Add precommit hooks (#125)

* add readme generator pre-commit hook
* apply fixes from running pre-commit run --all-files
* bump chart versions of all charts
* use GITHUB_TOKEN instead of PAT for checkout charts step
* update permissions for GITHUB_TOKEN in helm-unittests job
* include the ecs-inventory chart in readme-generator
* add helm unit tests to pre-commit hooks (disabled by default)
* use static chart version for snapshot tests
* move value converter into its own directory

---------

Signed-off-by: Brady Todhunter <[email protected]>

.github/workflows/helm-unittests.yaml

@@ -13,6 +13,8 @@ on:
 permissions: {}
 jobs:
   helm-unittests:
+    permissions:
+      contents: read # for helm-unittest to read the chart
     env:
       REPO: "${{ github.repository }}"
       REPO_NAME: "${{ github.event.repository.name }}"
@@ -30,7 +32,7 @@ jobs:
           path: ${{ github.repository }}
           ref: ${{github.event.pull_request.head.ref}}
           repository: ${{github.event.pull_request.head.repo.full_name}}
-          token: ${{ secrets.CI_WRITE_GITHUB_TOKEN }}
+          token: ${{ secrets.GITHUB_TOKEN }}
 
       - name: Set up Helm
         uses: azure/setup-helm@5119fcb9089d432beecbf79bb2c7915207344b78 # v3.5

.github/workflows/lint.yaml

@@ -41,4 +41,3 @@ jobs:
       id: lint
       run: ct lint --config 'ct-config.yaml'
       if: steps.list-changed.outputs.CHANGED == 'true'
-

.pre-commit-config.yaml

@@ -1,4 +1,18 @@
 repos:
+# - repo: local
+#   hooks:
+#   - id: helm-unittest
+#     name: helm-unittest
+#     entry: scripts/hooks/helm-unittest.sh
+#     language: script
+#     files: ^stable/(enterprise|feeds)/templates/.*$
+- repo: local
+  hooks:
+  - id: readme-generator
+    name: readme-generator
+    entry: scripts/hooks/readme-generator.sh
+    language: script
+    files: ^stable/(enterprise|feeds|ecs-inventory)/values\.yaml$
 - repo: https://github.com/gitleaks/gitleaks
   rev: v8.16.3
   hooks:

CONTRIBUTING.rst

@@ -10,27 +10,27 @@ way to contribute to the Anchore project.
 
 The process is to certify the below DCO 1.1 text
 ::
-    
+
     Developer's Certificate of Origin 1.1
-    
+
     By making a contribution to this project, I certify that:
-    
+
     (a) The contribution was created in whole or in part by me and I
         have the right to submit it under the open source license
         indicated in the file; or
-    
+
     (b) The contribution is based upon previous work that, to the best
         of my knowledge, is covered under an appropriate open source
         license and I have the right under that license to submit that
         work with modifications, whether created in whole or in part
         by me, under the same open source license (unless I am
         permitted to submit under a different license), as indicated
         in the file; or
-    
+
     (c) The contribution was provided directly to me by some other
         person who certified (a), (b) or (c) and I have not modified
         it.
-    
+
     (d) I understand and agree that this project and the contribution
         are public and that a record of the contribution (including all
         personal information I submit with it, including my sign-off) is

README.md

@@ -6,6 +6,7 @@ This repository contains Helm charts for deploying [Anchore](https://www.anchore
 
 - [Helm](https://helm.sh/) (>=3.8) - Helm is a package manager for Kubernetes that makes it easy to install and manage applications on your cluster.
 - [Kubernetes](https://kubernetes.io/) (>=1.23) - Kubernetes is an open-source container orchestration platform that is required to use Helm charts.
+- [pre-commit](https://pre-commit.com/) - pre-commit is a tool that is used to ensure that all commits to the repository are properly formatted. It is not required to use the charts in this repository, but it is recommended to install it to ensure that your commits are properly formatted.
 
