Add renovate.json

.drone.yml

@@ -1,21 +0,0 @@
----
-kind: pipeline
-type: docker
-name: default
-
-trigger:
-  event:
-  - push
-
-steps:
-- name: release
-  image: cr.grachevko.ru/drone/helm:RELEASE.2023-03-01T13-46-55Z
-  settings:
-    username:
-      from_secret: HELM_REPO_USERNAME
-    password:
-      from_secret: HELM_REPO_PASSWORD
-  when:
-    branch:
-    - master
-    - rc

.gitea/workflows/release.yaml

@@ -0,0 +1,29 @@
+name: Release Chart
+
+on:
+  push:
+    tags:
+    - '*'
+
+jobs:
+  release:
+    runs-on: ubuntu-latest
+
+    env:
+      REGISTRY: harbor.grachevko.ru
+
+    steps:
+    - uses: actions/checkout@v3
+    - uses: yokawasa/action-setup-kube-tools@v0.9.3
+      with:
+        setup-tools: helm
+    - name: deps and lint
+      run: |
+        helm dependency update
+        helm lint --strict .
+    - name: build
+      run: helm package --version ${{ gitea.ref_name }} .
+    - name: publish
+      run: |
+        echo "${{ secrets.REGISTRY_PASSWORD }}" | helm registry login ${{ env.REGISTRY }} --username "${{ secrets.REGISTRY_USERNAME }}" --password-stdin
+        helm push ./*.tgz oci://harbor.grachevko.ru/${{ gitea.repository }}

.github/workflows/main.yaml

@@ -1,45 +0,0 @@
-name: Build
-
-on: [ push ]
-
-jobs:
-
-  lint:
-    runs-on: ubuntu-latest
-
-    steps:
-    - uses: actions/checkout@v2
-
-    - name: Install Helm
-      run: |
-        curl https://raw.githubusercontent.com/helm/helm/master/scripts/get-helm-3 | bash
-        helm plugin install https://github.com/hayorov/helm-gcs
-    - name: Lint chart
-      run: |
-        helm lint .
-
-  release:
-    needs: lint
-    if: github.ref == 'refs/heads/master'
-    runs-on: ubuntu-latest
-
-    steps:
-    - uses: actions/checkout@v2
-
-    - name: Install Helm
-      run: |
-        curl https://raw.githubusercontent.com/helm/helm/master/scripts/get-helm-3 | bash
-        helm plugin install https://github.com/hayorov/helm-gcs
-    - name: Dump GCloud auth key
-      run: |
-        cat <<'EOF' > gcloud_auth_key.json
-        ${{ secrets.GCLOUD_AUTH_KEY }}
-        EOF
-    - name: Release chart
-      env:
-        GOOGLE_APPLICATION_CREDENTIALS: ${{ github.workspace }}/gcloud_auth_key.json
-      run: |
-        helm repo add hahow gs://hahow-helm-charts
-        helm repo update
-        PACKAGE_FILE_PATH=$(helm package . | sed 's/^Successfully packaged chart and saved it to: //')
-        helm gcs push $(basename ${PACKAGE_FILE_PATH}) hahow --public

README.md

@@ -5,7 +5,7 @@
 The following command allows you to download and install all the charts from our repository:
 
 ```shell
-$ helm repo add hahow https://harbor.grachevko.ru/chartrepo/helm
+$ helm repo add hahow oci://cr.grachevko.ru/helm/chart
 ```
 
