diff --git a/.github/workflows/chart-releaser.yaml b/.github/workflows/chart-releaser.yaml deleted file mode 100644 index 62760e8..0000000 --- a/.github/workflows/chart-releaser.yaml +++ /dev/null @@ -1,29 +0,0 @@ -name: Release Charts - -on: - push: - branches: - - main - -jobs: - release: - permissions: - contents: write - runs-on: ubuntu-latest - steps: - - name: Checkout - uses: actions/checkout@v4 - with: - fetch-depth: 0 - - - name: Configure Git - run: | - git config user.name "$GITHUB_ACTOR" - git config user.email "$GITHUB_ACTOR@users.noreply.github.com" - - - name: Run chart-releaser - uses: helm/chart-releaser-action@v1.6.0 - with: - charts_dir: charts/ai-software-templates - env: - CR_TOKEN: "${{ secrets.GITHUB_TOKEN }}" diff --git a/.github/workflows/release.yaml b/.github/workflows/release.yaml new file mode 100644 index 0000000..e8555fe --- /dev/null +++ b/.github/workflows/release.yaml @@ -0,0 +1,32 @@ +name: Release Helm Chart Package + +on: + push: + tags: + - "v*" +permissions: + contents: write + +jobs: + release-package: + runs-on: ubuntu-latest + strategy: + matrix: + chartpath: + - "charts/chatbot" + steps: + - name: Checkout + uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2 + with: + fetch-depth: 0 + + - name: Install Helm + uses: azure/setup-helm@fe7b79cd5ee1e45176fcad797de68ecaf3ca4814 # v4.2.0 + with: + version: 3.12.1 + + - name: Generate Helm Package + run: | + RELEASE_VERSION=${GITHUB_REF#refs/*/} + CHART_PATH=${{matrix.chartpath}} + helm package $CHART_PATH/$RELEASE_VERSION diff --git a/charts/ai-software-templates/chatbot/0.1.0/Chart.yaml b/charts/ai-software-templates/chatbot/Chart.yaml similarity index 100% rename from charts/ai-software-templates/chatbot/0.1.0/Chart.yaml rename to charts/ai-software-templates/chatbot/Chart.yaml diff --git a/charts/ai-software-templates/chatbot/0.1.0/README.md b/charts/ai-software-templates/chatbot/README.md similarity index 100% rename from charts/ai-software-templates/chatbot/0.1.0/README.md rename to charts/ai-software-templates/chatbot/README.md diff --git a/charts/ai-software-templates/chatbot/0.1.0/templates/NOTES.txt b/charts/ai-software-templates/chatbot/templates/NOTES.txt similarity index 100% rename from charts/ai-software-templates/chatbot/0.1.0/templates/NOTES.txt rename to charts/ai-software-templates/chatbot/templates/NOTES.txt diff --git a/charts/ai-software-templates/chatbot/0.1.0/templates/app-config.yaml b/charts/ai-software-templates/chatbot/templates/app-config.yaml similarity index 100% rename from charts/ai-software-templates/chatbot/0.1.0/templates/app-config.yaml rename to charts/ai-software-templates/chatbot/templates/app-config.yaml diff --git a/charts/ai-software-templates/chatbot/0.1.0/templates/app-deployment.yaml b/charts/ai-software-templates/chatbot/templates/app-deployment.yaml similarity index 100% rename from charts/ai-software-templates/chatbot/0.1.0/templates/app-deployment.yaml rename to charts/ai-software-templates/chatbot/templates/app-deployment.yaml diff --git a/charts/ai-software-templates/chatbot/0.1.0/templates/app-route.yaml b/charts/ai-software-templates/chatbot/templates/app-route.yaml similarity index 100% rename from charts/ai-software-templates/chatbot/0.1.0/templates/app-route.yaml rename to charts/ai-software-templates/chatbot/templates/app-route.yaml diff --git a/charts/ai-software-templates/chatbot/0.1.0/templates/app-service.yaml b/charts/ai-software-templates/chatbot/templates/app-service.yaml similarity index 100% rename from charts/ai-software-templates/chatbot/0.1.0/templates/app-service.yaml rename to charts/ai-software-templates/chatbot/templates/app-service.yaml diff --git a/charts/ai-software-templates/chatbot/0.1.0/templates/application-gitops-job.yaml b/charts/ai-software-templates/chatbot/templates/application-gitops-job.yaml similarity index 100% rename from charts/ai-software-templates/chatbot/0.1.0/templates/application-gitops-job.yaml rename to charts/ai-software-templates/chatbot/templates/application-gitops-job.yaml diff --git a/charts/ai-software-templates/chatbot/0.1.0/templates/model-config.yaml b/charts/ai-software-templates/chatbot/templates/model-config.yaml similarity index 100% rename from charts/ai-software-templates/chatbot/0.1.0/templates/model-config.yaml