.g.
-# helm install seagate-csi https://<server>/<path>/seagate-exos-x-csi-1.0.0.tgz
+# helm install exos-x-csi https://<server>/<path>/seagate-exos-x-csi-1.0.0.tgz
 helm-package: $(HELM_PACKAGE)
 
+# Update version numbers in the Helm chart.  If yq is not installed, try "go install github.com/mikefarah/yq/v4@latest"
+update-chart:	$(MAKEFILE)
+	yq -i '.image.tag="$(VERSION)" | .image.repository="$(HELM_IMAGE_REPO)"' helm/csi-charts/values.yaml
+
+# Make a helm package. If yq is installed, the chart will be updated to reflect version $(VERSION)
 # To create a package without signing it, specify "make helm-package HELM_KEY="
 # Note that helm doesn't support GPG v2.1 kbx files; if signing fails, try:
 # gpg --export-secret-keys > ~/.gnupg/secring.gpg
 $(HELM_PACKAGE):
-	cd helm; helm package $(HELM_SIGN) \
-		--set image.tag=$(VERSION) --set image.repository=$(HELM_IMAGE_REPO) \
-		$$PWD/csi-charts
+	echo HELM_PACKAGE:=$@
+	( which yq >/dev/null && $(MAKE) update-chart ) || true
+	cd helm; helm package --app-version "$(HELM_VERSION)" --version "$(HELM_VERSION)" $(HELM_SIGN) $$PWD/csi-charts
 	cp -p helm/$@* .
-ifdef HELM_KEYRING
-	helm verify --keyring $(HELM_KEYRING) $@
-	zip -r $(subst .tgz,-signed-helm-package.zip,$@) $@ $@.prov
-endif
+
+# Verify a signed package create a zip file containing the package and its provenance file
+signed-helm-package: $(HELM_PACKAGE)
+	helm verify --keyring $(HELM_KEYRING) $<
+	zip -r $(subst .tgz,-signed-helm-package.zip,$<) $< $<.prov
+
+# This will allow the package to be installed directly from Github, with the command:
+# helm install -n $(NAMESPACE) exos-x-csi https://$(GITHUB_URL)/releases/download/$(VERSION)/$(PROJECT)-$(HELM_VERSION).tgz
+helm-upload: $(HELM_PACKAGE)
+	gh release upload $(VERSION) '$^#Helm Package' -R $(GITHUB_ORG)/$(PROJECT)
+	@echo Install package with:
+	@echo ' ' helm install -n $(NAMESPACE) $(NAME) https://$(GITHUB_URL)/releases/download/$(VERSION)/$(PROJECT)-$(HELM_VERSION).tgz
+