From eb88005b164348453c7f4f8945e68c418370f9bf Mon Sep 17 00:00:00 2001 From: michalby24 Date: Mon, 17 Nov 2025 07:51:32 +0200 Subject: [PATCH 1/8] feat(ci): add init action --- actions/validate-domain/README.md | 42 +++++++++++++++++++++++++ actions/validate-domain/action.yaml | 49 +++++++++++++++++++++++++++++ 2 files changed, 91 insertions(+) create mode 100644 actions/validate-domain/README.md create mode 100644 actions/validate-domain/action.yaml diff --git a/actions/validate-domain/README.md b/actions/validate-domain/README.md new file mode 100644 index 0000000..265fd5f --- /dev/null +++ b/actions/validate-domain/README.md @@ -0,0 +1,42 @@ +# validate-domain + +Validate that a Helm Chart (`Chart.yaml`) contains an `annotations.domain` value and that it matches one of the allowed domains. + +## Inputs + +- `chart-file` (optional): Path to the `Chart.yaml` to validate. Default: `helm/Chart.yaml`. +- `allowed-domains` (optional): Space-separated list of allowed domain values. Default: `raster vector infra 3d app dem common`. + +## Usage + +```yaml +name: Validate Helm domain annotation + +on: + pull_request: + +jobs: + validate: + runs-on: ubuntu-latest + steps: + - name: Check out repository + uses: actions/checkout@v5 + + - name: Validate Helm annotations.domain + uses: MapColonies/shared-workflows/actions/validate-domain@v1 + with: + # Optional overrides + # chart-file: helm/Chart.yaml + # allowed-domains: "raster vector infra 3d app dem common" +``` + +## Behavior + +- Fails the job if `.annotations.domain` is missing or equals `null`. +- Fails the job if `.annotations.domain` is not one of the allowed domains. +- Prints a GitHub Actions error annotation pointing to the `Chart.yaml` file on failure. + +## Notes + +- Ensure the repository is checked out before using this action (use `actions/checkout`). +- This action uses `mikefarah/yq` to read the YAML field. diff --git a/actions/validate-domain/action.yaml b/actions/validate-domain/action.yaml new file mode 100644 index 0000000..e98dd3a --- /dev/null +++ b/actions/validate-domain/action.yaml @@ -0,0 +1,49 @@ +name: validate-domain +description: "Validate that helm/Chart.yaml contains annotations.domain with an allowed value" + +inputs: + chart-file: + description: "Path to Chart.yaml" + required: false + default: "helm/Chart.yaml" + allowed-domains: + description: "Space-separated list of allowed domain values" + required: false + default: "raster vector infra 3d app dem common" + +runs: + using: composite + steps: + - name: Read domain annotation from Chart.yaml + id: get_domain + uses: mikefarah/yq@v4.44.1 + with: + cmd: yq e '.annotations.domain // "null"' "${{ inputs.chart-file }}" + + - name: Validate domain value + shell: bash + run: | + chart_file="${{ inputs.chart-file }}" + domain="${{ steps.get_domain.outputs.result }}" + # Convert space/comma/semicolon/pipe separated list to array + IFS=' ,;|' read -r -a allowed <<< "${{ inputs.allowed-domains }}" + + if [ -z "${domain}" ] || [ "${domain}" = "null" ]; then + echo "::error file=${chart_file}::annotations.domain is missing under .annotations in Chart.yaml" + exit 1 + fi + + match=false + for v in "${allowed[@]}"; do + if [ "${domain}" = "${v}" ]; then + match=true + break + fi + done + + if [ "${match}" = false ]; then + echo "::error file=${chart_file}::annotations.domain ('${domain}') must be one of: ${allowed[*]}" + exit 1 + fi + + echo "annotations.domain is valid." From 233ad82a501cd91ae56512bc04d2fd0298781d1e Mon Sep 17 00:00:00 2001 From: michsi24 Date: Mon, 17 Nov 2025 08:48:17 +0200 Subject: [PATCH 2/8] feat: add test workflow for validating domain action --- .github/workflows/test-validate-domain.yml | 18 ++++++++++ actions/validate-domain/action.yaml | 42 ++++++++-------------- 2 files changed, 33 insertions(+), 27 deletions(-) create mode 100644 .github/workflows/test-validate-domain.yml diff --git a/.github/workflows/test-validate-domain.yml b/.github/workflows/test-validate-domain.yml new file mode 100644 index 0000000..6067dd1 --- /dev/null +++ b/.github/workflows/test-validate-domain.yml @@ -0,0 +1,18 @@ +name: test-validate-domain + +on: + pull_request: + workflow_dispatch: + +jobs: + validate: + name: Validate composite action + runs-on: ubuntu-latest + steps: + - name: Checkout + uses: actions/checkout@v4 + + - name: Test validate domain action + uses: ./actions/validate-domain + with: + chart-file: test/helm/Chart.yaml diff --git a/actions/validate-domain/action.yaml b/actions/validate-domain/action.yaml index e98dd3a..a523207 100644 --- a/actions/validate-domain/action.yaml +++ b/actions/validate-domain/action.yaml @@ -7,9 +7,16 @@ inputs: required: false default: "helm/Chart.yaml" allowed-domains: - description: "Space-separated list of allowed domain values" + description: "List of allowed domain values" required: false - default: "raster vector infra 3d app dem common" + default: | + - raster + - vector + - infra + - 3d + - app + - dem + - common runs: using: composite @@ -18,32 +25,13 @@ runs: id: get_domain uses: mikefarah/yq@v4.44.1 with: - cmd: yq e '.annotations.domain // "null"' "${{ inputs.chart-file }}" + cmd: yq e '.annotations.domain' "${{ inputs.chart-file }}" - - name: Validate domain value + - name: Validate domain shell: bash run: | - chart_file="${{ inputs.chart-file }}" - domain="${{ steps.get_domain.outputs.result }}" - # Convert space/comma/semicolon/pipe separated list to array - IFS=' ,;|' read -r -a allowed <<< "${{ inputs.allowed-domains }}" + DOMAIN="${{ steps.get_domain.outputs.result }}" + allowed=(${{ toJson(inputs.allowed-domains) }}) - if [ -z "${domain}" ] || [ "${domain}" = "null" ]; then - echo "::error file=${chart_file}::annotations.domain is missing under .annotations in Chart.yaml" - exit 1 - fi - - match=false - for v in "${allowed[@]}"; do - if [ "${domain}" = "${v}" ]; then - match=true - break - fi - done - - if [ "${match}" = false ]; then - echo "::error file=${chart_file}::annotations.domain ('${domain}') must be one of: ${allowed[*]}" - exit 1 - fi - - echo "annotations.domain is valid." + printf "%s\n" "${allowed[@]}" | grep -qx "$DOMAIN" \ + || { echo "Invalid domain: $DOMAIN"; exit 1; } From 22452043ad26f4ef7457729cd5fa7281e5eefd47 Mon Sep 17 00:00:00 2001 From: michsi24 Date: Mon, 17 Nov 2025 09:11:07 +0200 Subject: [PATCH 3/8] feat: add validation workflow for Helm chart domain annotation --- ...e-domain.yml => test-validate-domain.yaml} | 1 - actions/validate-domain/README.md | 45 ++++++------------- actions/validate-domain/action.yaml | 17 +++---- test/helm/Chart.yaml | 2 + 4 files changed, 22 insertions(+), 43 deletions(-) rename .github/workflows/{test-validate-domain.yml => test-validate-domain.yaml} (94%) diff --git a/.github/workflows/test-validate-domain.yml b/.github/workflows/test-validate-domain.yaml similarity index 94% rename from .github/workflows/test-validate-domain.yml rename to .github/workflows/test-validate-domain.yaml index 6067dd1..3c0e322 100644 --- a/.github/workflows/test-validate-domain.yml +++ b/.github/workflows/test-validate-domain.yaml @@ -2,7 +2,6 @@ name: test-validate-domain on: pull_request: - workflow_dispatch: jobs: validate: diff --git a/actions/validate-domain/README.md b/actions/validate-domain/README.md index 265fd5f..b0cca69 100644 --- a/actions/validate-domain/README.md +++ b/actions/validate-domain/README.md @@ -1,42 +1,25 @@ # validate-domain -Validate that a Helm Chart (`Chart.yaml`) contains an `annotations.domain` value and that it matches one of the allowed domains. +Validate that a Helm chart (`Chart.yaml`) contains an `annotations.domain` value that is one of a configured set of allowed domains. -## Inputs +## ✨ What It Does -- `chart-file` (optional): Path to the `Chart.yaml` to validate. Default: `helm/Chart.yaml`. -- `allowed-domains` (optional): Space-separated list of allowed domain values. Default: `raster vector infra 3d app dem common`. +The action: +- Reads `.annotations.domain` from the chart using `yq`. +- Splits the `allowed-domains` input on commas only. +- Fails the job if the domain value is not an exact match for one of the allowed items. -## Usage +## Inputs -```yaml -name: Validate Helm domain annotation +| Name | Required | Default | Description | +|------|----------|---------|-------------| +| `chart-file` | no | `helm/Chart.yaml` | Path to the Helm chart file whose `annotations.domain` will be validated. | +| `allowed-domains` | no | `raster,vector,infra,3d,app,dem,common` | Comma-separated list of allowed domain values. | -on: - pull_request: -jobs: - validate: - runs-on: ubuntu-latest - steps: - - name: Check out repository - uses: actions/checkout@v5 +## 🚀 Usage - - name: Validate Helm annotations.domain +```yaml + - name: Validate with custom domains uses: MapColonies/shared-workflows/actions/validate-domain@v1 - with: - # Optional overrides - # chart-file: helm/Chart.yaml - # allowed-domains: "raster vector infra 3d app dem common" ``` - -## Behavior - -- Fails the job if `.annotations.domain` is missing or equals `null`. -- Fails the job if `.annotations.domain` is not one of the allowed domains. -- Prints a GitHub Actions error annotation pointing to the `Chart.yaml` file on failure. - -## Notes - -- Ensure the repository is checked out before using this action (use `actions/checkout`). -- This action uses `mikefarah/yq` to read the YAML field. diff --git a/actions/validate-domain/action.yaml b/actions/validate-domain/action.yaml index a523207..8408383 100644 --- a/actions/validate-domain/action.yaml +++ b/actions/validate-domain/action.yaml @@ -9,14 +9,7 @@ inputs: allowed-domains: description: "List of allowed domain values" required: false - default: | - - raster - - vector - - infra - - 3d - - app - - dem - - common + default: "raster,vector,infra,3d,app,dem,common" runs: using: composite @@ -31,7 +24,9 @@ runs: shell: bash run: | DOMAIN="${{ steps.get_domain.outputs.result }}" - allowed=(${{ toJson(inputs.allowed-domains) }}) + IFS=',' read -ra ALLOWED <<< "${{ inputs.allowed-domains }}" - printf "%s\n" "${allowed[@]}" | grep -qx "$DOMAIN" \ - || { echo "Invalid domain: $DOMAIN"; exit 1; } + if ! printf "%s\n" "${ALLOWED[@]}" | grep -qx "$DOMAIN"; then + echo "Invalid domain: $DOMAIN" + exit 1 + fi diff --git a/test/helm/Chart.yaml b/test/helm/Chart.yaml index 93afb8d..870366a 100644 --- a/test/helm/Chart.yaml +++ b/test/helm/Chart.yaml @@ -1,5 +1,7 @@ apiVersion: v2 name: hello-world-chart +annotations: + domain: common description: A Helm chart for Kubernetes type: application version: 6.0.0 From b393c076a0b17f541c013523fdd5429468ceb346 Mon Sep 17 00:00:00 2001 From: michalby24 <55047068+michalby24@users.noreply.github.com> Date: Mon, 17 Nov 2025 09:57:05 +0200 Subject: [PATCH 4/8] Update actions/validate-domain/README.md Co-authored-by: Netanel Cohen <34451523+netanelC@users.noreply.github.com> --- actions/validate-domain/README.md | 4 +--- 1 file changed, 1 insertion(+), 3 deletions(-) diff --git a/actions/validate-domain/README.md b/actions/validate-domain/README.md index b0cca69..c5f9822 100644 --- a/actions/validate-domain/README.md +++ b/actions/validate-domain/README.md @@ -5,9 +5,7 @@ Validate that a Helm chart (`Chart.yaml`) contains an `annotations.domain` value ## ✨ What It Does The action: -- Reads `.annotations.domain` from the chart using `yq`. -- Splits the `allowed-domains` input on commas only. -- Fails the job if the domain value is not an exact match for one of the allowed items. +Checks if the `Chart.yaml` has the "domain" annotation and validates that the domain is in the domains list ## Inputs From 1f9eb5ded8589cb9d18714b7f6f1280bb9400248 Mon Sep 17 00:00:00 2001 From: michalby24 <55047068+michalby24@users.noreply.github.com> Date: Mon, 17 Nov 2025 09:57:12 +0200 Subject: [PATCH 5/8] Update .github/workflows/test-validate-domain.yaml Co-authored-by: Netanel Cohen <34451523+netanelC@users.noreply.github.com> --- .github/workflows/test-validate-domain.yaml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/workflows/test-validate-domain.yaml b/.github/workflows/test-validate-domain.yaml index 3c0e322..0668d0a 100644 --- a/.github/workflows/test-validate-domain.yaml +++ b/.github/workflows/test-validate-domain.yaml @@ -4,7 +4,7 @@ on: pull_request: jobs: - validate: + validate-domain: name: Validate composite action runs-on: ubuntu-latest steps: From ac8bba5d3451761f21a9f6909b4a5495ad73e7a4 Mon Sep 17 00:00:00 2001 From: michsi24 Date: Mon, 17 Nov 2025 09:59:02 +0200 Subject: [PATCH 6/8] feat: add validate-domain action configuration to release-please --- release-please-config.json | 5 +++++ 1 file changed, 5 insertions(+) diff --git a/release-please-config.json b/release-please-config.json index 64e155e..9cf2773 100644 --- a/release-please-config.json +++ b/release-please-config.json @@ -68,6 +68,11 @@ "release-type": "simple", "package-name": "init-npm", "extra-files": ["README.md"] + }, + "actions/validate-domain": { + "release-type": "simple", + "package-name": "validate-domain", + "extra-files": ["README.md"] } } } From 99c62afddae514a78f5d01a0367c44417de9e87a Mon Sep 17 00:00:00 2001 From: michsi24 Date: Mon, 17 Nov 2025 10:57:50 +0200 Subject: [PATCH 7/8] fix: update validate-domain action to remove allowed-domains input and use constant list --- .github/workflows/test-validate-domain.yaml | 9 +++++---- actions/validate-domain/README.md | 11 +++++++++-- actions/validate-domain/action.yaml | 10 ++++------ 3 files changed, 18 insertions(+), 12 deletions(-) diff --git a/.github/workflows/test-validate-domain.yaml b/.github/workflows/test-validate-domain.yaml index 0668d0a..f17fb7f 100644 --- a/.github/workflows/test-validate-domain.yaml +++ b/.github/workflows/test-validate-domain.yaml @@ -2,14 +2,15 @@ name: test-validate-domain on: pull_request: - + paths: + - "actions/validate-domain/**" + jobs: validate-domain: - name: Validate composite action runs-on: ubuntu-latest steps: - - name: Checkout - uses: actions/checkout@v4 + - name: Checkout code + uses: actions/checkout@v5 - name: Test validate domain action uses: ./actions/validate-domain diff --git a/actions/validate-domain/README.md b/actions/validate-domain/README.md index c5f9822..b546e2b 100644 --- a/actions/validate-domain/README.md +++ b/actions/validate-domain/README.md @@ -12,12 +12,19 @@ Checks if the `Chart.yaml` has the "domain" annotation and validates that the do | Name | Required | Default | Description | |------|----------|---------|-------------| | `chart-file` | no | `helm/Chart.yaml` | Path to the Helm chart file whose `annotations.domain` will be validated. | -| `allowed-domains` | no | `raster,vector,infra,3d,app,dem,common` | Comma-separated list of allowed domain values. | + +The set of allowed domains is constant (not configurable): + +``` +raster, vector, infra, 3d, app, dem, common +``` + +If you need to change or extend this list, update the action source or open a PR. ## 🚀 Usage ```yaml - - name: Validate with custom domains + - name: Validate domain uses: MapColonies/shared-workflows/actions/validate-domain@v1 ``` diff --git a/actions/validate-domain/action.yaml b/actions/validate-domain/action.yaml index 8408383..9c927fd 100644 --- a/actions/validate-domain/action.yaml +++ b/actions/validate-domain/action.yaml @@ -6,25 +6,23 @@ inputs: description: "Path to Chart.yaml" required: false default: "helm/Chart.yaml" - allowed-domains: - description: "List of allowed domain values" - required: false - default: "raster,vector,infra,3d,app,dem,common" runs: using: composite steps: - name: Read domain annotation from Chart.yaml id: get_domain - uses: mikefarah/yq@v4.44.1 + uses: mikefarah/yq@v4.48.2 with: cmd: yq e '.annotations.domain' "${{ inputs.chart-file }}" - name: Validate domain + env: + ALLOWED_DOMAINS: "raster,vector,infra,3d,app,dem,common" shell: bash run: | DOMAIN="${{ steps.get_domain.outputs.result }}" - IFS=',' read -ra ALLOWED <<< "${{ inputs.allowed-domains }}" + IFS=',' read -ra ALLOWED <<< "${{ env.ALLOWED_DOMAINS }}" if ! printf "%s\n" "${ALLOWED[@]}" | grep -qx "$DOMAIN"; then echo "Invalid domain: $DOMAIN" From d086d52c2b2b5ff7622119c29f5970c2b079f6fc Mon Sep 17 00:00:00 2001 From: michsi24 Date: Mon, 17 Nov 2025 11:29:59 +0200 Subject: [PATCH 8/8] docs: update README to include release-please versioning markers --- actions/validate-domain/README.md | 2 ++ 1 file changed, 2 insertions(+) diff --git a/actions/validate-domain/README.md b/actions/validate-domain/README.md index b546e2b..6273ea0 100644 --- a/actions/validate-domain/README.md +++ b/actions/validate-domain/README.md @@ -24,7 +24,9 @@ If you need to change or extend this list, update the action source or open a PR ## 🚀 Usage + ```yaml - name: Validate domain uses: MapColonies/shared-workflows/actions/validate-domain@v1 ``` +