Release 0.4.0 (#113)

* create release branch + udpate app version to 0.1.37

* fail template when runtime.name not provided (#117)

* fail template when runtime.name not provided

* add test on runtimename

* ArgoCD 2.9.3 + ArgoRollouts 1.6.1 (#115)

* change argo-cd chart to release version

* bump minor version

* fix readme (#118)

* Hosted runtimes registration flow (#116)

* bump app-proxy

---------

Co-authored-by: ilia-medvedev-codefresh <[email protected]>
Co-authored-by: danielm-codefresh <[email protected]>

Author: 3 people

charts/gitops-runtime/Chart.yaml

@@ -1,8 +1,8 @@
 apiVersion: v2
-appVersion: 0.1.36
+appVersion: 0.1.37
 description: A Helm chart for Codefresh gitops runtime
 name: gitops-runtime
-version: 0.3.5
+version: 0.4.0
 home: https://github.com/codefresh-io/gitops-runtime-helm
 icon: https://avatars1.githubusercontent.com/u/11412079?v=3
 keywords:
@@ -15,11 +15,21 @@ annotations:
   artifacthub.io/alternativeName: "codefresh-gitops-runtime"
   artifacthub.io/changes: |
     - kind: changed
-      description: Update ArgoCD chart to version 5.50.1-2-cap-CR-create-apps-with-err
+      description: Update app-proxy
+    - kind: changed
+      description: Update app version to 0.1.37
+    - kind: added
+      description: Support Codefresh hosted runtimes registration flow
+    - kind: fixed
+      description: fail templating when runtime.name is not provided and ingress is enabled
+    - kind: changed
+      description: Update Argo-CD to 5.51.6-1-cap-2.9-2023.12.06-e6258156d (2.9.3)
+    - kind: changed
+      description: Update Argo-Rollouts to 2.32.5-2-cap-init (1.6.1)
 dependencies:
 - name: argo-cd
   repository: https://codefresh-io.github.io/argo-helm
-  version: 5.50.1-2-cap-CR-create-apps-with-err
+  version: 5.51.6-1-cap-2.9-2023.12.06-e6258156d
 - name: argo-events
   repository: https://codefresh-io.github.io/argo-helm
   version: 2.0.9-1-cap-CR-19893
@@ -29,7 +39,7 @@ dependencies:
   condition: argo-workflows.enabled
 - name: argo-rollouts
   repository: https://codefresh-io.github.io/argo-helm
-  version: 2.31.6-1-cf-init
+  version: 2.32.5-2-cap-init
   condition: argo-rollouts.enabled
 - name: sealed-secrets
   repository: https://bitnami-labs.github.io/sealed-secrets/

charts/gitops-runtime/README.md

@@ -1,5 +1,5 @@
 ## Codefresh gitops runtime
-![Version: 0.3.5](https://img.shields.io/badge/Version-0.3.5-informational?style=flat-square) ![AppVersion: 0.1.36](https://img.shields.io/badge/AppVersion-0.1.36-informational?style=flat-square)
+![Version: 0.4.0](https://img.shields.io/badge/Version-0.4.0-informational?style=flat-square) ![AppVersion: 0.1.37](https://img.shields.io/badge/AppVersion-0.1.37-informational?style=flat-square)
 
