mirror of
https://github.com/MAKS-IT-COM/maksit-certs-ui.git
synced 2026-05-16 12:58:11 +02:00
181 lines
7.2 KiB
PowerShell
181 lines
7.2 KiB
PowerShell
#requires -Version 7.0
|
|
#requires -PSEdition Core
|
|
|
|
<#
|
|
.SYNOPSIS
|
|
Package a Helm chart and push it to an OCI registry.
|
|
|
|
.DESCRIPTION
|
|
The chart in the repo should keep placeholder version and appVersion (e.g. 0.0.0); this plugin
|
|
overwrites them with the bare semver from shared context (DotNetReleaseVersion / shared.version,
|
|
e.g. 3.3.4 — no leading v), falling back to stripping v/V from shared.tag if version is missing,
|
|
then runs helm package and helm push, then restores Chart.yaml.
|
|
|
|
Optional pushLatest (default false when omitted): when true, after the versioned push, copies the chart
|
|
to a :latest tag in the same OCI repository using the oras CLI (https://oras.land). Requires oras on PATH.
|
|
#>
|
|
|
|
if (-not (Get-Command Import-PluginDependency -ErrorAction SilentlyContinue)) {
|
|
$pluginSupportModulePath = Join-Path (Split-Path $PSScriptRoot -Parent) "PluginSupport.psm1"
|
|
if (Test-Path $pluginSupportModulePath -PathType Leaf) {
|
|
Import-Module $pluginSupportModulePath -Force -Global -ErrorAction Stop
|
|
}
|
|
}
|
|
|
|
function Get-RegistryCredentialsFromEnv {
|
|
param(
|
|
[Parameter(Mandatory = $true)]
|
|
[string]$EnvVarName
|
|
)
|
|
|
|
$raw = [Environment]::GetEnvironmentVariable($EnvVarName)
|
|
if ([string]::IsNullOrWhiteSpace($raw)) {
|
|
throw "Environment variable '$EnvVarName' is not set."
|
|
}
|
|
|
|
try {
|
|
$decoded = [Text.Encoding]::UTF8.GetString([Convert]::FromBase64String($raw))
|
|
}
|
|
catch {
|
|
throw "Failed to decode '$EnvVarName' as Base64 (expected base64('username:password')): $($_.Exception.Message)"
|
|
}
|
|
|
|
$parts = $decoded -split ':', 2
|
|
if ($parts.Count -ne 2 -or [string]::IsNullOrWhiteSpace($parts[0]) -or [string]::IsNullOrWhiteSpace($parts[1])) {
|
|
throw "Decoded '$EnvVarName' must be in the form 'username:password'."
|
|
}
|
|
|
|
return @{ User = $parts[0]; Password = $parts[1] }
|
|
}
|
|
|
|
function Invoke-Plugin {
|
|
param(
|
|
[Parameter(Mandatory = $true)]
|
|
$Settings
|
|
)
|
|
|
|
Import-PluginDependency -ModuleName "Logging" -RequiredCommand "Write-Log"
|
|
Import-PluginDependency -ModuleName "ScriptConfig" -RequiredCommand "Assert-Command"
|
|
|
|
$pluginSettings = $Settings
|
|
$shared = $Settings.context
|
|
|
|
Assert-Command helm
|
|
|
|
$pushLatest = if ($null -ne $pluginSettings.pushLatest) { [bool]$pluginSettings.pushLatest } else { $false }
|
|
|
|
if ([string]::IsNullOrWhiteSpace($pluginSettings.chartPath)) {
|
|
throw "HelmPush plugin requires 'chartPath' (chart directory, relative to Release-Package folder)."
|
|
}
|
|
|
|
if ([string]::IsNullOrWhiteSpace($pluginSettings.ociRepository)) {
|
|
throw "HelmPush plugin requires 'ociRepository' (e.g. oci://cr.maks-it.com/charts)."
|
|
}
|
|
|
|
if ([string]::IsNullOrWhiteSpace($pluginSettings.credentialsEnvVar)) {
|
|
throw "HelmPush plugin requires 'credentialsEnvVar' (name of env var holding base64 username:password)."
|
|
}
|
|
|
|
$scriptDir = $shared.ScriptDir
|
|
$chartDir = [System.IO.Path]::GetFullPath((Join-Path $scriptDir ([string]$pluginSettings.chartPath)))
|
|
$chartYaml = Join-Path $chartDir 'Chart.yaml'
|
|
|
|
if (-not (Test-Path $chartYaml -PathType Leaf)) {
|
|
throw "Chart.yaml not found at: $chartYaml"
|
|
}
|
|
|
|
$chartVersion = $null
|
|
if ($shared.PSObject.Properties.Name -contains 'version' -and -not [string]::IsNullOrWhiteSpace([string]$shared.version)) {
|
|
$chartVersion = ([string]$shared.version).Trim() -replace '^[vV]', ''
|
|
}
|
|
if ([string]::IsNullOrWhiteSpace($chartVersion) -and $shared.PSObject.Properties.Name -contains 'tag') {
|
|
$chartVersion = ([string]$shared.tag).Trim() -replace '^[vV]', ''
|
|
}
|
|
if ([string]::IsNullOrWhiteSpace($chartVersion)) {
|
|
throw "Could not derive chart version: need shared.version (DotNetReleaseVersion) or shared.tag (e.g. v3.3.4)."
