Helm chart for cronjob (#12)

* Add sample chart for spamoor

* add values to charts

* update values with a mock priv key

* update dockerfile to link to astriaorg utils

* avoid ignoring spamooor related directories

* Add docker builds

* Fix typos

* Update values for command and args

* Add argocd app

* Add argocd appset

* Add configs for 4 spamooor jobs (#16)

* add initial set of timings

* fix linting issues


* give jobs more time to complete

* Fix lints

* Fix history

---------

Co-authored-by: Bharath <[email protected]>

.github/workflows/docker-build.yml

@@ -0,0 +1,58 @@
+name: Docker
+
+# Trigger on pushes to master branch, new semantic version tags, and pull request updates
+on:
+  workflow_dispatch:
+    inputs:
+      tag:
+        description: Git branch, or tag to build from.
+        required: false
+      target:
+        description: Target to build.
+        required: false
+        type: choice
+        options:
+          - spamooor
+
+  merge_group:
+  push:
+    branches:
+      - "main"
+    tags:
+      - "**-v[0-9]+.[0-9]+.[0-9]+"
+      - "**-v[0-9]+.[0-9]+.[0-9]+-alpha.[0-9]+"
+      - "**-v[0-9]+.[0-9]+.[0-9]+-beta.[0-9]+"
+      - "**-v[0-9]+.[0-9]+.[0-9]+-rc[0-9]+"
+
+  pull_request:
+    types:
+      - opened
+      - synchronize
+      - reopened
+      - labeled
+
+jobs:
+  run_checker:
+    uses: ./.github/workflows/reusable-run-checker.yml
+
+  spamooor:
+    needs: run_checker
+    if: needs.run_checker.outputs.run_docker == 'true' || (github.event_name == 'workflow_dispatch' && github.event.inputs.target == 'spamooor')
+    uses: "./.github/workflows/reusable-docker-build.yml"
+    permissions:
+      contents: read
+      id-token: write
+      packages: write
+    with:
+      # depot-project-id: mhgvgvsjnx
+      package-name: spamooor
+      target-binary: astria-spamooor
+      tag: ${{ inputs.tag }}
+    secrets: inherit
+
+  docker:
+    if: ${{ always() && !cancelled() }}
+    needs: [spamooor]
+    uses: ./.github/workflows/reusable-success.yml
+    with:
+      success: ${{ !contains(needs.*.result, 'failure') }}

.github/workflows/lint.yml

@@ -0,0 +1,46 @@
+name: Lint
+on: 
+  pull_request:
+  merge_group:
+  push:
+    branches:
+      - "main"
+
+jobs:
+  run_checker:
+    uses: ./.github/workflows/reusable-run-checker.yml
+
+  charts:
+    runs-on: ubuntu-latest
+    needs: run_checker
+    if: needs.run_checker.outputs.run_lint_charts == 'true'
+    steps:
+      - name: Checkout
+        uses: actions/checkout@v4
+        with:
+          fetch-depth: 0
+      - name: Set up Helm
+        uses: azure/setup-helm@v4
+      - uses: actions/setup-python@v5
+        with:
+          python-version: '3.9'
+          check-latest: true
+      - name: Set up chart-testing
+        uses: helm/[email protected]
+      - name: Run chart-testing (list-changed)
+        id: list-changed
+        run: |
+          changed=$(ct list-changed --target-branch ${{ github.event.repository.default_branch }})
+          if [[ -n "$changed" ]]; then
+          echo "changed=true" >> "$GITHUB_OUTPUT"
+          fi
+      - name: Run chart-testing (lint)
+        if: steps.list-changed.outputs.changed == 'true'
+        run: ct lint --target-branch ${{ github.event.repository.default_branch }}
+
+  lint:
+    needs: [charts]
+    if: ${{ always() && !cancelled() }}
+    uses: ./.github/workflows/reusable-success.yml
+    with:
+      success: ${{ !contains(needs.*.result, 'failure') }}

