Merge branch 'release/1.0.0'

.github/workflows/push_pr_main.yaml

@@ -21,7 +21,7 @@ jobs:
         uses: ./.github/actions/setup_helm
 
       - name: Run linter
-        run: helm lint
+        run: bash run_tests.sh --lint
 
   unit-test:
     name: Unit Tests
@@ -37,4 +37,14 @@ jobs:
         run: helm plugin install https://github.com/helm-unittest/helm-unittest.git
 
       - name: Run unit tests
-        run: helm unittest --color .
+        run: bash run_tests.sh --unit
+
+  integration-test:
+    name: Integration Tests
+    runs-on: ubuntu-latest
+    steps:
+      - name: Checkout
+        uses: actions/checkout@v4
+
+      - name: Run integration tests
+        run: bash run_tests.sh --integration

.gitignore

@@ -1,3 +1,10 @@
 charts/*
 values-sec.yaml
 *.vim
+secret.asc
+public.asc
+passbolt
+mkcert
+helm
+kubectl
+kind

.gitlab-ci.yml

@@ -1,30 +1,47 @@
+variables:
+  DOCKER_HOST: tcp://docker:2375
+  DOCKER_DRIVER: overlay2
+  DOCKER_TLS_CERTDIR: ""
+
+services:
+  - name: ${CI_DEPENDENCY_PROXY_DIRECT_GROUP_IMAGE_PREFIX}/docker:dind
+    alias: docker
+
 stages:
   - test
   - deploy
   - publish
 
 lint Helm Charts:
   image:
-    name: registry.gitlab.com/passbolt/passbolt-ci-docker-images/helm:latest
+    name: ${CI_DEPENDENCY_PROXY_DIRECT_GROUP_IMAGE_PREFIX}/alpine/helm
     entrypoint: ["/bin/sh", "-c"]
   stage: test
   script:
     - helm dependency update
-    - helm lint .
+    - bash run_tests.sh --lint
 
 test Helm Charts:
   image:
-    name: registry.gitlab.com/passbolt/passbolt-ci-docker-images/helm:latest
+    name: ${CI_DEPENDENCY_PROXY_DIRECT_GROUP_IMAGE_PREFIX}/alpine/helm
     entrypoint: ["/bin/sh", "-c"]
   stage: test
   script:
     - helm dependency update
     - helm plugin install https://github.com/helm-unittest/helm-unittest
-    - helm unittest --color -d .
+    - bash run_tests.sh --unit
+
+integration Tests Helm Charts:
+  image: ${CI_DEPENDENCY_PROXY_DIRECT_GROUP_IMAGE_PREFIX}/docker:dind
+  script:
+    - |
+      apk update && apk add -U curl bash
+      sleep 10 # Wait for docker service
+      bash run_tests.sh --integration
 
 publish:
   stage: publish
-  image: registry.gitlab.com/passbolt/passbolt-ci-docker-images/helm:latest
+  image: ${CI_DEPENDENCY_PROXY_DIRECT_GROUP_IMAGE_PREFIX}/alpine/helm
   variables:
     REPO_BUCKET: "download.passbolt.com"
     REPO_DIR: "charts"

.helmignore

@@ -22,4 +22,11 @@
 # Gitlab
 .gitlab-ci.yml
 .gitlab-ci/
-tests/
+./tests/
+./templates/tests/
+./spec/
+kind
+helm
+kubectl
+passbolt
+mkcert

CHANGELOG.md

@@ -3,7 +3,21 @@
 All notable changes to this project will be documented in this file.
 This project adheres to [Semantic Versioning](http://semver.org/).
 
-## [Unreleased](https://github.com/passbolt/charts-passbolt/compare/0.7.2...HEAD)
+## [Unreleased](https://github.com/passbolt/charts-passbolt/compare/1.0.0...HEAD)
+
+## [1.0.0] - 2024-04-25
+
+### Fixed
+
+- [#76](https://github.com/passbolt/charts-passbolt/pull/76) Allow use of alternate postgresql port.
+
+### Added
+
+- Integration tests were added.
+- [#69](https://github.com/passbolt/charts-passbolt/issues/69) Introduce the ability to use different tls certificates on ingress and api.
+- [#68](https://github.com/passbolt/charts-passbolt/pull/68) Use static names for pod internal references (container and volumes)
+- [#61](https://github.com/passbolt/charts-passbolt/pull/61) feat: use list instead of string for extraVolumes and extraVolumeMounts values.
+- [#62](https://github.com/passbolt/charts-passbolt/pull/62) expose the HTTP port in the service.
 