 ## Prerequisites
 
@@ -27,7 +27,7 @@ We have created a helper utility to resolve this issue:
 The utility is packaged in a container image. Below are instructions on executing the utility using Docker:
 
 ```
-docker run -v <output_dir>:/output quay.io/codefresh/gitops-runtime-private-registry-utils:0.3.5 <local_registry>
+docker run -v <output_dir>:/output quay.io/codefresh/gitops-runtime-private-registry-utils:0.4.0 <local_registry>
 ```
 `output_dir` - is a local directory where the utility will output files. <br>
 `local_registry` - is your local registry where you want to mirror the images to
@@ -100,14 +100,14 @@ sealed-secrets:
 | app-proxy.image-enrichment.serviceAccount.name | string | `"codefresh-image-enrichment-sa"` | Name of the service account to create or the name of the existing one to use |
 | app-proxy.image.pullPolicy | string | `"IfNotPresent"` |  |
 | app-proxy.image.repository | string | `"quay.io/codefresh/cap-app-proxy"` |  |
-| app-proxy.image.tag | string | `"1.2508.3"` |  |
+| app-proxy.image.tag | string | `"1.2565.0"` |  |
 | app-proxy.imagePullSecrets | list | `[]` |  |
 | app-proxy.initContainer.command[0] | string | `"./init.sh"` |  |
 | app-proxy.initContainer.env | object | `{}` |  |
 | app-proxy.initContainer.extraVolumeMounts | list | `[]` | Extra volume mounts for init container |
 | app-proxy.initContainer.image.pullPolicy | string | `"IfNotPresent"` |  |
 | app-proxy.initContainer.image.repository | string | `"quay.io/codefresh/cap-app-proxy-init"` |  |
-| app-proxy.initContainer.image.tag | string | `"1.2508.3"` |  |
+| app-proxy.initContainer.image.tag | string | `"1.2565.0"` |  |
 | app-proxy.initContainer.resources.limits.cpu | string | `"1"` |  |
 | app-proxy.initContainer.resources.limits.memory | string | `"512Mi"` |  |
 | app-proxy.initContainer.resources.requests.cpu | string | `"0.2"` |  |
@@ -277,8 +277,9 @@ sealed-secrets:
 | global.codefresh.userToken | object | `{"secretKeyRef":{},"token":""}` | User token. Used for runtime registration against the patform. One of token (for plain text value) or secretKeyRef must be provided. |
 | global.codefresh.userToken.secretKeyRef | object | `{}` | User token that references an existing secret containing the token. |
 | global.codefresh.userToken.token | string | `""` | User token in plain text. The chart creates and manages the secret for this token. |
-| global.runtime | object | `{"cluster":"https://kubernetes.default.svc","eventBus":{"annotations":{},"name":"codefresh-eventbus","nats":{"native":{"auth":"token","containerTemplate":{"resources":{"limits":{"cpu":"500m","ephemeral-storage":"2Gi","memory":"4Gi"},"requests":{"cpu":"200m","ephemeral-storage":"2Gi","memory":"1Gi"}}},"maxPayload":"4MB","replicas":3}},"pdb":{"enabled":true,"minAvailable":2}},"gitCredentials":{"password":{"secretKeyRef":{},"value":null},"username":"username"},"ingress":{"annotations":{},"className":"nginx","enabled":false,"hosts":[],"protocol":"https","tls":[]},"ingressUrl":"","name":null}` | Runtime level settings |
+| global.runtime | object | `{"cluster":"https://kubernetes.default.svc","codefreshHosted":false,"eventBus":{"annotations":{},"name":"codefresh-eventbus","nats":{"native":{"auth":"token","containerTemplate":{"resources":{"limits":{"cpu":"500m","ephemeral-storage":"2Gi","memory":"4Gi"},"requests":{"cpu":"200m","ephemeral-storage":"2Gi","memory":"1Gi"}}},"maxPayload":"4MB","replicas":3}},"pdb":{"enabled":true,"minAvailable":2}},"gitCredentials":{"password":{"secretKeyRef":{},"value":null},"username":"username"},"ingress":{"annotations":{},"className":"nginx","enabled":false,"hosts":[],"protocol":"https","tls":[]},"ingressUrl":"","name":null}` | Runtime level settings |
 | global.runtime.cluster | string | `"https://kubernetes.default.svc"` | Runtime cluster. Should not be changed. |
+| global.runtime.codefreshHosted | bool | `false` | Defines whether this is a Codefresh hosted runtime. Should not be changed. |
 | global.runtime.eventBus.annotations | object | `{}` | Annotations on EventBus resource |
 | global.runtime.eventBus.name | string | `"codefresh-eventbus"` | Eventbus name |
 | global.runtime.eventBus.pdb | object | `{"enabled":true,"minAvailable":2}` | Pod disruption budget for the eventbus |

charts/gitops-runtime/templates/_components/cap-app-proxy/_config.yaml

@@ -5,7 +5,7 @@ argoWorkflowsInsecure: {{ .Values.config.argoWorkflowsInsecure | quote }}
 argoWorkflowsUrl: {{ default "" .Values.config.argoWorkflowsUrl }}
 cors: {{ .Values.global.codefresh.url }}
 env: {{ .Values.config.env | quote}}
-runtimeName: {{ .Values.global.runtime.name | quote}}
+runtimeName: {{ required "global.runtime.name is required" .Values.global.runtime.name | quote}}
 skipGitPermissionValidation: {{ .Values.config.skipGitPermissionValidation | quote }}
 logLevel: {{ .Values.config.logLevel | quote }}
   {{- $enrichmentValues := get .Values "image-enrichment" }}

charts/gitops-runtime/templates/app-proxy/_app-proxy-env.yaml

@@ -1,4 +1,4 @@
-{{/* 
+{{/*
 Some app-proxy environment variables are determined by values provided in other components,
 to keep the separation of components as pseudo library charts, they are defined here to be merged when
 app-proxy components are generated.
@@ -9,8 +9,29 @@ USER_TOKEN:
   {{- include "codefresh-gitops-runtime.installation-token-env-var-value" . | nindent 2 }}
   {{- if or .Values.global.runtime.gitCredentials.password.value .Values.global.runtime.gitCredentials.password.secretKeyRef }}
 GIT_USERNAME: {{ .Values.global.runtime.gitCredentials.username }}
-GIT_PASSWORD: 
+GIT_PASSWORD:
   {{- include "codefresh-gitops-runtime.runtime-gitcreds.password.env-var-value" . | nindent 2 }}
   {{- end }}
 WORKFLOW_PIPELINES_WEBHOOKS_TLS_SECRET: codefresh-workflow-pipelines-tls
+{{- /* Target account id, used for hosted runtimes registration. Not used in hybrid */}}
+  {{- if .Values.global.runtime.codefreshHosted }}
+INSTALLATION_TYPE: HELM_HOSTED
+CODEFRESH_ADMIN_TOKEN:
+  {{- include "codefresh-gitops-runtime.installation-token-env-var-value" . | nindent 2 }}
+    {{- if .Values.global.codefresh.accountId }}
+TARGET_RUNTIME_ACCOUNT_ID: {{ .Values.global.codefresh.accountId }}
+    {{- else }}
+      {{- fail "global.codefresh.accountId must be provided for hosted runtimes"}}
+    {{- end }}
+  {{- end }}
+{{/*
+This will promote argo-rollouts dependency version to app-proxy.
+This will be used when installing argo-rollouts using button.
+*/}}
+{{- range $d := .Chart.Dependencies }}
+{{- if eq $d.Name "argo-rollouts" }}
+ROLLOUTS_HELM_REPOSITORY: {{ $d.Repository | quote }}
+ROLLOUTS_HELM_VERSION: {{ $d.Version | quote }}
+{{- end }}
+{{- end }}
 {{- end }}

charts/gitops-runtime/tests/app-proxy-hosted_test.yaml

@@ -0,0 +1,69 @@
+suite: Test hosted runtime flow in app-proxy
+templates:
+  - app-proxy/deployment.yaml
+  - app-proxy/config.yaml
+tests:
+- it: accountId appears in app-proxy env if provided - used in hosted
+  template: 'app-proxy/deployment.yaml'
+  values:
+  - ./values/mandatory-values.yaml
+  set:
+    global.runtime.codefreshHosted: true
+    global.codefresh.accountId: "asd123"
+  asserts:
+  - contains:
+      path: spec.template.spec.containers[0].env
+      content:
+        name: TARGET_RUNTIME_ACCOUNT_ID
+        value: "asd123"
+
+- it: Fail template accountId missing for hosted runtime
+  template: 'app-proxy/deployment.yaml'
+  values:
+  - ./values/mandatory-values.yaml
+  set:
+    global.runtime.codefreshHosted: true
+    global.codefresh.accountId: ""
+  asserts:
+  - failedTemplate:
+      errorMessage: 'global.codefresh.accountId must be provided for hosted runtimes'
+
+- it: accountId appears in app-proxy env and runtime type is HELM_HOSTED
+  template: 'app-proxy/deployment.yaml'
+  values:
+  - ./values/mandatory-values.yaml
+  set:
+    global.runtime.codefreshHosted: true
+    global.codefresh.accountId: "asd123"
+  asserts:
+  - contains:
+      path: spec.template.spec.containers[0].env
+      content:
+        name: TARGET_RUNTIME_ACCOUNT_ID
+        value: "asd123"
+  - contains:
+      path: spec.template.spec.containers[0].env
+      content:
+        name: INSTALLATION_TYPE
+        value: "HELM_HOSTED"
+  - notContains:
+      path: spec.template.spec.containers[0].env
+      content:
+        name: INSTALLATION_TYPE
+        value: "HELM"
+
+- it: Installation type shpuld be Helm by default
+  template: 'app-proxy/deployment.yaml'
+  values:
+  - ./values/mandatory-values.yaml
+  asserts:
+  - contains:
+      path: spec.template.spec.containers[0].env
+      content:
+        name: INSTALLATION_TYPE
+        value: "HELM"
+  - notContains:
+      path: spec.template.spec.containers[0].env
+      content:
+        name: INSTALLATION_TYPE
+        value: "HELM_HOSTED"

charts/gitops-runtime/tests/app-proxy-misc_test.yaml

@@ -219,3 +219,26 @@ tests:
       content:
         name: my-secret
         mountPath: /my-secret
+
+- it: Fail template if runtime name not provided
+  template: 'app-proxy/config.yaml'
+  set:
+    global.codefresh.userToken.token: dummy
+    global.codefresh.accountId: asddd
+    global.runtime.ingress.enabled: true 
+    global.runtime.ingress.hosts[0]: asddd
+  asserts:
+  - failedTemplate:
+      errorMessage: 'global.runtime.name is required'
+
+- it: Runtime name propagated to app-proxy cm
+  template: 'app-proxy/config.yaml'
+  values:
+  - ./values/mandatory-values.yaml
+  set:
+    global.runtime.name: test1
+  asserts:
+  - equal:
+      path: data.runtimeName
+      value: "test1"
+

charts/gitops-runtime/tests/installation-token_test.yaml

@@ -37,3 +37,39 @@ tests:
           secretKeyRef:
             name: mysecret
             key: mykey
+# Hosted admin token
+- it: app proxy - hosted plain string value
+  template: 'app-proxy/deployment.yaml'
+  values:
+  - ./values/mandatory-values-no-token.yaml
+  set:
+    global.runtime.codefreshHosted: true
+    global.codefresh.userToken.token: dummy
+  asserts:
+  - contains:
+      path: spec.template.spec.containers[0].env
+      content:
+        name: CODEFRESH_ADMIN_TOKEN
+        valueFrom:
+          secretKeyRef:
+            name: codefresh-user-token
+            key: token
+            optional: true
+
+- it: app proxy - hosted secretkeyref
+  template: 'app-proxy/deployment.yaml'
+  values:
+  - ./values/mandatory-values-no-token.yaml
+  set:
+    global.runtime.codefreshHosted: true
+    global.codefresh.userToken.secretKeyRef.name: mysecret
+    global.codefresh.userToken.secretKeyRef.key: mykey
+  asserts:
+  - contains:
+      path: spec.template.spec.containers[0].env
+      content:
+        name: CODEFRESH_ADMIN_TOKEN
+        valueFrom:
+          secretKeyRef:
+            name: mysecret
+            key: mykey

charts/gitops-runtime/values.yaml

@@ -50,6 +50,8 @@ global:
     name:
     # -- Runtime cluster. Should not be changed.
     cluster: https://kubernetes.default.svc
+    # -- Defines whether this is a Codefresh hosted runtime. Should not be changed.
+    codefreshHosted: false
     # -- Ingress settings
     ingress:
       # -- The protocol that Codefresh platform will use to access the runtime ingress. Can be http or https.
@@ -416,15 +418,15 @@ app-proxy:
           tag: 1.1.10-main
   image:
     repository: quay.io/codefresh/cap-app-proxy
-    tag: 1.2508.3
+    tag: 1.2565.0
     pullPolicy: IfNotPresent
   # -- Extra volume mounts for main container
   extraVolumeMounts: []
 
   initContainer:
     image:
       repository: quay.io/codefresh/cap-app-proxy-init
-      tag: 1.2508.3
+      tag: 1.2565.0
       pullPolicy: IfNotPresent
     command:
       - ./init.sh