.github/workflows/reusable-docker-build.yml

@@ -0,0 +1,101 @@
+name: Reusable Docker Build && Push Workflow
+
+on:
+  workflow_call:
+    inputs:
+      # depot-project-id:
+      #   required: true
+      #   type: string
+      package-name:
+        required: true
+        type: string
+      target-binary:
+        required: true
+        type: string
+      tag:
+        required: false
+        type: string
+    secrets:
+      DOCKER_TOKEN:
+        required: false
+      DOCKER_USER:
+        required: false
+env:
+  REGISTRY: ghcr.io
+  FULL_REF: ${{ inputs.tag && format('refs/tags/{0}', inputs.tag) || github.ref }}
+
+jobs:
+  build-and-push:
+    runs-on: ubuntu-latest
+    permissions:
+      contents: read
+      id-token: write
+      packages: write
+    if: startsWith(inputs.tag, inputs.package-name) || !inputs.tag && (startsWith(github.ref, format('refs/tags/{0}-v', inputs.package-name)) || github.ref == 'refs/heads/main' || github.event_name == 'pull_request' || github.event_name == 'merge_group')
+    steps:
+      # Checking out the repo
+      - uses: actions/checkout@v4
+        with:
+          ref: ${{ inputs.tag }}
+      # - uses: depot/setup-action@v1
+      - name: Login to Docker Hub
+        if: github.event_name != 'pull_request' || github.event.pull_request.head.repo.full_name == 'astriaorg/spamooor'
+        uses: docker/login-action@v2
+        with:
+          username: ${{ secrets.DOCKER_USER }}
+          password: ${{ secrets.DOCKER_TOKEN }}
+      - name: Log in to GHCR
+        uses: docker/login-action@v2
+        with:
+          registry: ${{ env.REGISTRY }}
+          username: ${{ github.actor }}
+          password: ${{ secrets.GITHUB_TOKEN }}
+      - name: Set up QEMU
+        uses: docker/setup-qemu-action@v2
+      - name: Set up Docker Buildx
+        id: buildx
+        uses: docker/setup-buildx-action@v2
+      # Generate correct tabs and labels
+      - name: Docker metadata
+        id: metadata
+        uses: docker/metadata-action@v4
+        with:
+          images: ${{ format('ghcr.io/astriaorg/{0}', inputs.package-name) }}
+          tags: |
+            type=ref,event=pr
+            type=match,pattern=refs/tags/${{ inputs.package-name }}-v(.*),group=1,enable=${{ startsWith(env.FULL_REF, 'refs/tags/') }},value=${{ env.FULL_REF }}
+            type=sha
+            # set latest tag for `main` branch
+            type=raw,value=latest,enable=${{ env.FULL_REF == format('refs/heads/{0}', 'main') }}
+      - name: Build and push
+        uses: docker/build-push-action@v4
+        with:
+          # this gets rid of the unknown/unknown image that is created without this setting
+          # https://github.com/docker/build-push-action/issues/820#issuecomment-1455687416
+          provenance: false
+          context: .
+          file: Dockerfile
+          build-args: |
+            TARGETBINARY=${{ inputs.target-binary }}
+          platforms: 'linux/amd64,linux/arm64'
+          push: ${{ github.repository_owner == 'astriaorg'}}
+          tags: ${{ steps.metadata.outputs.tags }}
+          labels: ${{ steps.metadata.outputs.labels }}
+      # - name: Build and push (Depot)
+      #   uses: depot/build-push-action@v1
+      #   with:
+      #     # this gets rid of the unknown/unknown image that is created without this setting
+      #     # https://github.com/docker/build-push-action/issues/820#issuecomment-1455687416
+      #     provenance: false
+      #     context: .
+      #     file: containerfiles/Dockerfile
+      #     build-args: |
+      #       TARGETBINARY=${{ inputs.target-binary }}
+      #     platforms: "linux/amd64,linux/arm64"
+      #     push: ${{ github.event_name != 'pull_request' || github.event.pull_request.head.repo.full_name == 'astriaorg/spamooor' }}
+      #     tags: ${{ steps.metadata.outputs.tags }}
+      #     labels: ${{ steps.metadata.outputs.labels }}
+      #     project: ${{ inputs.depot-project-id }}
+
+
+

.github/workflows/reusable-run-checker.yml

@@ -0,0 +1,38 @@
+name: Reusable Run Checker Workflow
+
+on:
+  workflow_call:
+    outputs:
+      run_docker:
+        description: If docker workflow needs to be run, will be 'true'
+        value: ${{ github.event_name != 'pull_request' || jobs.changes.outputs.docker_workflow == 'true' || contains(github.event.pull_request.labels.*.name, 'docker-build') }}
+      run_lint_charts:
+        description: If lint for charts needs to be run, will be 'true'
+        value: ${{ github.event_name != 'pull_request' || jobs.changes.outputs.lint_workflow == 'true' || jobs.changes.outputs.charts == 'true' }}
+
+jobs:
+  changes:
+    runs-on: ubuntu-latest
+    permissions:
+      pull-requests: read
+    outputs:
+      docker_workflow: ${{ steps.filters.outputs.docker_workflow }}
+      lint_workflow: ${{ steps.filters.outputs.lint_workflow }}
+      charts: ${{ steps.filters.outputs.charts }}
+    steps:
+      - uses: actions/checkout@v4
+      - uses: dorny/paths-filter@v3
+        id: filters
+        with:
+          list-files: json
+          filters: |
+            docker_workflow:
+              - '.github/workflows/docker-build.yml'
+              - '.github/workflows/reusable-docker-build.yml'
+              - '.dockerignore'
+            lint_workflow:
+              - '.github/workflows/lint.yml'
+            markdown:
+              - '**/*.md'
+            charts:
+              - 'charts/**'