 ### Adding Dependency
@@ -16,7 +16,7 @@ To use the library chart, `common` should be listed in `dependencies` field in y
 dependencies:
   - name: common
     version: 0.4.1
-    repository: https://harbor.grachevko.ru/chartrepo/helm
+    repository: oci://cr.grachevko.ru/helm/chart
 ```
 
 Once you have defined dependencies, you should run the following command to download this chart into your `charts/`

renovate.json

@@ -0,0 +1,3 @@
+{
+  "$schema": "https://docs.renovatebot.com/renovate-schema.json"
+}

starter/Chart.yaml

@@ -25,4 +25,4 @@ appVersion: 1.16.0
 dependencies:
 - name: common
   version: "^0"
-  repository: "https://harbor.grachevko.ru/chartrepo/helm"
+  repository: oci://cr.grachevko.ru/helm/chart

starter/templates/deployment.yaml

@@ -24,10 +24,6 @@ spec:
       imagePullSecrets:
         {{- toYaml . | nindent 8 }}
       {{- end }}
-      {{- with .Values.image.pullSecrets }}
-      imagePullSecrets:
-        {{- toYaml . | nindent 8 }}
-      {{- end }}
       securityContext:
         {{- toYaml .Values.podSecurityContext | nindent 8 }}
       containers:
@@ -37,15 +33,24 @@ spec:
         image: "{{ .Values.image.registry }}/{{ .Values.image.repository }}:{{ .Values.image.tag | default .Chart.AppVersion }}"
         imagePullPolicy: {{ .Values.image.pullPolicy }}
         envFrom:
+          {{- if .Values.existingConfigmap }}
+        - configMapRef:
+            name: {{ .Values.existingConfigmap }}
+          {{- else }}
         - configMapRef:
             name: {{ include "common.fullname" . }}
-          {{- if .Values.extraEnvVarsSecret }}
+          {{- end }}
+          {{- if .Values.existingSecret }}
         - secretRef:
-            name: {{ .Values.extraEnvVarsSecret }}
+            name: {{ .Values.existingSecret }}
           {{- else }}
         - secretRef:
             name: {{ include "common.fullname" . }}
           {{- end }}
+          {{- if .Values.extraEnvVarsSecret }}
+        - secretRef:
+            name: {{ .Values.extraEnvVarsSecret }}
+          {{- end }}
         ports:
         - name: http
           containerPort: 5678

starter/templates/tests/test-connection.yaml

@@ -10,6 +10,6 @@ spec:
   containers:
   - name: wget
     image: busybox
-    command: [ 'wget' ]
-    args: [ '{{ include "common.fullname" . }}:{{ .Values.service.port }}' ]
+    command: ['wget']
+    args: ['{{ include "common.fullname" . }}:{{ .Values.service.port }}']
   restartPolicy: Never

starter/values.yaml

@@ -15,7 +15,6 @@ image:
   registry: docker.io
   repository: nginx
   pullPolicy: IfNotPresent
-  pullSecrets: []
   # Overrides the image tag whose default is the chart appVersion.
   tag: ""
 

templates/_secrets.tpl

@@ -115,6 +115,8 @@ The order in which this function returns a secret password:
     {{- $password = randAscii $passwordLength }}
     {{- $password = regexReplaceAllLiteral "\\W" $password "@" | substr 5 $passwordLength }}
     {{- $password = printf "%s%s" $subStr $password | toString | shuffle | b64enc | quote }}
+  {{- else if .hex }}
+    {{- $password = include "common.secrets.randHex" $passwordLength | b64enc | quote }}
   {{- else }}
     {{- $password = randAlphaNum $passwordLength | b64enc | quote }}
   {{- end }}
@@ -122,6 +124,23 @@ The order in which this function returns a secret password:
 {{- printf "%s" $password -}}
 {{- end -}}
 
+{{- /*
+    Returns given number of random Hex characters.
+    - randNumeric 4 | atoi generates a random number in [0, 10^4)
+      This is a range evenly divisble by 16, but even if off by one,
+      that last partial interval offsetting randomness is only 1 part in 625.
+    - mod N 16 maps to the range 0-15
+    - printf "%x" represents a single number 0-15 as a single hex character
+*/}}
+{{- define "common.secrets.randHex" -}}
+    {{- $result := "" }}
+    {{- range $i := until . }}
+        {{- $rand_hex_char := mod (randNumeric 4 | atoi) 16 | printf "%x" }}
+        {{- $result = print $result $rand_hex_char }}
+    {{- end }}
+    {{- $result }}
+{{- end }}
+
 {{/*
 Reuses the value from an existing secret, otherwise sets its value to a default value.