 ## [0.7.2] - 2024-01-23
 

Chart.yaml

@@ -15,12 +15,12 @@ type: application
 # This is the chart version. This version number should be incremented each time you make changes
 # to the chart and its templates, including the app version.
 # Versions are expected to follow Semantic Versioning (https://semver.org/)
-version: 0.7.2
+version: 1.0.0
 
 # This is the version number of the application being deployed. This version number should be
 # incremented each time you make changes to the application. Versions are not expected to
 # follow Semantic Versioning. They should reflect the version the application is using.
-appVersion: 4.4.2-1-ce
+appVersion: 4.6.2-1-ce
 dependencies:
   - name: passbolt-library
     version: 0.2.7

README.md.gotmpl

@@ -103,7 +103,36 @@ chart and deletes the release.
 
 {{ template "chart.valuesSection" . }}
 
-## Updating REAME.md
+## Running tests
+
+In order to run the available tests, you can run the `run_tests.sh` script on the root of the project. This script runs both the unit and the integration tests.
+
+```
+$ bash run_tests.sh -h
+Run the available tests for passbolt helm charts
+
+Syntax: run_tests.sh [options]
+run_tests.sh with no arguments will run all of the available tests.
+
+options:
+-h|--help         Show this message.
+-l|--lint         Run helm lint.
+-u|--unit         Run helm unittest tests.
+-i|--integration  Run integration tests.
+-no-clean         Skip cleaning step.
+
+```
+
+### Unit tests
+
+We rely on [helm unitttest](https://github.com/helm-unittest/helm-unittest) framework, so if you want to run it on your own, follow the installation steps in their [docs](https://github.com/helm-unittest/helm-unittest?tab=readme-ov-file#install).
+
+### Integration tests
+
+The integration tests code is under the `tests/integration`. There are a list of tools that are required locally to run the integration tests ([kind](https://github.com/kubernetes-sigs/kind), [helm](https://github.com/helm/helm), [kubectl](https://kubernetes.io/docs/tasks/tools/#kubectl), [mkcert](https://github.com/FiloSottile/mkcert) and [passbolt go cli](https://github.com/passbolt/go-passbolt-cli))
+and they will be downloaded during the tests execution if they are not installed in the system. Even though, there is a cleaning step that runs at the end of the execution to clean the directory.
+
+## Updating README.md
 
 We rely on the [helm-docs](https://github.com/norwoodj/helm-docs) helm plugin and [mdformat](https://github.com/executablebooks/mdformat) with [mdformat-tables](https://github.com/executablebooks/mdformat-tables) to generate and format the README.md on each release 
 

RELEASE_NOTES.md

@@ -1,4 +1,76 @@
-Announcing the immediate availability of passbolt's official helm chart 0.7.2.
+Announcing the immediate availability of passbolt's helm chart 1.0.0.
+This is a major release that introduces some breaking changes contributed
+by the community.
 
-This is a minor change release that fixes a bug when generating the postgresql
-credentials secret.
+Thanks to all the community members that helped us to improve this chart
+and reach version 1.0.0!! :tada:
+
+@chris968
+@jouve
+@Kuruyia
+
+Following there is a list of breaking changes and possible migration paths
+from previous chart versions. Please keep in mind that we can't cover all
+possible scenarios.
+
+If you are having issues upgrading from older chart versions please let us
+known by opening an issue in Github
+
+# TL;DR
+
+List of breaking changes:
+
+- Global `tls` value has been removed in favour of `ingress.tls` and `app.tls`
+- `ingress.tls[].secretName` has been removed in favour of `ingress.tls[].existingSecret`
+- `extraVolumes` and `extraVolumeMounts` values are now a list instead of a string.
+- Expose the HTTP port in the service. `service.port`, `service.name` and
+  `service.targetPort` have been removed in favour of `service.ports`
+  in order to expose configurable http and https ports.
+
+# Ingress and TLS related changes
+
+Global `tls` value has been removed to allow users to have different TLS
+certificates injected on ingress objects and passbolt containers.
+Ingress TLS is now managed with `ingress.tls` value, while passbolt TLS
+is managed with `app.tls` field in the values file.
+
+## Migrate from old TLS configuration
+
+`ingress.tls[].secretName` has been removed in favour of
+`ingress.tls[].existingSecret` for clarity.
+
+## Inject same SSL certificate on ingress and service
+
+Users that were injecting the same secret on Ingress objects and passbolt
+container will have to migrate to a configuration similar to:
+
+```yaml
+ingress.tls:
+  - autogenerate: false
+    existingSecret: mySSLSecret
+    hosts: [yourhost.com]
+```
+
+```yaml
+app.tls:
+  - autogenerate: false
+    existingSecret: mySSLSecret
+```
+
+## Inject separate certificates on ingress and service
+
+Users who want to inject different SSL certificates on ingress objects and passbolt
+containers now they have a way to do it by setting:
+
+```yaml
+ingress.tls:
+  - autogenerate: false
+    existingSecret: myIngressSSLSecret
+    hosts: [yourhost.com]
+```
+
+```yaml
+app.tls:
+  - autogenerate: false
+    existingSecret: mypassboltSSLSecret
+```