 ## Installation
 

build.sh

@@ -32,4 +32,3 @@ if [ "${do_push}" == "true" ]; then
 else
 	echo "Skipping push"
 fi
-

ct-config.yaml

@@ -7,4 +7,4 @@ chart-repos:
   - bitnami=https://charts.bitnami.com/bitnami
 namespace: anchore
 release-label: anchore
-helm-extra-args: --timeout 600s
+helm-extra-args: --timeout 600s

scripts/Dockerfile → scripts/enterprise-value-converter/Dockerfile

@@ -10,4 +10,4 @@ RUN pip install argparse pyyaml
 
 ENTRYPOINT ["python3", "convert.py"]
 
-CMD ["-e", "values.yaml"]
+CMD ["-e", "values.yaml"]

scripts/README.md → scripts/enterprise-value-converter/README.md

@@ -9,7 +9,7 @@ This script converts the values file of Anchore Engine to the values file format
 ## Usage
 
 1. **The Docker Image**:
-    To build the docker image yourself, from the `scripts` directory, build the Docker image using the following command:
+    To build the docker image yourself, from the `scripts/enterprise-value-converter` directory, build the Docker image using the following command:
 
     ```bash
     docker build -t script-container .

scripts/convert.py → scripts/enterprise-value-converter/convert.py

@@ -22,4 +22,4 @@
     args = parser.parse_args()
     engine_file = args.engine_file
     results_dir = args.results_dir
-    convert_values_file(file=engine_file, results_dir=results_dir)
+    convert_values_file(file=engine_file, results_dir=results_dir)

scripts/helpers.py → scripts/enterprise-value-converter/helpers.py

@@ -292,4 +292,4 @@ def merge_dicts(dict1, dict2):
         else:
             merged_dict[key] = value
 
-    return merged_dict
+    return merged_dict

scripts/tests/configs/test_convert_values_file_result.yaml → scripts/enterprise-value-converter/tests/configs/test_convert_values_file_result.yaml

@@ -14,4 +14,4 @@
     "hashed_passwords": False
 "extraEnv":
   - "name": "ANCHORE_MAX_REQUEST_THREADS"
-    "value": "9876543210"
+    "value": "9876543210"

scripts/tests/test_anchoreAnalyzer_value_mapping.py → scripts/enterprise-value-converter/tests/test_anchoreAnalyzer_value_mapping.py

@@ -347,4 +347,4 @@ def test_enableOwnedPackageFiltering_value(self):
         }
         result = replace_keys_with_mappings(dot_string_dict, self.results_dir)
         self.assertEqual(result[0], {'anchoreConfig': {'user_authentication': {'hashed_passwords': False}}})
-        self.assertEqual(result[1], expected_result)
+        self.assertEqual(result[1], expected_result)

scripts/tests/test_anchoreApi_value_mapping.py → scripts/enterprise-value-converter/tests/test_anchoreApi_value_mapping.py

@@ -245,4 +245,4 @@ def test_anchoreApi_external_value(self):
 
         result = replace_keys_with_mappings(dot_string_dict, self.results_dir)
 
-        self.assertEqual(result[0], expected_result)
+        self.assertEqual(result[0], expected_result)

scripts/tests/test_anchoreCatalog_value_mapping.py → scripts/enterprise-value-converter/tests/test_anchoreCatalog_value_mapping.py

@@ -404,4 +404,4 @@ def test_anchoreCatalog_downAnalyzerTaskRequeue_value(self):
             }
         }
         result = replace_keys_with_mappings(dot_string_dict, self.results_dir)
-        self.assertEqual(result[0], expected_result)
+        self.assertEqual(result[0], expected_result)

scripts/tests/test_anchoreEnterpriseFeeds_value_mapping.py → scripts/enterprise-value-converter/tests/test_anchoreEnterpriseFeeds_value_mapping.py

@@ -777,4 +777,4 @@ def test_anchoreFeedsGemDB_extraEnv_values(self):
             }
         }
         result = replace_keys_with_mappings(dot_string_dict, self.results_dir)
-        self.assertEqual(result[0], expected_result)
+        self.assertEqual(result[0], expected_result)

scripts/tests/test_anchoreEnterpriseNotifications_value_mapping.py → scripts/enterprise-value-converter/tests/test_anchoreEnterpriseNotifications_value_mapping.py

@@ -255,7 +255,7 @@ def test_anchoreEnterpriseNotifications_cycleTimers_value(self):
         }
         result = replace_keys_with_mappings(dot_string_dict, self.results_dir)
         self.assertEqual(result[0], expected_result)
-    
+
     def test_anchoreEnterpriseNotifications_uiUrl_value(self):
         dot_string_dict = {
             "anchoreEnterpriseNotifications.uiUrl": "http://myurl.myurl"
@@ -269,4 +269,4 @@ def test_anchoreEnterpriseNotifications_uiUrl_value(self):
             }
         }
         result = replace_keys_with_mappings(dot_string_dict, self.results_dir)
-        self.assertEqual(result[0], expected_result)
+        self.assertEqual(result[0], expected_result)

scripts/tests/test_anchoreEnterpriseRbac_value_mapping.py → scripts/enterprise-value-converter/tests/test_anchoreEnterpriseRbac_value_mapping.py

@@ -299,4 +299,4 @@ def test_anchoreEnterpriseRbac_managerResources_value(self):
             }
         }
         result = replace_keys_with_mappings(dot_string_dict, self.results_dir)
-        self.assertEqual(result[0], expected_result)
+        self.assertEqual(result[0], expected_result)

scripts/tests/test_anchoreEnterpriseReports_value_mapping.py → scripts/enterprise-value-converter/tests/test_anchoreEnterpriseReports_value_mapping.py

@@ -339,4 +339,4 @@ def test_anchoreEnterpriseReports_cycleTimers_value(self):
             }
         }
         result = replace_keys_with_mappings(dot_string_dict, self.results_dir)
-        self.assertEqual(result[0], expected_result)
+        self.assertEqual(result[0], expected_result)

scripts/tests/test_anchoreEnterpriseUi_value_mapping.py → scripts/enterprise-value-converter/tests/test_anchoreEnterpriseUi_value_mapping.py

@@ -559,4 +559,4 @@ def test_uiRedis_externalEndpoint_value(self):
                 }
         }
         result = replace_keys_with_mappings(dot_string_dict, self.results_dir)
-        self.assertEqual(result[0], expected_result)
+        self.assertEqual(result[0], expected_result)

scripts/tests/test_anchoreGlobal_value_mapping.py → scripts/enterprise-value-converter/tests/test_anchoreGlobal_value_mapping.py

@@ -189,7 +189,7 @@ def test_anchoreGlobal_serviceAccountName_value(self):
         result = replace_keys_with_mappings(dot_string_dict, self.results_dir)
         self.assertEqual(result[0], expected_result)
         self.assertEqual(result[1], {})
-    
+
     def test_anchoreGlobal_labels_value(self):
         dot_string_dict = {
             "anchoreGlobal.labels.mylabel": "myvalue",
@@ -785,4 +785,4 @@ def test_anchoreGlobal_maxCompressedImageSizeMB_value(self):
 
 
 if __name__ == '__main__':
-    unittest.main()
+    unittest.main()

scripts/tests/test_anchorePolicyEngine_value_mapping.py → scripts/enterprise-value-converter/tests/test_anchorePolicyEngine_value_mapping.py

@@ -298,4 +298,4 @@ def test_anchorePolicyEngine_enablePackageDbLoad_value(self):
             }
         }
         result = replace_keys_with_mappings(dot_string_dict, self.results_dir)
-        self.assertEqual(result[1], expected_result)
+        self.assertEqual(result[1], expected_result)

scripts/tests/test_anchoreSimpleQueue_value_mapping.py → scripts/enterprise-value-converter/tests/test_anchoreSimpleQueue_value_mapping.py

