Curl commands on helm chart install/upgrade

🐤🥇 Jasper de Jager — Sat, 27 Feb 2021 21:51:50 +0000

Deploying an app with Helm and Kubernetes is great but making it possible to fire a confetti cannon (or anything else you want to do with a curl call) when deploying the app is even better!

The challenge

Perform a curl call on every install/update of a helm chart.

The tools

Kubernetes, Helm, Confetti cannon (optional)

Aaand go!

Ok, we’re not actually going to fire a confetti cannon, disappointing I know and I'm sorry. The actual use case is making a CURL call when a Helm chart gets deployed.

Kubernetes

In order to get this to work some sort of container must be deployed alongside the rest of the chart and after some research I ended up with the curlimages/curl container.

Now it’s time to create the Kubernetes workload. After a quick scan of the workloads of Kubernetes the job workload is definitely the way to go here. So the setup so far becomes:

apiVersion: batch/v1
kind: Job
metadata:
  name: job-curl-confetti
spec:
  template:
    spec:
      restartPolicy: OnFailure
      containers:
        - name: job-curl-confetti
          image: curlimages/curl
          command: [ 'sh', '-c']
          args: <curl command here>

This is a fine way to start the job and perform a CURL call but there are still some issues to tackle like cleaning up the job when it is done and running the job on an upgrade.

Helm

This is where Helm comes into action. Helm has a cool option for exactly the issues we're currently running in to named chart hooks. These hooks can be used to deploy certain Kubernetes workloads and also come with a hook-deletion-policy which can be extremely useful.

In this case we're going to use the post-install and post-upgrade hooks because we want our Job to run immediately after an install or upgrade. This is achieved by the following changes to the job:

#apiVersion: batch/v1
#kind: Job
metadata:
#  name: job-curl-confetti
  annotations:
    "helm.sh/hook": post-install,post-upgrade
    "helm.sh/hook-delete-policy": before-hook-creation
#spec:
#  template:
#    spec:
#      restartPolicy: OnFailure
#      containers:
#        - name: job-curl-confetti
#          image: curlimages/curl
#          command: [ 'sh', '-c']
#          args: <curl command here>

Developer joy (optional)

Not really optional if you love the job

Everything works! But why stop here, why not try to make the chart more accessible for other developers (secretly making it easier to implement the confetti cannon after all). Helm is the right tool for this, let’s make Helm read all files in a directory and create a CURL job executing the curl call in each one of them.

I'm not going into detail about the implementation of this, that is something for a next blogpost about Helm, but this is the code I eventually ended up with.

{{- range $path, $bytes := .Files.Glob "jobs/curl/**" }}
{{- $name := base (dir $path) }}
apiVersion: batch/v1
kind: Job
metadata:
  name: job-curl-{{$name}}
  annotations:
    "helm.sh/hook": post-install,post-upgrade
    "helm.sh/hook-delete-policy": before-hook-creation
spec:
  template:
    spec:
      restartPolicy: OnFailure
      containers:
        - name: job-curl-{{$name}}
          image: curlimages/curl
          command: [ 'sh', '-c']
          args:
            - |-
{{ tpl ($.Files.Get $path) $ | indent  14 }}
---
{{- end }}

This helm templates takes all the files in the jobs/curl folder and generates a job for each of them using the helm tpl function so variables form the values file can be used inside the curl call.

I'm actually pretty proud of it and love the extra mile I put into it. Please let me know what you think!

Get changed files in github actions

Kars Barendrecht — Wed, 24 Feb 2021 12:22:40 +0000

In the search of a proper way to lint our pull request (changes only). I came across some Github Actions that all require you to share your Github token. With some knowledge of git I immediately thought, why not solve this with git diff and some shell commands, thus without the use of a Github token. Git is present by default in the action containers anyway. Eventually I came up with the following solution. All this requires is a checkout of the codebase, with a step provided by github itself: actions/checkout@v2.

Get the commit-sha's to compare

In order to get the commit sha that the pull request was based off, we can use the Github's context, available in all actions. Here we have acces to github.event.pull_request.base.sha and github.sha.

Only include files that are still present

To only get the files that are changed and still present we can add the argument --diff-filter=ACMRT. This will only return files that are added, copied, modified, renamed or changed. In order to get the filenames only we also add --name-only.

Remove newlines

In order to get the output in a single line, without newlines, we can pipe the output to xargs: COMMAND | xargs.

Filter by filetype (optional)

To get changed files grouped by filetype we can also pipe grep using a regex as such: COMMAND | grep .ts$.

The finished command

Combining these arguments, we get something like this:
git diff --name-only --diff-filter=ACMRT ${{ github.event.pull_request.base.sha }} ${{ github.sha }} | grep .css$ | xargs.

Using the changed files in an actions workflow

To be able to use the files in another job, we have to use outputs. Here is a full workflow example.

jobs:
  changedfiles:
    runs-on: ubuntu-latest
    # Map a step output to a job output
    outputs:
      all: ${{ steps.changes.outputs.all}}
      ts: ${{ steps.changes.outputs.ts }}
    steps:
        # Make sure we have some code to diff.
      - name: Checkout repository
        uses: actions/checkout@v2
      - name: Get changed files
        id: changes
        # Set outputs using the command.
        run: |
          echo "::set-output name=all::$(git diff --name-only --diff-filter=ACMRT ${{ github.event.pull_request.base.sha }} ${{ github.sha }} | xargs)"
          echo "::set-output name=ts::$(git diff --name-only --diff-filter=ACMRT ${{ github.event.pull_request.base.sha }} ${{ github.sha }} | grep .ts$ | xargs)"
  lint:
    runs-on: ubuntu-latest
    # require the first job to have ran
    needs: changedfiles
    # only run there are changed files
    if: ${{needs.changedfiles.outputs.ts}}
    steps:
      - name: echo changed files
        run: echo ${{needs.changedfiles.outputs.ts}}

DEV Community: Scienta