Uploaded image for project: 'Helm'
  1. Helm
  2. HELM-113

Submit public partner chart to repo

XMLWordPrintable

    • Icon: Epic Epic
    • Resolution: Done
    • Icon: Major Major
    • None
    • None
    • None
    • None
    • Submit public partner chart to repo
    • False
    • False
    • Done
    • 0% To Do, 0% In Progress, 100% Done
    • Undefined
    • AppSvc Sprint 198, AppSvc Sprint 199, AppSvc Sprint 200, AppSvc Sprint 201

      • Charts are managed within Red Hat Helm Repository on a location following the convention charts/partners/<vendor label>/<chart name>
      • index.yaml served from https://openshift-helm-charts.github.com/repo
      • Each chart folder in Red Hat Helm Repository keeps an owner file describing who is allowed to perform pull request: 
        provider:
  name: Foo
  key: <gpg key provided through portal>
chart:
  name: <chart name as registered in portal>
 users:
   - name: <github username>
  - name: <github username>

      Proposed workflow for public chart submission

      • As a partner create create pull request containing chart (not tarball) to be added under a given folder inside the repo
      • PR triggers a GitHub job that checks if PR author is authorized to add charts to that location
      • chart-verifier tool checks the submitted chart
      • in case of successful verification, merge PR, otherwise write a comment to PR stating what checks are not passing
      • on merge create an entry and add it to index.yaml

      Charts are managed on master branch, but index.yaml is served from another branch, e.g. index.

      During generation of index.yaml a few additional annotation could be added to index entries or overridden from Chart metadata:

      Helm Metadata

      Pending works

      • [DONE] verify the user is valid for the given PR and report the same
      • [DONE] check if the report is present and valid
      • [DONE] ensure the report is signed using a valid GPG key
      • [DONE] ensure chart digest also matches with the report (if the chart tarball is available)
      • [DONE] ensure report indicates that the verification was successful
      • [Obsolete] Makefile to build
      • [DONE] create index.yaml with extra annotation using the report 
      • [Obsolete] On merge to “master”, update the project status via the Red Hat certification API.  Acquire the access details (API token) for pyxis. What happens if any external source is not working. (Pyxis will monitor Github via webhook, no need to call certification API)
      • Slack integration for notification (external service failure, PR submission, etc.)

       

        1. CertifiedHelm Details.png
          CertifiedHelm Details.png
          386 kB
        1.
        		 verify user is valid for the given PR and report the same Sub-task Closed Undefined Unassigned
        2.
        		 check if the report is present and valid Sub-task Closed Undefined Unassigned
        3.
        		 ensure the report is signed using a valid GPG key Sub-task Closed Undefined Unassigned
        4.
        		 ensure chart digest also matches with the report (if the chart tarball is available) Sub-task Closed Undefined Unassigned
        5.
        		 ensure report indicates that the verification was successful Sub-task Closed Undefined Unassigned
        6.
        		 create index.yaml with extra annotation using the report Sub-task Closed Undefined Unassigned

            bmuthuka Baiju Muthukadan
            pedjak@gmail.com Predrag Knezevic (Inactive)
            Votes:
            0 Vote for this issue
            Watchers:
            6 Start watching this issue

              Created:
              Updated:
              Resolved: