From 83050d1eb1258c9b1c68ea491baa618dfc880d66 Mon Sep 17 00:00:00 2001 From: Morten Olsen Date: Mon, 28 Jul 2025 22:50:38 +0200 Subject: [PATCH] add deployments --- .dockerignore | 5 + .github/release-drafter-config.yml | 48 +++++++ .github/workflows/auto-labeler.yml | 21 +++ .github/workflows/main.yml | 125 ++++++++++++++++++ Dockerfile | 6 + chart/Chart.yaml | 6 + chart/templates/_helpers.tpl | 55 ++++++++ chart/templates/clusterrole.yaml | 14 ++ chart/templates/clusterrolebinding.yaml | 12 ++ chart/templates/deployment.yaml | 47 +++++++ chart/templates/serviceaccount.yaml | 12 ++ chart/values.yaml | 53 ++++++++ package.json | 3 +- src/crds/secrets/secrets.request.ts | 2 +- .../custom-resource.registry.ts | 1 - src/utils/service.ts | 3 - 16 files changed, 407 insertions(+), 6 deletions(-) create mode 100644 .dockerignore create mode 100644 .github/release-drafter-config.yml create mode 100644 .github/workflows/auto-labeler.yml create mode 100644 .github/workflows/main.yml create mode 100644 Dockerfile create mode 100644 chart/Chart.yaml create mode 100644 chart/templates/_helpers.tpl create mode 100644 chart/templates/clusterrole.yaml create mode 100644 chart/templates/clusterrolebinding.yaml create mode 100644 chart/templates/deployment.yaml create mode 100644 chart/templates/serviceaccount.yaml create mode 100644 chart/values.yaml diff --git a/.dockerignore b/.dockerignore new file mode 100644 index 0000000..7b63a99 --- /dev/null +++ b/.dockerignore @@ -0,0 +1,5 @@ +/node_modules/ +/.github/ +/.vscode/ +/chart/ +/.env \ No newline at end of file diff --git a/.github/release-drafter-config.yml b/.github/release-drafter-config.yml new file mode 100644 index 0000000..fc95d19 --- /dev/null +++ b/.github/release-drafter-config.yml @@ -0,0 +1,48 @@ +name-template: "$RESOLVED_VERSION 🌈" +tag-template: "$RESOLVED_VERSION" +categories: + - title: "🚀 Features" + labels: + - "feature" + - "enhancement" + - title: "🐛 Bug Fixes" + labels: + - "fix" + - "bugfix" + - "bug" + - title: "🧰 Maintenance" + label: "chore" +change-template: "- $TITLE @$AUTHOR (#$NUMBER)" +change-title-escapes: '\<*_&' # You can add # and @ to disable mentions, and add ` to disable code blocks. +version-resolver: + major: + labels: + - "major" + minor: + labels: + - "minor" + patch: + labels: + - "patch" + default: patch +autolabeler: + - label: "chore" + files: + - "*.md" + branch: + - '/docs{0,1}\/.+/' + - label: "bug" + branch: + - '/fix\/.+/' + title: + - "/fix/i" + - label: "enhancement" + branch: + - '/feature\/.+/' + - '/feat\/.+/' + title: + - "/feat:.+/" +template: | + ## Changes + + $CHANGES \ No newline at end of file diff --git a/.github/workflows/auto-labeler.yml b/.github/workflows/auto-labeler.yml new file mode 100644 index 0000000..03d5366 --- /dev/null +++ b/.github/workflows/auto-labeler.yml @@ -0,0 +1,21 @@ +name: Auto Labeler +on: + pull_request: + types: [opened, reopened, synchronize] + +permissions: + contents: read + +jobs: + auto-labeler: + permissions: + contents: write + pull-requests: write + runs-on: ubuntu-latest + steps: + - uses: release-drafter/release-drafter@v6 + with: + config-name: release-drafter-config.yml + disable-releaser: true + env: + GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} \ No newline at end of file diff --git a/.github/workflows/main.yml b/.github/workflows/main.yml new file mode 100644 index 0000000..60cdbe2 --- /dev/null +++ b/.github/workflows/main.yml @@ -0,0 +1,125 @@ +name: Build and release + +on: + push: + branches: + - main + pull_request: + types: + - opened + - synchronize + +env: + environment: test + release_channel: latest + DO_NOT_TRACK: "1" + NODE_VERSION: "23.x" + DOCKER_REGISTRY: ghcr.io + IMAGE_NAME: ${{ github.repository }} + PNPM_VERSION: 10.6.0 + +permissions: + contents: read + packages: read + +jobs: + build: + name: Build + runs-on: ubuntu-latest + steps: + - uses: actions/checkout@v4 + + - uses: actions/setup-node@v4 + with: + node-version: "${{ env.NODE_VERSION }}" + registry-url: "${{ env.NODE_REGISTRY }}" + + - uses: pnpm/action-setup@v4 + name: Install pnpm + with: + version: ${{ env.PNPM_VERSION }} + run_install: false + + - name: Get pnpm store directory + shell: bash + run: | + echo "STORE_PATH=$(pnpm store path --silent)" >> $GITHUB_ENV + + - uses: actions/cache@v4 + name: Setup pnpm cache + with: + path: ${{ env.STORE_PATH }} + key: ${{ runner.os }}-pnpm-store-${{ hashFiles('**/pnpm-lock.yaml') }} + restore-keys: | + ${{ runner.os }}-pnpm-store- + + - name: Install dependencies + run: pnpm install + env: + NODE_AUTH_TOKEN: ${{ secrets.NPM_TOKEN }} + + - name: Run tests + run: pnpm test + + update-release-draft: + name: Update release drafter + if: github.ref == 'refs/heads/main' + permissions: + contents: write + pull-requests: write + needs: build + environment: release + runs-on: ubuntu-latest + steps: + - uses: release-drafter/release-drafter@v6 + with: + config-name: release-drafter-config.yml + publish: true + env: + GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} + + release: + permissions: + contents: read + packages: write + attestations: write + id-token: write + pages: write + name: Release + if: github.ref == 'refs/heads/main' + runs-on: ubuntu-latest + needs: update-release-draft + environment: release + steps: + - uses: actions/checkout@v4 + with: + fetch-depth: 0 + + - name: Log in to the Container registry + uses: docker/login-action@65b78e6e13532edd9afa3aa52ac7964289d1a9c1 + with: + registry: ${{ env.DOCKER_REGISTRY }} + username: ${{ github.actor }} + password: ${{ secrets.GITHUB_TOKEN }} + + - name: Extract metadata (tags, labels) for Docker + id: meta + uses: docker/metadata-action@9ec57ed1fcdbf14dcef7dfbe97b2010124a938b7 + with: + images: ${{ env.DOCKER_REGISTRY }}/${{ env.IMAGE_NAME }} + + - name: Build and push Docker image + id: push + uses: docker/build-push-action@f2a1d5e99d037542a71f64918e516c093c6f3fc4 + with: + context: . + push: true + tags: ${{ steps.meta.outputs.tags }} + labels: ${{ steps.meta.outputs.labels }} + + - name: Generate artifact attestation + uses: actions/attest-build-provenance@v2 + with: + subject-name: ${{ env.DOCKER_REGISTRY }}/${{ env.IMAGE_NAME}} + subject-digest: ${{ steps.push.outputs.digest }} + push-to-registry: true \ No newline at end of file diff --git a/Dockerfile b/Dockerfile new file mode 100644 index 0000000..3f3e99c --- /dev/null +++ b/Dockerfile @@ -0,0 +1,6 @@ +FROM node:23-alpine +RUN corepack enable +COPY package.json pnpm-lock.yaml ./ +RUN pnpm install --frozen-lockfile --prod +COPY . . +CMD ["node", "src/index.ts"] \ No newline at end of file diff --git a/chart/Chart.yaml b/chart/Chart.yaml new file mode 100644 index 0000000..8112c70 --- /dev/null +++ b/chart/Chart.yaml @@ -0,0 +1,6 @@ +apiVersion: v2 +name: homelab-operator +description: A Helm chart for deploying the homelab-operator +type: application +version: 0.1.0 +appVersion: "1.0.0" # This is the version of the app being deployed diff --git a/chart/templates/_helpers.tpl b/chart/templates/_helpers.tpl new file mode 100644 index 0000000..57652c0 --- /dev/null +++ b/chart/templates/_helpers.tpl @@ -0,0 +1,55 @@ +{{/* +Expand the name of the chart. +*/}} +{{- define "homelab-operator.name" -}} +{{- default .Chart.Name .Values.nameOverride | trunc 63 | trimSuffix "-" }} +{{- end }} + +{{/* +Create a default fully qualified app name. +We truncate at 63 chars because some Kubernetes name fields are limited to this (by the DNS naming spec). +If release name contains chart name it will be used as a full name. +*/}} +{{- define "homelab-operator.fullname" -}} +{{- if .Values.fullnameOverride }} +{{- .Values.fullnameOverride | trunc 63 | trimSuffix "-" }} +{{- else }} +{{- $name := default .Chart.Name .Values.nameOverride }} +{{- if contains $name .Release.Name }} +{{- .Release.Name | trunc 63 | trimSuffix "-" }} +{{- else }} +{{- printf "%s-%s" .Release.Name $name | trunc 63 | trimSuffix "-" }} +{{- end }} +{{- end }} +{{- end }} + +{{/* +Create chart-level labels to be applied to every resource that comes from this chart. +*/}} +{{- define "homelab-operator.labels" -}} +helm.sh/chart: {{ include "homelab-operator.name" . }} +{{ include "homelab-operator.selectorLabels" . }} +{{- if .Chart.AppVersion }} +app.kubernetes.io/version: {{ .Chart.AppVersion | quote }} +{{- end }} +app.kubernetes.io/managed-by: {{ .Release.Service }} +{{- end }} + +{{/* +Selector labels +*/}} +{{- define "homelab-operator.selectorLabels" -}} +app.kubernetes.io/name: {{ include "homelab-operator.name" . }} +app.kubernetes.io/instance: {{ .Release.Name }} +{{- end }} + +{{/* +Create the name of the service account to use +*/}} +{{- define "homelab-operator.serviceAccountName" -}} +{{- if .Values.serviceAccount.create }} +{{- default (include "homelab-operator.fullname" .) .Values.serviceAccount.name }} +{{- else }} +{{- default "default" .Values.serviceAccount.name }} +{{- end }} +{{- end }} diff --git a/chart/templates/clusterrole.yaml b/chart/templates/clusterrole.yaml new file mode 100644 index 0000000..271ae62 --- /dev/null +++ b/chart/templates/clusterrole.yaml @@ -0,0 +1,14 @@ +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRole +metadata: + name: {{ include "homelab-operator.fullname" . }} +rules: +- apiGroups: [""] + resources: ["secrets"] + verbs: ["create", "get", "watch", "list"] +- apiGroups: ["*"] + resources: ["*"] + verbs: ["get", "watch", "list", "patch"] +- apiGroups: ["apiextensions.k8s.io"] + resources: ["customresourcedefinitions"] + verbs: ["get", "create", "replace"] diff --git a/chart/templates/clusterrolebinding.yaml b/chart/templates/clusterrolebinding.yaml new file mode 100644 index 0000000..636defe --- /dev/null +++ b/chart/templates/clusterrolebinding.yaml @@ -0,0 +1,12 @@ +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRoleBinding +metadata: + name: {{ include "homelab-operator.fullname" . }} +subjects: +- kind: ServiceAccount + name: {{ include "homelab-operator.serviceAccountName" . }} + namespace: {{ .Release.Namespace }} +roleRef: + kind: ClusterRole + name: {{ include "homelab-operator.fullname" . }} + apiGroup: rbac.authorization.k8s.io diff --git a/chart/templates/deployment.yaml b/chart/templates/deployment.yaml new file mode 100644 index 0000000..c44c51e --- /dev/null +++ b/chart/templates/deployment.yaml @@ -0,0 +1,47 @@ +apiVersion: apps/v1 +kind: Deployment +metadata: + name: {{ include "homelab-operator.fullname" . }} + labels: + {{- include "homelab-operator.labels" . | nindent 4 }} +spec: + replicas: 1 + selector: + matchLabels: + {{- include "homelab-operator.selectorLabels" . | nindent 6 }} + template: + metadata: + {{- with .Values.podAnnotations }} + annotations: + {{- toYaml . | nindent 8 }} + {{- end }} + labels: + {{- include "homelab-operator.selectorLabels" . | nindent 8 }} + spec: + {{- with .Values.imagePullSecrets }} + imagePullSecrets: + {{- toYaml . | nindent 8 }} + {{- end }} + serviceAccountName: {{ include "homelab-operator.serviceAccountName" . }} + securityContext: + {{- toYaml .Values.podSecurityContext | nindent 8 }} + containers: + - name: {{ .Chart.Name }} + securityContext: + {{- toYaml .Values.securityContext | nindent 12 }} + image: "{{ .Values.image.repository }}:{{ .Values.image.tag | default .Chart.AppVersion }}" + imagePullPolicy: {{ .Values.image.pullPolicy }} + resources: + {{- toYaml .Values.resources | nindent 12 }} + {{- with .Values.nodeSelector }} + nodeSelector: + {{- toYaml . | nindent 8 }} + {{- end }} + {{- with .Values.affinity }} + affinity: + {{- toYaml . | nindent 8 }} + {{- end }} + {{- with .Values.tolerations }} + tolerations: + {{- toYaml . | nindent 8 }} + {{- end }} diff --git a/chart/templates/serviceaccount.yaml b/chart/templates/serviceaccount.yaml new file mode 100644 index 0000000..313fd84 --- /dev/null +++ b/chart/templates/serviceaccount.yaml @@ -0,0 +1,12 @@ +{{- if .Values.serviceAccount.create -}} +apiVersion: v1 +kind: ServiceAccount +metadata: + name: {{ include "homelab-operator.serviceAccountName" . }} + labels: + {{- include "homelab-operator.labels" . | nindent 4 }} + {{- with .Values.serviceAccount.annotations }} + annotations: + {{- toYaml . | nindent 4 }} + {{- end }} +{{- end }} diff --git a/chart/values.yaml b/chart/values.yaml new file mode 100644 index 0000000..f14bf5e --- /dev/null +++ b/chart/values.yaml @@ -0,0 +1,53 @@ +# Default values for homelab-operator. +# This is a YAML-formatted file. +# Declare variables to be passed into your templates. + +image: + repository: ghcr.io/morten-olsen/homelab-operator + pullPolicy: IfNotPresent + # Overrides the image tag whose default is the chart appVersion. + tag: "" + +imagePullSecrets: [] +nameOverride: "" +fullnameOverride: "" + +serviceAccount: + # Specifies whether a service account should be created + create: true + # Annotations to add to the service account + annotations: {} + # The name of the service account to use. + # If not set and create is true, a name is generated using the fullname template + name: "" + +podAnnotations: {} + +podSecurityContext: {} + # fsGroup: 2000 + +securityContext: {} + # capabilities: + # drop: + # - ALL + # readOnlyRootFilesystem: true + # runAsNonRoot: true + # runAsUser: 1000 + +resources: {} + # We usually recommend not to specify default resources and to leave this as a conscious + # choice for the user. This also increases chances charts run on environments with little + # resources, such as Minikube. If you do want to specify resources, uncomment the following + # lines, adjust them as necessary, and remove the curly braces after 'resources:'. + # limits: + # cpu: 100m + # memory: 128Mi + # requests: + # cpu: 100m + # memory: 128Mi + +nodeSelector: {} + +tolerations: [] + +affinity: {} diff --git a/package.json b/package.json index 593bd44..8ca67d8 100644 --- a/package.json +++ b/package.json @@ -27,13 +27,14 @@ "pg": "^8.16.3", "sqlite3": "^5.1.7" }, - "packageManager": "pnpm@10.6.0+sha512.df0136e797db0cfa7ec1084e77f3bdf81bacbae9066832fbf95cba4c2140ad05e64f316cde51ce3f99ea00a91ffc702d6aedd3c0f450f895e3e7c052fe573cd8", + "packageManager": "pnpm@10.6.0", "pnpm": { "onlyBuiltDependencies": [ "sqlite3" ] }, "scripts": { + "test": "echo 'No tests'", "test:lint": "eslint" } } diff --git a/src/crds/secrets/secrets.request.ts b/src/crds/secrets/secrets.request.ts index f2d2f3f..15ea538 100644 --- a/src/crds/secrets/secrets.request.ts +++ b/src/crds/secrets/secrets.request.ts @@ -51,7 +51,7 @@ class SecretRequest extends CustomResource { } } if (current) { - console.log('secret already exists', current); + services.log.debug('secret already exists', { current }); // TODO: Add update logic return; } diff --git a/src/custom-resource/custom-resource.registry.ts b/src/custom-resource/custom-resource.registry.ts index 543c5b2..bb73535 100644 --- a/src/custom-resource/custom-resource.registry.ts +++ b/src/custom-resource/custom-resource.registry.ts @@ -51,7 +51,6 @@ class CustomResourceRegistry { }; #onResourceEvent = async (type: string, obj: any) => { - console.log(type, this.kinds); const { kind } = obj; const crd = this.getByKind(kind); if (!crd) { diff --git a/src/utils/service.ts b/src/utils/service.ts index c0439e2..e624d12 100644 --- a/src/utils/service.ts +++ b/src/utils/service.ts @@ -4,9 +4,6 @@ type Dependency = new (services: Services) => T; class Services { #instances = new Map, unknown>(); - constructor() { - console.log('Constructor', 'bar'); - } public get log() { return this.get(LogService);