.github/workflows/reusable-success.yml

@@ -0,0 +1,18 @@
+name: Reusable Success Check
+
+on:
+  workflow_call:
+    inputs:
+      success:
+        required: true
+        type: boolean
+
+jobs:
+  success:
+    runs-on: ubuntu-latest
+    if: ${{ always() && !cancelled() }}
+    steps:
+      - if: ${{ !inputs.success }}
+        run: exit 1
+      - if: ${{ inputs.success }}
+        run: exit 0

argocd/app/app-spamooor.yaml

@@ -0,0 +1,16 @@
+apiVersion: argoproj.io/v1alpha1
+kind: Application
+metadata:
+  name: spamooor
+spec:
+  project: default
+  destination:
+    server: https://kubernetes.default.svc
+    namespace: spamooor-cronjobs
+  source:
+    repoURL: https://github.com/astriaorg/spamooor.git
+    targetRevision: helm-chart
+    path: charts/spamooor-cronjobs
+    helm:
+      valueFiles:
+      - values.yaml

argocd/appset/spamooor-applicationset.yaml

@@ -0,0 +1,62 @@
+# Source: https://github.com/argoproj/argo-cd/blob/master/docs/operator-manual/applicationset.yaml
+apiVersion: argoproj.io/v1alpha1
+kind: ApplicationSet
+metadata:
+  name: pr-spamooor
+  namespace: argocd
+spec:
+  goTemplate: true
+  goTemplateOptions: ["missingkey=error"]
+  generators:
+  - pullRequest:
+      # PR template vars for this generator:
+      # https://argo-cd.readthedocs.io/en/stable/operator-manual/applicationset/Generators-Pull-Request/  
+      # https://github.com/argoproj/argo-cd/blob/33f5714c832eebee420dad6e14a638915b9ba872/applicationset/generators/pull_request.go#L104
+      # {{ .number }}
+      # {{ .branch }}
+      # {{ .branch_slug }}
+      # {{ .target_branch_slug }}
+      # {{ .head_sha }}
+      # {{ .head_short_sha }}
+      # {{ .head_short_sha_7 }}
+      # {{ .labels }}
+      github:
+        owner: astriaorg
+        repo: astria
+        tokenRef:
+          key: token
+          secretName: github-pat
+        labels:
+          # All of the following labels are required to be set on the PR for the app to be created
+        - preview 
+      requeueAfterSeconds: 60
+  template:
+    metadata:
+      name: pr-{{.number}}-spamooor
+    spec:
+      destination:
+        server: https://kubernetes.default.svc
+        namespace: pr-{{.number}}-spamooor
+      project: default
+      sources:
+        - repoURL: https://github.com/astriaorg/spamooor.git
+          targetRevision: 'pull/{{.number}}/head' # '{{.head_sha}}'
+          path: charts/spamooor-cronjobs
+          helm: 
+            # https://argo-cd.readthedocs.io/en/stable/user-guide/helm/#helm-value-precedence
+            # Order of precedence is as follows: 
+            #       lowest  -> valueFiles
+            #               -> values
+            #               -> valuesObject
+            #       highest -> parameters
+
+            valueFiles:
+            - values.yaml
+
+      syncPolicy:
+        automated:
+          prune: true
+          selfHeal: false
+          allowEmpty: true
+        syncOptions:
+        - CreateNamespace=true

charts/spamooor-cronjobs/.helmignore

@@ -0,0 +1 @@
+.git/

charts/spamooor-cronjobs/Chart.yaml

@@ -0,0 +1,14 @@
+apiVersion: v2
+appVersion: 0.1.0
+description: A Helm chart for Kubernetes
+name: spamooor-cronjobs
+type: application
+version: 0.1.2
+
+maintainers:
+  - name: bharath-123
+    url: astria.org
+  - name: aajimal
+    url: astria.org
+  - name: joroshiba
+    url: astria.org