run_tests.sh

@@ -0,0 +1,93 @@
+#!/bin/bash
+
+set -eo pipefail
+
+RUN_UNIT=false
+RUN_LINT=false
+RUN_INTEGRATION=false
+RUN_ALL=true
+CLEAN_INTEGRATION_ASSETS=true
+
+function run_linter {
+	if [[ "$RUN_LINT" == "true" || "$RUN_ALL" == "true" ]]; then
+		helm lint .
+	fi
+}
+
+function run_unit_tests {
+	if [[ "$RUN_UNIT" == "true" || "$RUN_ALL" == "true" ]]; then
+		helm unittest --color .
+	fi
+}
+
+function run_integration_tests {
+	if [[ "$RUN_INTEGRATION" == "true" || "$RUN_ALL" == "true" ]]; then
+		source tests/integration/fixtures/install_dependencies.sh
+		installDependencies
+		bash tests/integration/fixtures/create-cluster-with-passbolt.sh
+		"$HELM_BINARY" test --logs passbolt -n default
+	fi
+}
+
+function clean_integration_assets {
+	if [[ "$RUN_INTEGRATION" == "true" ]] || [[ "$RUN_ALL" == "true" ]] && [[ "$CLEAN_INTEGRATION_ASSETS" == "true" ]]; then
+		echo Cleaning integration testing assets...
+		rm -f helm kubectl kind mkcerts passbolt
+	fi
+}
+
+function showHelp {
+	echo "Run the available tests for passbolt helm charts"
+	echo
+	echo "Syntax: $0 [options]"
+	echo "$0 with no arguments will run all of the available tests."
+	echo
+	echo "options:"
+	echo "-h|--help         Show this message."
+	echo "-l|--lint         Run helm lint."
+	echo "-u|--unit         Run helm unittest tests."
+	echo "-i|--integration  Run integration tests."
+	echo "-no-clean         Skip cleaning step."
+	echo
+	exit 0
+}
+
+function run_all {
+	run_linter
+	run_unit_tests
+	run_integration_tests
+	clean_integration_assets
+}
+
+while [[ $# -gt 0 ]]; do
+	case $1 in
+	-h | --help)
+		showHelp
+		;;
+	-l | --lint)
+		RUN_ALL=false
+		RUN_LINT=true
+		shift
+		;;
+	-u | --unit)
+		RUN_ALL=false
+		RUN_UNIT=true
+		shift
+		;;
+	-i | --integration)
+		RUN_ALL=false
+		RUN_INTEGRATION=true
+		shift
+		;;
+	--no-clean)
+		CLEAN_INTEGRATION_ASSETS=false
+		shift
+		;;
+	*)
+		echo "Unknown argurment $1"
+		shift
+		;;
+	esac
+done
+
+run_all

templates/NOTES.txt

@@ -13,7 +13,7 @@
      NOTE: It may take a few minutes for the LoadBalancer IP to be available.
            You can watch the status of by running 'kubectl get --namespace {{ .Release.Namespace }} svc -w {{ include "passbolt-library.fullname" . }}'
   export SERVICE_IP=$(kubectl get svc --namespace {{ .Release.Namespace }} {{ include "passbolt-library.fullname" . }} --template "{{"{{ range (index .status.loadBalancer.ingress 0) }}{{.}}{{ end }}"}}")
-  echo http://$SERVICE_IP:{{ .Values.service.port }}
+  echo http://$SERVICE_IP:{{ .Values.service.ports.http.port }}
 {{- else if contains "ClusterIP" .Values.service.type }}
   export POD_NAME=$(kubectl get pods --namespace {{ .Release.Namespace }} -l "app.kubernetes.io/name={{ include "passbolt-library.name" . }},app.kubernetes.io/instance={{ .Release.Name }}" -o jsonpath="{.items[0].metadata.name}")
   export CONTAINER_PORT=$(kubectl get pod --namespace {{ .Release.Namespace }} $POD_NAME -o jsonpath="{.spec.containers[0].ports[0].containerPort}")