Host NFD Helm repo in gh-pages

[marquiz]

• scripts/update-gh-pages: manage a Helm repo
  • Make the update-gh-pages.sh script to maintain a Helm charts repository
    under charts/ subdirectory in gh-pages. The script now (always) scans
    throught all release assets and injects any found Helm chart archives
    into the Helm repo. In practice, new assets in all Github releases are
    scanned and the Helm repo is updated on any update of the master or
    release branches or on any new tags. Asset ids are tracked/cached in
    order to avoid unnecessary downloads, but also, to capture any changes
    in assets that were already merged in the repo index.
  • After this a user is able to do

    $ helm repo add nfd http://kubernetes-sigs.github.io/node-feature-discovery/charts
      ...
    $ helm repo update
      ...
    $ helm install nfd/node-feature-discovery --namespace nfd --create-namespace --generate-name
      ...
    

• scripts/prepare-release: package Helm chart
  Prepare a signed Helm chart package to be uploaded to the Github release page.
• update release process in new-release issue template
  Capture process for Helm charts and remove some outdated bits.

I ended up this solution because:

• gh-pages branch stays fully automated. No need for manual pushes/PRs
• Release artefacts (Helm chart archives) can be updated after the fact. If I would've automated the creation of Helm chart archives (based on Git tags) in gh-pages this would not have been possible.

[k8s-ci-robot]

[APPROVALNOTIFIER] This PR is APPROVED

This pull-request has been approved by: marquiz

The full list of commands accepted by this bot can be found here.

The pull request process is described here

Needs approval from an approver in each of these files:

• OWNERS [marquiz]

Approvers can indicate their approval by writing /approve in a comment
Approvers can cancel approval by writing /approve cancel in a comment

[marquiz]

Needs some more testing...
/hold

[marquiz]

This deployment using my personal Helm repo works:

$ helm repo add nfd https://marquiz.github.io/node-feature-discovery/charts

$ helm repo update

$ helm install nfd/node-feature-discovery --namespace nfd --create-namespace --generate-name

It has v0.7.0 chart generated by the prepare-release.sh and the charts repo updated by update-gh-pages.sh. Related Github workflow log:
https://github.com/marquiz/node-feature-discovery/runs/1988617946?check_suite_focus=true

I think this is ready for review. It'd be good if someone more acquainted with Helm than me (e.g. @adrianchiris) would take a look 😉
/unhold

[adrianchiris]

Awesome @marquiz ! i will definitely dig into this PR.

[adrianchiris]

Hi there @marquiz ! Sorry for the late response.

Overall, i think this change is good.
A couple of (naive) comments.

my next step is to fork and play around with this change.

[marquiz]

@adrianchiris have you had the time to look at this?

[adrianchiris]

not since our last slack discussion, will get to it this week.

[marquiz]

not since our last slack discussion, will get to it this week.

That would be great as this is basically the last open PR blocking the release

[adrianchiris]

OK, not a bash expert here but the code seems OK to me.

i have also tested the changes by doing a dummy release on my forked repo ensuring the chart can be downloaded and is of the correct version.

I wasnt able to verify the package with provenance file unfortunately, but that may be related to my gpg setup and helm quirks.

@marquiz were you able do do a helm verify on the package ?

other than that im lgtm on this.

[marquiz]

I wasnt able to verify the package with provenance file unfortunately, but that may be related to my gpg setup and helm quirks.

@marquiz were you able do do a helm verify on the package ?

Thanks for the review @adrianchiris! I thought I correctly verified the --verify option but must have done that locally with incorrect archive or fatfingered in some other way because now it failed 😬 The root cause for this is the filename mangling we do in the release script. I pushed a new patch constructing the provenance file by and and using gpg for signing it. Improves user experience 😄
Haven't yet verified that, though. Will report back when I have

[adrianchiris]

pulled the change,

after creating the chart package:

helm verify ./node-feature-discovery-chart-0.8.0.tgz
Signed by: Adrian Chiris <adrianc@nvidia.com>
Using Key With Fingerprint: 7E3B1541735B7D751CD2BB1BCC911D9D88FC463E
Chart Hash Verified: sha256:08932a483344cb5e3ef501083253fc8ab7bfe00f0463e6c06a2fe1bfa2851abd

[marquiz]

Yeah, I also verified this locally. Not with install --verify yet

[marquiz]

@adrianchiris verified install from my personal repo now works:

$ helm install --generate-name --namespace nfd-helm --create-namespace --verify nfd/node-feature-discovery
NAME: node-feature-discovery-1615973606
LAST DEPLOYED: Wed Mar 17 11:33:29 2021
NAMESPACE: nfd-helm
STATUS: deployed
REVISION: 1
TEST SUITE: None

[adrianchiris]

Awsome !

/lgtm

[kfox1111]

Awesome. :)

Can someone add a reference to the repo to artifacthub.io please?