Merge 576958d1aa into 9e6c40664f

.github/workflows/ci.yaml

@@ -208,13 +208,12 @@ jobs:
           path: docker.tar.gz
           retention-days: 5
 
-  helm-lint:
-    name: Helm chart lint
+  chart-lint:
+    name: Chart / Lint
     runs-on: ubuntu-latest
     needs:
       - changes
-    if: |
-      (needs.changes.outputs.charts == 'true') || (needs.changes.outputs.baseimage == 'true') || ${{ github.event.workflow_dispatch.run_e2e == 'true' }}
+    if: fromJSON(needs.changes.outputs.charts) || fromJSON(needs.changes.outputs.baseimage) || fromJSON(github.event.workflow_dispatch.run_e2e)
 
     steps:
       - name: Checkout
@@ -222,55 +221,56 @@ jobs:
         with:
           fetch-depth: 0
 
+      - name: Set up Python
+        uses: actions/setup-python@f677139bbe7f9c59b41e40162b753c062f5d49a3 # v5.2.0
+        with:
+          python-version: "3.x"
+
       - name: Set up Helm
         uses: azure/setup-helm@fe7b79cd5ee1e45176fcad797de68ecaf3ca4814 # v4.2.0
 
-      - uses: actions/setup-python@f677139bbe7f9c59b41e40162b753c062f5d49a3 # v5.2.0
-        with:
-          python-version: '3.x'
-
-      - name: Set up chart-testing
+      - name: Set up Helm Chart Testing
         uses: helm/chart-testing-action@e6669bcd63d7cb57cb4380c33043eebe5d111992 # v2.6.1
 
-      - name: Install Helm Unit Test Plugin
+      - name: Set up Helm Docs
+        uses: gabe565/setup-helm-docs-action@79a4cfe8dc7ae51c1113e3f3a1ae45e601d0c963 # v1.0.3
+
+      - name: Generate docs
+        run: |
+          helm-docs --chart-search-root charts
+
+          if ! git diff --exit-code charts/ingress-nginx/README.md
+          then
+            echo "Please use helm-docs in your fork of the project and commit an updated README.md for the chart."
+            echo "https://github.com/kubernetes/ingress-nginx/blob/main/MANUAL_RELEASE.md#d-edit-the-valuesyaml-and-run-helm-docs"
+            exit 1
+          fi
+
+      - name: Lint chart
+        run: |
+          ct lint --config ./.ct.yaml
+
+          curl --silent --show-error --fail --location https://github.com/artifacthub/hub/releases/download/v1.17.0/ah_1.17.0_linux_amd64.tar.gz --remote-name
+          echo "57c184b71a9a5c59192c2158fc08bdddca5c340fb1deeed0158383a665b38bf1  ah_1.17.0_linux_amd64.tar.gz" | shasum --check
+          tar xzf ah_1.17.0_linux_amd64.tar.gz ah
+
+          ./ah lint --path charts/ingress-nginx
+
+          rm ah_1.17.0_linux_amd64.tar.gz ah
+
+      - name: Run unit tests
         run: |
           helm plugin install https://github.com/helm-unittest/helm-unittest
+          helm unittest charts/ingress-nginx
 
-      - name: Run Helm Unit Tests
-        run: |
-          helm unittest charts/ingress-nginx -d
-
-      - name: Run chart-testing (lint)
-        run: ct lint --config ./.ct.yaml
-
-      - name: Run helm-docs
-        run: |
-          GOBIN=$PWD GO111MODULE=on go install github.com/norwoodj/helm-docs/cmd/helm-docs@v1.11.0
-          ./helm-docs --chart-search-root=${GITHUB_WORKSPACE}/charts
-          DIFF=$(git diff ${GITHUB_WORKSPACE}/charts/ingress-nginx/README.md)
-          if [ ! -z "$DIFF" ]; then
-            echo "Please use helm-docs in your clone, of your fork, of the project, and commit a updated README.md for the chart. https://github.com/kubernetes/ingress-nginx/blob/main/RELEASE.md#d-edit-the-valuesyaml-and-run-helm-docs"
-          fi
-          git diff --exit-code
-          rm -f ./helm-docs
-
-      - name: Run Artifact Hub lint
-        run: |
-          wget https://github.com/artifacthub/hub/releases/download/v1.5.0/ah_1.5.0_linux_amd64.tar.gz
-          echo 'ad0e44c6ea058ab6b85dbf582e88bad9fdbc64ded0d1dd4edbac65133e5c87da *ah_1.5.0_linux_amd64.tar.gz' | shasum -c
-          tar -xzvf ah_1.5.0_linux_amd64.tar.gz ah
-          ./ah lint -p charts/ingress-nginx || exit 1
-          rm -f ./ah ./ah_1.5.0_linux_amd64.tar.gz
-
-  helm-test:
-    name: Helm chart testing
+  chart-test:
+    name: Chart / Test
     runs-on: ubuntu-latest
     needs:
       - changes
       - build
-      - helm-lint
-    if: |
-      (needs.changes.outputs.charts == 'true') || (needs.changes.outputs.baseimage == 'true') || ${{ github.event.workflow_dispatch.run_e2e == 'true' }}
+      - chart-lint
+    if: fromJSON(needs.changes.outputs.charts) || fromJSON(needs.changes.outputs.baseimage) || fromJSON(github.event.workflow_dispatch.run_e2e)
 
     strategy:
       matrix:
@@ -286,35 +286,27 @@ jobs:
           go-version: ${{ needs.build.outputs.golangversion }}
           check-latest: true
 
