Feat: implement addon push command

[charlie0129]

Description of your changes

Please refer to this documentation PR to see what it does in detail:

-> kubevela/kubevela.github.io#792

Generally speaking, an addon push command is implemented.
This command does two things:

• validates and packages an addon (if the user provides a .tgz package, then it skips this step)
• pushes to ChartMuseum (custom TLS/SSL certificate, Basic Auth, and other options are supported)

Examples:

• Using Addon directory (sample-addon) + repository name (localcm):
  

• Using Addon package (sample-addon-1.0.0.tgz) + repository URL (http://localhost:8080):
  

To make old users that use helm cm-push command familiar with addon push, while support for KubeVela addons is added, most helm cm-push options are supported as well (check out Help Text below).

Help Text

Uploads an addon package to ChartMuseum.

Two arguments are needed <addon directory/package> and <name/URL of ChartMuseum>.

The first argument <addon directory/package> can be:
	- your conventional addon directory (containing metadata.yaml). We will package it for you.
	- packaged addon (.tgz) generated by 'vela addon package' command

The second argument <name/URL of ChartMuseum> can be:
	- registry name (helm type). You can add your ChartMuseum registry using 'vela addon registry add'.
	- ChartMuseum URL, e.g. http://localhost:8080

Usage:
  vela addon push [flags]

Examples:
# Push the addon in directory <your-addon> to a ChartMuseum registry named <localcm>
$ vela addon push your-addon localcm

# Push packaged addon mongo-1.0.0.tgz to a ChartMuseum registry at http://localhost:8080
$ vela addon push mongo-1.0.0.tgz http://localhost:8080

# Force push, overwriting existing ones
$ vela addon push your-addon localcm -f

Flags:
      --access-token string   Send token in Authorization header [$HELM_REPO_ACCESS_TOKEN]
  -a, --app-version string    Override app version pre-push
      --auth-header string    Alternative header to use for token auth [$HELM_REPO_AUTH_HEADER]
      --ca-file string        Verify certificates of HTTPS-enabled servers using this CA bundle [$HELM_REPO_CA_FILE]
      --cert-file string      Identify HTTPS client using this SSL certificate file [$HELM_REPO_CERT_FILE]
      --context-path string   ChartMuseum context path [$HELM_REPO_CONTEXT_PATH]
  -f, --force                 Force upload even if chart version exists
  -h, --help                  help for push
      --insecure              Connect to server with an insecure way by skipping certificate verification [$HELM_REPO_INSECURE]
      --key-file string       Identify HTTPS client using this SSL key file [$HELM_REPO_KEY_FILE]
  -p, --password string       Override HTTP basic auth password [$HELM_REPO_PASSWORD]
  -t, --timeout int           The duration (in seconds) vela cli will wait to get response from ChartMuseum (default 30)
      --use-http              Use HTTP
  -u, --username string       Override HTTP basic auth username [$HELM_REPO_USERNAME]
  -v, --version string        Override chart version pre-push

Global Flags:
  -y, --yes   Assume yes for all user prompts

This pr includes some features mentioned by @wonderflow in #4116, and is also suggested by @wangyikewxgm

I have:

• Read and followed KubeVela's contribution process.
• Related Docs updated properly. Docs are here:
  Docs: add instructions about chartmuseum kubevela.github.io#792
• Run make reviewable to ensure this PR is ready for review.
• Added backport release-x.y labels to auto-backport this PR if necessary.

How has this code been tested

Special notes for your reviewer

[codecov]

Codecov Report

Merging #4261 (f4bb6cd) into master (15a5640) will increase coverage by 0.68%.
The diff coverage is 77.00%.

@@            Coverage Diff             @@
##           master    #4261      +/-   ##
==========================================
+ Coverage   59.87%   60.55%   +0.68%     
==========================================
  Files         338      339       +1     
  Lines       32909    33078     +169     
==========================================
+ Hits        19703    20032     +329     
+ Misses      10594    10419     -175     
- Partials     2612     2627      +15     

Flag	Coverage Δ
apiserver-unittests	34.28% <0.00%> (-0.34%)	⬇️
core-unittests	55.46% <77.00%> (+0.28%)	⬆️
e2e-multicluster-test	20.47% <0.00%> (+<0.01%)	⬆️
e2e-rollout-tests	22.33% <ø> (+0.01%)	⬆️
e2etests	29.27% <ø> (-4.30%)	⬇️

Flags with carried forward coverage won't be shown. Click here to find out more.

Impacted Files	Coverage Δ
pkg/addon/push.go	76.80% <76.80%> (ø)
pkg/addon/utils.go	72.12% <77.04%> (+1.92%)	⬆️
pkg/addon/addon.go	65.07% <100.00%> (-0.46%)	⬇️
...kg/apiserver/infrastructure/datastore/datastore.go	66.66% <0.00%> (-11.12%)	⬇️
pkg/apiserver/event/sync/cr2ux.go	40.29% <0.00%> (-8.96%)	⬇️
pkg/apiserver/interfaces/api/oam_application.go	63.07% <0.00%> (-6.16%)	⬇️
pkg/apiserver/event/sync/worker.go	71.73% <0.00%> (-4.35%)	⬇️
...server/infrastructure/datastore/kubeapi/kubeapi.go	63.49% <0.00%> (-3.43%)	⬇️
pkg/apiserver/utils/bcode/bcode.go	50.00% <0.00%> (-2.95%)	⬇️
...aits/traitdefinition/traitdefinition_controller.go	70.52% <0.00%> (-2.11%)	⬇️
... and 37 more

---

Continue to review full report at Codecov.

Legend - Click here to learn more
Δ = absolute <relative> (impact), ø = not affected, ? = missing data
Powered by Codecov. Last update 15a5640...f4bb6cd. Read the comment docs.

[wangyikewxgm]

Can these crt associated files deleted? Not sure is it good put these files in our code repo.

[charlie0129]

These files are provided to test support for custom SSL certificates. They are just used for tests. If we remove these files, then TLS-related tests need to be removed as well.

[StevenLeiZhang]

LGTM

[wonderflow]

great work

[wonderflow]

is there another way other than setting the environment and use flags? What are the ways for helm？

[charlie0129]

I think helm has two ways, 1. environment vars (config files, if that counts), 2. command line arguments. We implemented these two as well. The config file way is not implemented.

[wonderflow]

can we re-use their config if users already have one? read the same defualt path is even better

[charlie0129]

I don't think that config file is appropriate here (so I didn't count it). That config file is from Codefresh CLI (helm will read its API key), and the repo need to be inside helm. It stores username and password (tokens, to be precise), so the user don't have to input their credentials every time they push anything.

We are taking advantage of addon registries, so the same feature is available. If the user add a basic-auth authenticated registry to addon registries, they don't need to input their credentials when they vela addon push. Because I will read the credentials from addon registries.

[wonderflow]

great, that's I want, but I didn't see the logic in your code.

If the user add a basic-auth authenticated registry to addon registries, they don't need to input their credentials when they vela addon push. Because I will read the credentials from addon registries.

[charlie0129]

It's here

kubevela/pkg/addon/push.go

Line 210 in 229ea19

Username: reg.Helm.Username,

[wonderflow]

BUt you're not reading the credentials for certificates

[charlie0129]

custom certificates are not supported by addon registries anyway... so I can't really read it

Currently we are only handling basic-auth

[wonderflow]

anyway, you pointed the right direction we should provide

[wonderflow]

great work!