Uploaded image for project: 'Helm'
  1. Helm
  2. HELM-113

Submit public partner chart to repo

    XMLWordPrintable

Details

    • Epic
    • Resolution: Done
    • Major
    • None
    • None
    • None
    • None
    • AppSvc Sprint 198, AppSvc Sprint 199, AppSvc Sprint 200, AppSvc Sprint 201

    Description

      • Charts are managed within Red Hat Helm Repository on a location following the convention charts/partners/<vendor label>/<chart name>
      • index.yaml served from https://openshift-helm-charts.github.com/repo
      • Each chart folder in Red Hat Helm Repository keeps an owner file describing who is allowed to perform pull request:
        provider:
          name: Foo
          key: <gpg key provided through portal>
        chart:
          name: <chart name as registered in portal>
         users:
           - name: <github username>
          - name: <github username>
        

      Proposed workflow for public chart submission

      • As a partner create create pull request containing chart (not tarball) to be added under a given folder inside the repo
      • PR triggers a GitHub job that checks if PR author is authorized to add charts to that location
      • chart-verifier tool checks the submitted chart
      • in case of successful verification, merge PR, otherwise write a comment to PR stating what checks are not passing
      • on merge create an entry and add it to index.yaml

      Charts are managed on master branch, but index.yaml is served from another branch, e.g. index.

      During generation of index.yaml a few additional annotation could be added to index entries or overridden from Chart metadata:

      Helm Metadata

      Pending works

      • [DONE] verify the user is valid for the given PR and report the same
      • [DONE] check if the report is present and valid
      • [DONE] ensure the report is signed using a valid GPG key
      • [DONE] ensure chart digest also matches with the report (if the chart tarball is available)
      • [DONE] ensure report indicates that the verification was successful
      • [Obsolete] Makefile to build
      • [DONE] create index.yaml with extra annotation using the report 
      • [Obsolete] On merge to “master”, update the project status via the Red Hat certification API.  Acquire the access details (API token) for pyxis. What happens if any external source is not working. (Pyxis will monitor Github via webhook, no need to call certification API)
      • Slack integration for notification (external service failure, PR submission, etc.)

       

      Attachments

        Issue Links

          Activity

            People

              bmuthuka Baiju Muthukadan
              pedjak@gmail.com Predrag Knezevic (Inactive)
              Votes:
              0 Vote for this issue
              Watchers:
              6 Start watching this issue

              Dates

                Created:
                Updated:
                Resolved: