Merge remote-tracking branch 'upstream/master'

Author: funkypenguin

.ci/ct-config.yaml

@@ -4,4 +4,4 @@
 chart-repos:
   - haproxy=https://haproxytech.github.io/helm-charts
 
-lint-conf: .ci/lint-config.yaml
+lint-conf: .ci/lint-config.yaml

.ci/scripts/local-ci.sh

@@ -0,0 +1,3 @@
+#!/bin/bash
+
+docker run --rm -it -w /repo -v $(pwd):/repo quay.io/helmpack/chart-testing ct lint --all --config .ci/ct-config.yaml

.ci/scripts/local-ct-lint.sh

@@ -0,0 +1,14 @@
+#!/bin/bash
+
+
+for chart in `ls charts`;
+do
+helm template --values charts/$chart/ci/ci-values.yaml charts/$chart | kube-score score - \
+    --ignore-test pod-networkpolicy \
+    --ignore-test deployment-has-poddisruptionbudget \
+    --ignore-test deployment-has-host-podantiaffinity \
+    --ignore-test pod-probes \
+    --ignore-test container-image-tag \
+    --enable-optional-test container-security-context-privileged \
+    --ignore-test container-security-context
+done

.ci/scripts/local-kube-score.sh

@@ -1,34 +1,95 @@
 name: Lint and Test Charts
 
-on: 
-  push:
+on:
+  # push:
+  #   paths:
+  #     - 'charts/**'
+  #     - '.github/**'
+  pull_request:
     paths:
       - 'charts/**'   
-      - '.github/**'            
+      - '.github/**'        
+  workflow_dispatch:
+
+env:
+  KUBE_SCORE_VERSION: 1.10.0
+  HELM_VERSION: v3.4.1
 
 jobs:
   lint-test:
     runs-on: ubuntu-latest
     steps:
       - name: Checkout
-        uses: actions/checkout@v1
-          
+        uses: actions/checkout@v2
+        with:
+          fetch-depth: 0
+
+      - name: Set up Helm
+        uses: azure/setup-helm@v1
+        with:
+          version: ${{ env.HELM_VERSION }}
+
+      - name: Set up kube-score
+        run: |
+          wget https://github.com/zegl/kube-score/releases/download/v${{ env.KUBE_SCORE_VERSION }}/kube-score_${{ env.KUBE_SCORE_VERSION }}_linux_amd64 -O kube-score
+          chmod 755 kube-score
+
+      - name: Kube-score generated manifests
+        run: helm template  --values .ci/values-kube-score.yaml charts/* | ./kube-score score -
+              --ignore-test pod-networkpolicy
+              --ignore-test deployment-has-poddisruptionbudget
+              --ignore-test deployment-has-host-podantiaffinity
+              --ignore-test container-security-context
+              --ignore-test pod-probes
+              --ignore-test container-image-tag
+              --enable-optional-test container-security-context-privileged
+
+      # python is a requirement for the chart-testing action below (supports yamllint among other tests)
+      - uses: actions/setup-python@v2
+        with:
+          python-version: 3.7
+
+      - name: Set up chart-testing
+        uses: helm/chart-testing-action@v2.0.1
+
+      - name: Run chart-testing (list-changed)
+        id: list-changed
+        run: |
+          changed=$(ct list-changed --config .ci/ct-config.yaml)
+          if [[ -n "$changed" ]]; then
+            echo "::set-output name=changed::true"
+          fi
+
       - name: Run chart-testing (lint)
-        id: lint
-        uses: helm/chart-testing-action@v1.0.0-rc.1
+        run: ct lint --config .ci/ct-config.yaml
+
+      # Refer to https://github.com/kubernetes-sigs/kind/releases when updating the node_images
+      - name: Create 1.20 kind cluster
+        uses: helm/kind-action@v1.1.0
         with:
-          config: .ci/ct-config.yaml
-          command: lint
+          node_image: kindest/node:v1.20.2@sha256:8f7ea6e7642c0da54f04a7ee10431549c0257315b3a634f6ef2fecaaedb19bab
+          cluster_name: kubernetes-1.20
+        if: steps.list-changed.outputs.changed == 'true'
 
-      - name: Create kind cluster
-        uses: helm/kind-action@v1.0.0-alpha.3
+      - name: Run chart-testing (install) against 1.20
+        run: ct install --config .ci/ct-config.yaml
+
+      - name: Create 1.19 kind cluster
+        uses: helm/kind-action@v1.1.0
         with:
-          install_local_path_provisioner: true
-        # Only build a kind cluster if there are chart changes to test.
-        if: steps.lint.outputs.changed == 'true'
+          node_image: kindest/node:v1.19.7@sha256:a70639454e97a4b733f9d9b67e12c01f6b0297449d5b9cbbef87473458e26dca
+          cluster_name: kubernetes-1.19
+        if: steps.list-changed.outputs.changed == 'true'
+
+      - name: Run chart-testing (install) against 1.19
+        run: ct install --config .ci/ct-config.yaml        
 
-      - name: Run chart-testing (install)
-        uses: helm/chart-testing-action@v1.0.0-rc.1
+      - name: Create 1.18 kind cluster
+        uses: helm/kind-action@v1.1.0
         with:
-          command: install
-          config: .ci/ct-config.yaml
+          node_image: kindest/node:v1.18.15@sha256:5c1b980c4d0e0e8e7eb9f36f7df525d079a96169c8a8f20d8bd108c0d0889cc4
+          cluster_name: kubernetes-1.18
+        if: steps.list-changed.outputs.changed == 'true'
+
+      - name: Run chart-testing (install) against 1.18
+        run: ct install --config .ci/ct-config.yaml        

.github/workflows/on-push-lint-charts.yml

@@ -4,63 +4,35 @@ on:
   push:
     branches:
       - master
+      - main # assume that the branch name may change in future
     paths:
       - 'charts/**'
-      - '.github/**'         
+      - '.github/**'
+  workflow_dispatch:
 
 jobs:
-  build:
+  publish-chart:
 
     runs-on: ubuntu-latest
 
     steps:
-    - uses: actions/checkout@v2
-    # - uses: azure/setup-helm@v1
-    #   id: installhelm3
-    #   with:
-    #     version: 'v3.0.3'
-    # - name: Publish helm charts
-    #   uses: funkypenguin/helm-gh-pages-action@v1.1.1
-    #   with:
-    #     # A personal access token needed to push your site after it has been built.
-    #     access-token: ${{ secrets.CR_TOKEN }}
-    #     # The branch expected by GitHub to have the static files needed for your site.
-    #     deploy-branch: chart
-    #     # The folder in which the helm charts are located
-    #     charts-folder: charts
+      - name: Checkout
+        uses: actions/checkout@v2
+        with:
+          fetch-depth: 0
+
+      - name: Configure Git
+        run: |
+          git config user.name "$GITHUB_ACTOR"
+          git config user.email "$GITHUB_ACTOR@users.noreply.github.com"
+
+      # We need cert-manager already installed in the cluster because we assume the CRDs exist
+      - name: Add haproxy repo
+        run: |
+          helm repo add haprox https://haproxytech.github.io/helm-charts --force-update
+
+      - name: Run chart-releaser
+        uses: helm/chart-releaser-action@v1.1.0
+        env:
+          CR_TOKEN: "${{ secrets.GITHUB_TOKEN }}"
 
-    - name: Fetch history
-      run: git fetch --prune --unshallow
-
-    - name: Configure Git
-      run: |
-        git config user.name "$GITHUB_ACTOR"
-        git config user.email "$GITHUB_ACTOR@users.noreply.github.com"
-
-    # See https://github.com/helm/chart-releaser-action/issues/6
-    - name: Install Helm
-      run: |
-        curl -fsSLo get_helm.sh https://raw.githubusercontent.com/helm/helm/master/scripts/get-helm-3
-        chmod 700 get_helm.sh
-        ./get_helm.sh
-
-    - name: Run chart-releaser
-      uses: helm/chart-releaser-action@v1.0.0-rc.2
-      env:
-        CR_TOKEN: "${{ secrets.CR_TOKEN }}"
-
-    # - name: Discord notification
-    #   env:
-    #     DISCORD_WEBHOOK: ${{ secrets.DISCORD_WEBHOOK }}
-    #   uses: Ilshidur/action-discord@master
-    #   with:
-    #     args: |
-    #       Greetings, geeks!  🤓
-
-    #       A new/updated helm ⎈ chart is fresh out of the oven!
-          
-    #       Here's what's changed:
-    #       > ${{github.event.commits[0].message}}
-
-    #       Get more details at:
-    #       {{ EVENT_PAYLOAD.compare }}

.github/workflows/on-push-master-publish-chart.yml

@@ -41,14 +41,14 @@ The chart includes the following features:
 
 * All configuration is done in values.yaml, or using the native "setup.sh" script (to create mailboxes or DKIM keys)
 * Avoids the [common problem of masking of source IP](https://kubernetes.io/docs/tutorials/services/source-ip/) by supporting haproxy's PROXY protocol (enabled by default)
-* Supports integration with external HAProxy, HAProxy Ingress Controller, or [poor-mans-k8s-lb](https://www.funkypenguin.co.nz/project/a-simple-free-load-balancer-for-your-kubernetes-cluster/)
 * Employs [cert-manager](https://github.com/jetstack/cert-manager) to automatically provide/renew SSL certificates
-* Bundles in [RainLoop](https://www.rainloop.net) for webmail access (enabled by default)
+* Bundles in [RainLoop](https://www.rainloop.net) for webmail access (disabled by default)
 * Starts in "demo" mode, allowing the user to test core functionality before configuring for specific domains
-
+* CI/CD tested against Kubernetes 1.18,1.19, and 1.20 : ![Lint and Test Charts](https://github.com/funkypenguin/helm-docker-mailserver/workflows/Lint%20and%20Test%20Charts/badge.svg)
+* 
 ## Prerequisites
 
