152 lines
4.5 KiB
Bash
152 lines
4.5 KiB
Bash
#!/bin/bash
|
|
|
|
#
|
|
# Copyright (c) 2018-2024 Wind River Systems, Inc.
|
|
#
|
|
# SPDX-License-Identifier: Apache-2.0
|
|
#
|
|
|
|
# This script takes the names of packaged helm charts as arguments.
|
|
# It installs them in the on-node helm chart repository and regenerates
|
|
# the repository index.
|
|
|
|
|
|
# We want to run as the "www" user and scripts can't be setuid. The
|
|
# sudoers permissions are set up to allow sysadmin to run this script
|
|
# as the "www" user without a password.
|
|
WWW_ID=$(id -u www)
|
|
if [ ${UID} -ne ${WWW_ID} ]; then
|
|
exec sudo -u www -g www "$0" "$@"
|
|
fi
|
|
|
|
|
|
RETVAL=0
|
|
REINDEX=0
|
|
|
|
REPO_BASE='/var/www/pages/helm_charts'
|
|
INDEX_FILENAME='index.yaml'
|
|
|
|
# The 'check-only' optional parameter can be used to validate charts against the
|
|
# repo without uploading them.
|
|
# The 'upload-only' optional parameter can be used to upload charts bypassing the
|
|
# preliminary checks.
|
|
# If no optional parameters are passed then charts will be checked and uploaded if valid.
|
|
# The repository name must be passed as a parameter preceding the charts.
|
|
if [ $# -lt 2 ]; then
|
|
echo "Usage: helm-upload <repo name> <chart 1> .. <chart N>"
|
|
echo " helm-upload check-only <repo name> <chart 1> .. <chart N>"
|
|
echo " helm-upload upload-only <repo name> <chart 1> .. <chart N>"
|
|
exit 1
|
|
fi
|
|
|
|
if [ "$1" = "check-only" ]; then
|
|
RUN_CHECK=true
|
|
RUN_UPLOAD=false
|
|
REPO_DIR="${REPO_BASE}/$2"
|
|
shift 2
|
|
elif [ "$1" = "upload-only" ]; then
|
|
RUN_CHECK=false
|
|
RUN_UPLOAD=true
|
|
REPO_DIR="${REPO_BASE}/$2"
|
|
shift 2
|
|
else
|
|
RUN_CHECK=true
|
|
RUN_UPLOAD=true
|
|
REPO_DIR="${REPO_BASE}/$1"
|
|
shift 1
|
|
fi
|
|
|
|
# Make sure the repo directory exists
|
|
if [ ! -e $REPO_DIR ]; then
|
|
echo "$REPO_DIR doesn't exist."
|
|
exit 1
|
|
fi
|
|
|
|
declare -A CHARTS_INDEXED_BY_VERSION
|
|
INDEX_PATH="${REPO_DIR}/${INDEX_FILENAME}"
|
|
FOUND_NAME=false
|
|
FOUND_URL=false
|
|
|
|
# Build an array of repository charts indexed by their version
|
|
while read -r LINE; do
|
|
|
|
if [[ "$LINE" = *"name: "* ]]; then
|
|
CHART_NAME=$(echo "$LINE" | cut -d " " -f 2)
|
|
FOUND_NAME=true
|
|
fi
|
|
|
|
if [ "$FOUND_NAME" = true ] && [[ "$LINE" = "- "*.tgz ]]; then
|
|
CHART_URL=$(echo "$LINE" | cut -d " " -f 2)
|
|
FOUND_URL=true
|
|
fi
|
|
|
|
if [ "$FOUND_URL" = true ] && [[ "$LINE" = *"version: "* ]]; then
|
|
FOUND_NAME=false
|
|
FOUND_URL=false
|
|
|
|
CHART_VERSION=$(echo "$LINE" | cut -d " " -f 2)
|
|
CHART_FULL_NAME="${CHART_NAME}-${CHART_VERSION}"
|
|
CHARTS_INDEXED_BY_VERSION["${CHART_FULL_NAME}"]="${REPO_DIR}/${CHART_URL}"
|
|
fi
|
|
|
|
done < "$INDEX_PATH"
|
|
|
|
for FILE in "$@"; do
|
|
IS_VALID=false
|
|
if [[ -r $FILE && "${RUN_CHECK}" = true ]] ; then
|
|
|
|
FOUND_NAME=false
|
|
while read -r LINE; do
|
|
if [[ "$LINE" = *"name: "* ]]; then
|
|
INCOMING_CHART_NAME=$(echo "$LINE" | cut -d " " -f 2)
|
|
FOUND_NAME=true
|
|
fi
|
|
if [ "$FOUND_NAME" = true ] && [[ "$LINE" = *"version: "* ]]; then
|
|
INCOMING_CHART_VERSION=$(echo "$LINE" | cut -d " " -f 2)
|
|
INCOMING_CHART="$INCOMING_CHART_NAME-$INCOMING_CHART_VERSION"
|
|
break
|
|
fi
|
|
done <<< "$(helm show chart "$FILE")"
|
|
|
|
# Check if the file already exists in the repository
|
|
if [[ -v "CHARTS_INDEXED_BY_VERSION[$INCOMING_CHART]" ]] &&
|
|
diff <(tar -xOzf ${FILE} | sha256sum) <(tar -xOzf "${CHARTS_INDEXED_BY_VERSION[$INCOMING_CHART]}" | sha256sum) &>/dev/null; then
|
|
echo "Chart ${INCOMING_CHART_NAME} (version ${INCOMING_CHART_VERSION}) already " \
|
|
"in the repository"
|
|
RETVAL=2
|
|
elif [[ -v "CHARTS_INDEXED_BY_VERSION[$INCOMING_CHART]" ]]; then
|
|
echo "A chart with a different content but same name (${INCOMING_CHART_NAME})" \
|
|
"and version (${INCOMING_CHART_VERSION}) already exists in the repository"
|
|
RETVAL=3
|
|
else
|
|
IS_VALID=true
|
|
fi
|
|
elif [[ ! -r $FILE ]]; then
|
|
echo Cannot read file ${FILE}.
|
|
RETVAL=1
|
|
fi
|
|
|
|
if [[ -r $FILE && "${RUN_UPLOAD}" = true && ( "${RUN_CHECK}" = false || ( "${RUN_CHECK}" = true && "${IS_VALID}" = true ) ) ]]; then
|
|
cp $FILE $REPO_DIR
|
|
|
|
if [ $? -ne 0 ]; then
|
|
echo Problem adding $FILE to helm chart registry.
|
|
RETVAL=1
|
|
else
|
|
REINDEX=1
|
|
fi
|
|
elif [[ ! -r $FILE ]]; then
|
|
echo Cannot read file ${FILE}.
|
|
RETVAL=1
|
|
fi
|
|
done
|
|
|
|
|
|
# Now re-index the helm repository if we successfully copied in
|
|
# any new charts.
|
|
if [ $REINDEX -eq 1 ]; then
|
|
/usr/sbin/helm repo index $REPO_DIR
|
|
fi
|
|
|
|
exit $RETVAL
|