|
|
}
|
|
|
|
$creds = Get-RegistryCredentialsFromEnv -EnvVarName ([string]$pluginSettings.credentialsEnvVar)
|
|
$ociRepository = [string]$pluginSettings.ociRepository.TrimEnd('/')
|
|
|
|
$chartNameLine = Select-String -LiteralPath $chartYaml -Pattern '^\s*name:\s*(.+)\s*$' | Select-Object -First 1
|
|
if (-not $chartNameLine -or $chartNameLine.Matches.Count -lt 1) {
|
|
throw "Could not read chart name from Chart.yaml."
|
|
}
|
|
$chartName = $chartNameLine.Matches[0].Groups[1].Value.Trim()
|
|
|
|
$backupPath = "$chartYaml.bak"
|
|
Copy-Item -LiteralPath $chartYaml -Destination $backupPath -Force
|
|
|
|
try {
|
|
$content = Get-Content -LiteralPath $chartYaml -Raw
|
|
$content = $content `
|
|
-replace '(?m)^\s*version:\s*.*$', "version: $chartVersion" `
|
|
-replace '(?m)^\s*appVersion:\s*.*$', "appVersion: `"$chartVersion`""
|
|
Set-Content -LiteralPath $chartYaml -Value $content
|
|
|
|
Write-Log -Level "STEP" -Message "Linting Helm chart at $chartDir ..."
|
|
helm lint $chartDir
|
|
if ($LASTEXITCODE -ne 0) {
|
|
throw "helm lint failed."
|
|
}
|
|
|
|
$packageDest = $scriptDir
|
|
Write-Log -Level "STEP" -Message "Packaging Helm chart..."
|
|
$packageOutput = helm package $chartDir --destination $packageDest 2>&1 | Out-String
|
|
if ($LASTEXITCODE -ne 0) {
|
|
throw "helm package failed. Output: $packageOutput"
|
|
}
|
|
|
|
$chartPackage = Join-Path $packageDest "$chartName-$chartVersion.tgz"
|
|
if (-not (Test-Path -LiteralPath $chartPackage -PathType Leaf)) {
|
|
throw "Expected chart package not found: $chartPackage (helm output: $packageOutput)"
|
|
}
|
|
|
|
Write-Log -Level "STEP" -Message "Pushing $chartPackage to $ociRepository ..."
|
|
helm push $chartPackage $ociRepository --username $creds.User --password $creds.Password
|
|
if ($LASTEXITCODE -ne 0) {
|
|
throw "helm push failed."
|
|
}
|
|
|
|
if ($pushLatest) {
|
|
Assert-Command oras
|
|
if ($ociRepository -notmatch '^oci://([^/]+)') {
|
|
throw "Could not parse registry host from ociRepository: $ociRepository"
|
|
}
|
|
$registryHost = $Matches[1]
|
|
$baseRef = "$($ociRepository.TrimEnd('/'))/$chartName"
|
|
$srcRef = "${baseRef}:$chartVersion"
|
|
$dstRef = "${baseRef}:latest"
|
|
|
|
Write-Log -Level "STEP" -Message "Tagging chart as latest (oras copy)..."
|
|
Write-Log -Level "INFO" -Message " $srcRef -> $dstRef"
|
|
|
|
$loginOut = $creds.Password | & oras login $registryHost -u $creds.User --password-stdin 2>&1
|
|
if ($LASTEXITCODE -ne 0) {
|
|
throw "oras login failed for ${registryHost}: $loginOut"
|
|
}
|
|
|
|
$copyOut = & oras copy $srcRef $dstRef 2>&1
|
|
if ($LASTEXITCODE -ne 0) {
|
|
throw "oras copy failed: $copyOut"
|
|
}
|
|
|
|
& oras logout $registryHost 2>&1 | Out-Null
|
|
Write-Log -Level "OK" -Message " Chart latest tag pushed."
|
|
}
|
|
|
|
Remove-Item -LiteralPath $chartPackage -Force -ErrorAction SilentlyContinue
|
|
Write-Log -Level "OK" -Message " Helm chart push completed."
|
|
}
|
|
finally {
|
|
if (Test-Path -LiteralPath $backupPath -PathType Leaf) {
|
|
Move-Item -LiteralPath $backupPath -Destination $chartYaml -Force
|
|
}
|
|
}
|
|
|
|
$shared | Add-Member -NotePropertyName publishCompleted -NotePropertyValue $true -Force
|
|
}
|
|
|
|
Export-ModuleMember -Function Invoke-Plugin
|