-- Kubernetes 1.5+ (*CI validates against 1.12.0*)
+- Kubernetes 1.16+ (*CI validates against > 1.18.0*)
 - To use HAProxy ingress, you'll need to deploying the chart to a cluster with a cloud provider capable of provisioning an
 external load balancer (e.g. AWS, DO or GKE). (There is an [update planned](https://github.com/funkypenguin/docker-mailserver/issues/5) to support HA ingress on bare-metal deployments)
 - You control DNS for the domain(s) you intend to route through Traefik

README.md

@@ -0,0 +1,61 @@
+# How this chart is tested
+
+# Automated tests
+
+Every pull request to the master branch trigger the following tests:
+
+* ct lint
+* ct install
+
+
+[![Linting](https://github.com/funkypenguin/helm-docker-mailserver/workflows/Linting/badge.svg)](.github/workflows/on-pr-lint-charts.yml)
+[![Testing](https://github.com/funkypenguin/helm-docker-mailserver/workflows/Testing/badge.svg)](.github/workflows/on-pr-test-charts.yml)
+
+
+# Local testing
+
+If you're submitting a PR, and you want to ensure your changes will pass automated testing (above), here are your options:
+
+## Linting
+
+We use helm's [chart-testing](https://github.com/helm/chart-testing) tool to lint our charts. The tool can be installed locally, or it can be run in a Docker container.
+
+To run in Docker:
+
+1. Have Docker installed
+2. Run `./ci/scripts/local-lint`
+
+To run locally:
+
+1. Have ct installed (Get a binary package from https://github.com/helm/chart-testing/releases)
+2. Run `ct lint --config=.ci/ct-config.yaml`
+
+## Deployment testing
+
+*ct* can also test a chart by deploying it to a temporary namespace in a Kubernetes cluster, and waiting for indications that the deployment has been successful. This is a good way to test how the deployment behaves "for real".
+
+
+
+
+ct lint --config=.ci/ct-config.yaml
+
+Create a KinD cluster, by running `kind create cluster`:
+
+```
+❯ kind create cluster
+Creating cluster "kind" ...
+ ✓ Ensuring node image (kindest/node:v1.17.0) 🖼
+ ✓ Preparing nodes 📦
+ ✓ Writing configuration 📜
+ ✓ Starting control-plane 🕹️
+ ✓ Installing CNI 🔌
+ ✓ Installing StorageClass 💾
+Set kubectl context to "kind-kind"
+You can now use your cluster with:
+
+kubectl cluster-info --context kind-kind
+
+Have a nice day! 👋
+```
+
+Trigger a `ct install` test against the KinD cluster, by running `t install --config=.ci/ct-config.yaml`. **ct** will target your current context (be careful if you've got multiple contexts configured!), create a temporary namespace, and deploy the chart into that namespace, until `helm --wait` indicates success. After this, the helm release will be removed, the namespace deleted, and you can retire your KinD cluster by running `kind delete cluster`.

TESTING.md

@@ -0,0 +1,6 @@
+dependencies:
+- name: kubernetes-ingress
+  repository: https://haproxytech.github.io/helm-charts
+  version: 1.1.3
+digest: sha256:4676741dfbd0f8ba12d3eec6664a104f37ef512b606ac8a125e238893864251e
+generated: "2021-02-01T21:13:01.7790873Z"

charts/docker-mailserver/Chart.lock

@@ -1,8 +1,8 @@
-apiVersion: v1
-appVersion: "6.3.0"
+apiVersion: v2
+appVersion: "8.0.1"
 description: A fullstack but simple mailserver (smtp, imap, antispam, antivirus, ssl...) using Docker.
 name: docker-mailserver
-version: 0.2.4-pre1
+version: 0.3.0
 sources:
 - https://github.com/funkypenguin/helm-docker-mailserver
 maintainers:
@@ -14,4 +14,12 @@ keywords:
 - dovecot
 - amavis
 - imap
-home: https://github.com/funkypenguin/helm-docker-mailserver
+home: https://github.com/funkypenguin/helm-docker-mailserver
+icon: https://avatars.githubusercontent.com/u/76868633?s=400&v=4
+
+dependencies:
+  - name: "kubernetes-ingress"
+    version: "1.1.3"
+    repository: "https://haproxytech.github.io/helm-charts"
+    condition: haproxy.enabled
+    alias: "haproxy"