-      - name: cache
+      - name: Download cache
         uses: actions/download-artifact@fa0a91b85d4f404e444e00e005971372dc801d16 # v4.1.8
         with:
           name: docker.tar.gz
 
-      - name: fix permissions
-        run: |
-          sudo mkdir -p $HOME/.kube
-          sudo chmod -R 777 $HOME/.kube
+      - name: Load cache
+        run: gzip --decompress --stdout docker.tar.gz | docker load
 
-      - name: Create Kubernetes ${{ matrix.k8s }} cluster
+      - name: Create cluster
         id: kind
         run: |
-          kind create cluster --image=kindest/node:${{ matrix.k8s }}
+          sudo chmod 777 "${HOME}/.kube"
+          kind create cluster --image kindest/node:${{ matrix.k8s }} --kubeconfig "${HOME}/.kube/kind-config-kind"
 
-      - name: Load images from cache
-        run: |
-          echo "loading docker images..."
-          gzip -dc docker.tar.gz | docker load
-
-      - name: Test
+      - name: Run E2E tests
         env:
           KIND_CLUSTER_NAME: kind
           SKIP_CLUSTER_CREATION: true
           SKIP_IMAGE_CREATION: true
           SKIP_INGRESS_IMAGE_CREATION: true
-        run: |
-          kind get kubeconfig > $HOME/.kube/kind-config-kind
-          make kind-e2e-chart-tests
+        run: make kind-e2e-chart-tests
 
   kubernetes:
     name: Kubernetes

.github/workflows/helm.yaml

@@ -29,19 +29,20 @@ jobs:
       - name: Checkout
         uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332 # v4.1.7
 
-      - name: Run Artifact Hub lint
-        run: |
-          wget https://github.com/artifacthub/hub/releases/download/v1.5.0/ah_1.5.0_linux_amd64.tar.gz
-          echo 'ad0e44c6ea058ab6b85dbf582e88bad9fdbc64ded0d1dd4edbac65133e5c87da *ah_1.5.0_linux_amd64.tar.gz' | shasum -c
-          tar -xzvf ah_1.5.0_linux_amd64.tar.gz ah
-          ./ah lint -p charts/ingress-nginx || exit 1
-          rm -f ./ah ./ah_1.5.0_linux_amd64.tar.gz
-
       - name: Set up chart-testing
         uses: helm/chart-testing-action@e6669bcd63d7cb57cb4380c33043eebe5d111992 # v2.6.1
 
-      - name: Run chart-testing (lint)
-        run: ct lint --target-branch ${{ github.ref_name }} --config ./.ct.yaml
+      - name: Lint chart
+        run: |
+          ct lint --config ./.ct.yaml --target-branch ${{ github.ref_name }}
+
+          curl --silent --show-error --fail --location https://github.com/artifacthub/hub/releases/download/v1.17.0/ah_1.17.0_linux_amd64.tar.gz --remote-name
+          echo "57c184b71a9a5c59192c2158fc08bdddca5c340fb1deeed0158383a665b38bf1  ah_1.17.0_linux_amd64.tar.gz" | shasum --check
+          tar xzf ah_1.17.0_linux_amd64.tar.gz ah
+
+          ./ah lint --path charts/ingress-nginx
+
+          rm ah_1.17.0_linux_amd64.tar.gz ah
 
       - uses: dorny/paths-filter@de90cc6fb38fc0963ad72b210f1f284cd68cea36 # v3.0.2
         id: filter

.gitignore

@@ -1,4 +1,3 @@
-helm-docs
 # OSX
 ._*
 .DS_Store

MANUAL_RELEASE.md

@@ -231,14 +231,12 @@ Promoting the images basically means that images, that were pushed to staging co
     - tag
     - digest
 
-  - [helm-docs](https://github.com/norwoodj/helm-docs) is a tool that generates the README.md for a helm-chart automatically. In the CI pipeline workflow of github actions (/.github/workflows/ci.yaml), you can see how helm-docs is used. But the CI pipeline is not designed to make commits back into the project. So we need to run helm-docs manually, and check in the resulting autogenerated README.md at the path /charts/ingress-nginx/README.md
+  - [helm-docs](https://github.com/norwoodj/helm-docs) is a tool that generates the README.md for a Helm chart automatically. In the CI pipeline workflow of GitHub actions (.github/workflows/ci.yaml), you can see how helm-docs is used. The CI pipeline is not designed to make commits back into the project, so we need to run helm-docs manually and commit the resulting generated README.md. You can obtain a recent version of the helm-docs binary here: https://github.com/norwoodj/helm-docs/releases.
     ```
-          GOBIN=$PWD GO111MODULE=on go install github.com/norwoodj/helm-docs/cmd/helm-docs@v1.11.0
-          ./helm-docs --chart-search-root=${GITHUB_WORKSPACE}/charts
-          git diff --exit-code
-          rm -f ./helm-docs
+    helm-docs --chart-search-root charts
+    git diff charts/ingress-nginx/README.md
     ```
-    Watchout for mistakes like leaving the helm-docs executable in your clone workspace or not checking the new README.md manually etc.
+    Take care of not leaving the helm-docs executable in your clone workspace or not committing the new README.md.
 