@@ -233,4 +233,4 @@ def test_anchoreSimpleQueue_service_value(self):
             }
         }
         result = replace_keys_with_mappings(dot_string_dict, self.results_dir)
-        self.assertEqual(result[0], expected_result)
+        self.assertEqual(result[0], expected_result)

scripts/tests/test_helpers.py → scripts/enterprise-value-converter/tests/test_helpers.py

@@ -316,4 +316,4 @@ def test_replace_keys_with_mappings_env_var(self):
         self.assertEqual(result[0], anchore_config_expected_results)
 
 if __name__ == '__main__':
-    unittest.main()
+    unittest.main()

scripts/hooks/helm-unittest.sh

@@ -0,0 +1,39 @@
+#!/usr/bin/env bash
+
+readonly DEBUG=${DEBUG:-unset}
+if [ "${DEBUG}" != unset ]; then
+  set -x
+fi
+
+if [[ ! $(which helm) ]]; then
+    echo "helm not found. Please install helm and try again"
+    exit 1
+fi
+
+if ! helm plugin list | grep -q unittest; then
+    echo "helm-unittest plugin not found. Press 'y' to install with helm or any other key to skip"
+    read -r install_helm_unittest
+    if [[ "$install_helm_unittest" != "y" ]]; then
+        exit 1
+    fi
+    helm plugin install https://github.com/helm-unittest/helm-unittest.git
+fi
+
+files_changed="$(git diff --name-only origin/main | sort | uniq)"
+# Adding || true to avoid "Process exited with code 1" errors
+charts_dirs_changed="$(echo "$files_changed" | xargs dirname | grep -o "stable/[^/]*" | sort | uniq || true)"
+
+charts_to_test=("stable/enterprise" "stable/feeds")
+
+for chart in ${charts_dirs_changed}; do
+    for charts_to_test in "${charts_to_test[@]}"; do
+        if [[ "$chart" == "$charts_to_test" ]]; then
+            echo "Running unit tests for ${chart}"
+            pushd "${chart}" || exit
+            helm repo add anchore https://charts.anchore.io/stable
+            helm dep up
+            helm unittest .
+            popd || exit
+        fi
+    done
+done

scripts/hooks/readme-generator.sh

@@ -0,0 +1,34 @@
+#!/usr/bin/env bash
+
+readonly DEBUG=${DEBUG:-unset}
+if [ "${DEBUG}" != unset ]; then
+  set -x
+fi
+
+if [[ ! $(which readme-generator) ]]; then
+    echo "readme-generator not found. Press 'y' to install with npm or any other key to skip"
+    read -r install_readme_generator
+    if [[ "$install_readme_generator" != "y" ]]; then
+        exit 1
+    fi
+    if [[ ! $(which npm) ]]; then
+        echo "npm not found. Please install npm and try again"
+        exit 1
+    fi
+    npm install -g @bitnami/readme-generator-for-helm
+fi
+
+files_changed="$(git diff --name-only origin/main | sort | uniq)"
+# Adding || true to avoid "Process exited with code 1" errors
+charts_dirs_changed="$(echo "$files_changed" | xargs dirname | grep -o "stable/[^/]*" | sort | uniq || true)"
+
+chart_with_metadata=("stable/enterprise" "stable/feeds" "stable/ecs-inventory")
+
+for chart in ${charts_dirs_changed}; do
+    for chart_with_metadata in "${chart_with_metadata[@]}"; do
+        if [[ "$chart" == "$chart_with_metadata" ]]; then
+            echo "Updating README.md for ${chart}"
+            readme-generator --values "${chart}/values.yaml" --readme "${chart}/README.md"
+        fi
+    done
+done

stable/anchore-admission-controller/Chart.yaml

@@ -1,6 +1,6 @@
 apiVersion: v1
 name: anchore-admission-controller
-version: 0.4.6
+version: 0.4.7
 appVersion: 0.4.0
 description: A kubernetes admission controller for validating and mutating webhooks that operates against Anchore Engine to make access decisions and annotations
 home: https://github.com/anchore/kubernetes-admission-controller