 ### e. Edit the static manifests
 

docs/user-guide/third-party-addons/opentelemetry.md

@@ -191,7 +191,7 @@ To install the example and collectors run:
     helm repo add grafana https://grafana.github.io/helm-charts
     helm repo update
     # deploy cert-manager needed for OpenTelemetry collector operator
-    kubectl apply -f https://github.com/cert-manager/cert-manager/releases/download/v1.9.1/cert-manager.yaml
+    kubectl apply -f https://github.com/cert-manager/cert-manager/releases/download/v1.13.3/cert-manager.yaml
     # create observability namespace
     kubectl apply -f https://raw.githubusercontent.com/esigo/nginx-example/main/observability/namespace.yaml
     # install OpenTelemetry collector operator

magefiles/steps/helm.go

@@ -170,7 +170,7 @@ func runHelmDocs() error {
 	if err != nil {
 		return err
 	}
-	err = sh.RunV("helm-docs", "--chart-search-root=${PWD}/charts")
+	err = sh.RunV("helm-docs", "--chart-search-root", "${PWD}/charts")
 	if err != nil {
 		return err
 	}
@@ -181,7 +181,7 @@ func installHelmDocs() error {
 	utils.Info("HELM Install HelmDocs")
 	g0 := sh.RunCmd("go")
 
-	err := g0("install", "github.com/norwoodj/helm-docs/cmd/helm-docs@v1.11.0")
+	err := g0("install", "github.com/norwoodj/helm-docs/cmd/helm-docs@v1.11.3")
 	if err != nil {
 		return err
 	}

test/e2e/run-chart-test.sh

@@ -91,25 +91,31 @@ echo "[dev-env] copying docker images to cluster..."
 kind load docker-image --name="${KIND_CLUSTER_NAME}" --nodes=${KIND_WORKERS} ${REGISTRY}/controller:${TAG}
 
 if [ "${SKIP_CERT_MANAGER_CREATION:-false}" = "false" ]; then
-  curl -fsSL -o cmctl.tar.gz https://github.com/cert-manager/cert-manager/releases/download/v1.11.1/cmctl-linux-amd64.tar.gz
-  tar xzf cmctl.tar.gz
-  chmod +x cmctl
- ./cmctl help
-  echo "[dev-env] apply cert-manager ..."
-  kubectl apply --wait -f https://github.com/cert-manager/cert-manager/releases/download/v1.11.0/cert-manager.yaml
-  kubectl wait --timeout=30s --for=condition=available deployment/cert-manager -n cert-manager
-  kubectl get validatingwebhookconfigurations cert-manager-webhook -ojson | jq '.webhooks[].clientConfig'
-  kubectl get endpoints -n cert-manager cert-manager-webhook
-  ./cmctl check api --wait=2m
+  echo "[dev-env] deploying cert-manager..."
+
+  # Get OS and platform for downloading cmctl.
+  os="$(uname -o | tr "[:upper:]" "[:lower:]")"
+  platform="$(uname -m | sed "s/aarch64/arm64/;s/x86_64/amd64/")"
+
+  # Download cmctl. Cannot validate checksum since OS and platform may vary.
+  curl --silent --show-error --fail --location "https://github.com/cert-manager/cert-manager/releases/download/v1.13.3/cmctl-${os}-${platform}.tar.gz" | tar xz cmctl
+
+  # Deploy cert-manager.
+  kubectl create --filename https://github.com/cert-manager/cert-manager/releases/download/v1.13.3/cert-manager.yaml
+  kubectl rollout status deployment --namespace cert-manager cert-manager --timeout 30s
+  ./cmctl check api --wait 2m
 fi
 
 echo "[dev-env] running helm chart e2e tests..."
-docker run --rm --interactive --network host \
+docker run \
   --name ct \
-    --volume $KUBECONFIG:/root/.kube/config \
-    --volume "${DIR}/../../":/workdir \
+  --volume "${KUBECONFIG}:/root/.kube/config:ro" \
+  --volume "${DIR}/../../:/workdir" \
+  --network host \
   --workdir /workdir \
+  --entrypoint ct \
+  --rm \
   registry.k8s.io/ingress-nginx/e2e-test-runner:v20240829-2c421762@sha256:5b7809bfe9cbd9cd6bcb8033ca27576ca704f05ce729fe4dcb574810f7a25785 \
-        ct install \
+    install \
       --charts charts/ingress-nginx \
       --helm-extra-args "--timeout 60s"