rename to charts/ai-software-templates/chatbot/templates/model-config.yaml diff --git a/charts/ai-software-templates/chatbot/0.1.0/templates/model-server-deployment.yaml b/charts/ai-software-templates/chatbot/templates/model-server-deployment.yaml similarity index 100% rename from charts/ai-software-templates/chatbot/0.1.0/templates/model-server-deployment.yaml rename to charts/ai-software-templates/chatbot/templates/model-server-deployment.yaml diff --git a/charts/ai-software-templates/chatbot/0.1.0/templates/model-server-service.yaml b/charts/ai-software-templates/chatbot/templates/model-server-service.yaml similarity index 100% rename from charts/ai-software-templates/chatbot/0.1.0/templates/model-server-service.yaml rename to charts/ai-software-templates/chatbot/templates/model-server-service.yaml diff --git a/charts/ai-software-templates/chatbot/0.1.0/templates/pvc.yaml b/charts/ai-software-templates/chatbot/templates/pvc.yaml similarity index 100% rename from charts/ai-software-templates/chatbot/0.1.0/templates/pvc.yaml rename to charts/ai-software-templates/chatbot/templates/pvc.yaml diff --git a/charts/ai-software-templates/chatbot/0.1.0/templates/tekton-repository.yaml b/charts/ai-software-templates/chatbot/templates/tekton-repository.yaml similarity index 100% rename from charts/ai-software-templates/chatbot/0.1.0/templates/tekton-repository.yaml rename to charts/ai-software-templates/chatbot/templates/tekton-repository.yaml diff --git a/charts/ai-software-templates/chatbot/0.1.0/values.schema.json b/charts/ai-software-templates/chatbot/values.schema.json similarity index 100% rename from charts/ai-software-templates/chatbot/0.1.0/values.schema.json rename to charts/ai-software-templates/chatbot/values.schema.json diff --git a/charts/ai-software-templates/chatbot/0.1.0/values.yaml b/charts/ai-software-templates/chatbot/values.yaml similarity index 100% rename from charts/ai-software-templates/chatbot/0.1.0/values.yaml rename to charts/ai-software-templates/chatbot/values.yaml diff --git a/charts/openshift-pipelines/Chart.yaml b/charts/openshift-pipelines/Chart.yaml deleted file mode 100644 index 8966f9c..0000000 --- a/charts/openshift-pipelines/Chart.yaml +++ /dev/null @@ -1,5 +0,0 @@ -apiVersion: v2 -description: This chart is part of the chatbot ai software template chart and configures the openshift pipelines. -name: chatbot-ai-software-template-pipelines-configuration -tags: chatbot,python,llama.cpp,vllm -version: 0.1.0 diff --git a/charts/openshift-pipelines/README.md b/charts/openshift-pipelines/README.md deleted file mode 100644 index 3f96bae..0000000 --- a/charts/openshift-pipelines/README.md +++ /dev/null @@ -1,36 +0,0 @@ -# OpenShift Pipelines Configuration - AI Software Template Helm Chart - -This helm chart tries to provide an easy way to configure OpenShift Pipelines on your cluster and set everything up for the installation of the [AI Software Template Chat Application Helm Chart](../ai-software-templates/chatbot/0.1.0/). - -## Requirements - -Before installing the pipelines configuration helm chart, make sure you have created a Secret inside the Namespace you plan to release your Chat Application. The necessary fields are mentioned in the [values.gitops](#gitops) section. - -## Usage - -To install the configuration helm chart simply run: - -``` -helm upgrade --install --namespace . -``` - -## Values - -### application - -| Value | Description | Default | Additional Information | -| ----------- | --------------------------------------------------------- | --------------------------- | ---------------------- | -| `name` | The name of the configuration helm chart release. | `chatbot-configuration` | | -| `namespace` | The namespace that the chat application will be released. | `ai-software-templates-dev` | | - -### gitops - -| Value | Description | Default | Additional Information | -| ---------------------------------- | ----------------------------------------------------------------------------------- | --------------------------- | ---------------------- | -| `gitSecretName` | The name of the Secret containing the required Github credentials. | `git-secrets` | | -| `gitSecretKeyToken` | The name of the Secret's key with your Github token value. | `GITHUB_TOKEN` | | -| `gitSecretKeyAppId` | The name of the Secret's key with your Github App's application id value. | `GITHUB_APP_APP_ID` | | -| `gitSecretKeyWebhookURL` | The name of the Secret's key with your Github App's webhook url value. | `GITHUB_APP_WEBHOOK_URL` | | -| `gitSecretKeyWebhookSecret` | The name of the Secret's key with your Github App's webhook secret value. | `GITHUB_APP_WEBHOOK_SECRET` | | -| `gitSecretKeyPrivateKey` | The name of the Secret's key with your Github App's private key value. | `GITHUB_APP_PRIVATE_KEY` | | -| `gitSecretKeyQuayDockerConfigJSON` | The name of the Secret's key with your Github App's quay.io DockerConfigJson value. | `QUAY_DOCKERCONFIGJSON` | | diff --git a/charts/openshift-pipelines/templates/service-account.yaml b/charts/openshift-pipelines/templates/service-account.yaml deleted file mode 100644 index b7a56fb..0000000 --- a/charts/openshift-pipelines/templates/service-account.yaml +++ /dev/null @@ -1,19 +0,0 @@ ---- -apiVersion: v1 -kind: ServiceAccount -metadata: - name: helm-manager - namespace: {{.Release.Namespace}} ---- -apiVersion: rbac.authorization.k8s.io/v1 -kind: ClusterRoleBinding -metadata: - name: helm-manager-admin -roleRef: - apiGroup: rbac.authorization.k8s.io - kind: ClusterRole - name: cluster-admin -subjects: - - kind: ServiceAccount - name: helm-manager - namespace: {{.Release.Namespace}} diff --git a/charts/openshift-pipelines/templates/setup-pipelines-job.yaml b/charts/openshift-pipelines/templates/setup-pipelines-job.yaml deleted file mode 100644 index 33e81b4..0000000 --- a/charts/openshift-pipelines/templates/setup-pipelines-job.yaml +++ /dev/null @@ -1,325 +0,0 @@ ---- -apiVersion: batch/v1 -kind: Job -metadata: - name: "{{.Release.Name}}-configure-openshift-pipelines" - namespace: {{ .Release.Namespace }} - labels: - app.kubernetes.io/managed-by: {{ .Release.Service | quote }} - app.kubernetes.io/instance: {{ .Release.Name | quote }} - app.kubernetes.io/version: {{ .Chart.AppVersion }} - helm.sh/chart: "{{.Chart.Name}}-{{.Chart.Version}}" -spec: - template: - metadata: - name: "{{.Release.Name}}-configure-operators" - labels: - app.kubernetes.io/managed-by: {{ .Release.Service | quote }} - app.kubernetes.io/instance: {{ .Release.Name | quote }} - helm.sh/chart: "{{.Chart.Name}}-{{.Chart.Version}}" - spec: - containers: - - name: configure-operators - image: "registry.redhat.io/openshift4/ose-tools-rhel8:latest" - workingDir: /tmp - env: - - name: GITHUB_TOKEN - valueFrom: - secretKeyRef: - name: {{ .Values.gitops.gitSecretName }} - key: {{ .Values.gitops.gitSecretKeyToken }} - - name: GITHUB_APP_APP_ID - valueFrom: - secretKeyRef: - name: {{ .Values.gitops.gitSecretName }} - key: {{ .Values.gitops.gitSecretKeyAppId }} - - name: GITHUB_APP_WEBHOOK_URL - valueFrom: - secretKeyRef: - name: {{ .Values.gitops.gitSecretName }} - key: {{ .Values.gitops.gitSecretKeyWebhookURL }} - - name: GITHUB_APP_WEBHOOK_SECRET - valueFrom: - secretKeyRef: - name: {{ .Values.gitops.gitSecretName }} - key: {{ .Values.gitops.gitSecretKeyWebhookSecret }} - - name: GITHUB_APP_PRIVATE_KEY - valueFrom: - secretKeyRef: - name: {{ .Values.gitops.gitSecretName }} - key: {{ .Values.gitops.gitSecretKeyPrivateKey }} - - name: QUAY_DOCKERCONFIGJSON - valueFrom: - secretKeyRef: - name: {{ .Values.gitops.gitSecretName }} - key: {{ .Values.gitops.gitSecretKeyQuayDockerConfigJSON }} - - name: NAMESPACE - value: {{ .Values.application.namespace }} - command: - - /bin/bash - - -c - - | - echo "Step 1: Configure Operators" - set -o errexit - set -o nounset - set -o pipefail - - echo -n "* Fetching sigstore/cosign: " - curl -sL https://github.com/sigstore/cosign/releases/latest/download/cosign-linux-amd64 -o /usr/bin/cosign && chmod +x /usr/bin/cosign - echo "OK" - - PIPELINES_NAMESPACE="openshift-pipelines" - - echo -n "* Waiting for pipelines operator deployment: " - until kubectl get namespace "$PIPELINES_NAMESPACE" >/dev/null 2>&1; do - echo -n "." - sleep 3 - done - until kubectl get route -n "$PIPELINES_NAMESPACE" pipelines-as-code-controller >/dev/null 2>&1; do - echo -n "." - sleep 3 - done - echo "OK" - - echo -n "* Configuring Chains secret: " - SECRET="signing-secrets" - if [ "$(kubectl get secret -n "$PIPELINES_NAMESPACE" "$SECRET" -o jsonpath='{.data}' --ignore-not-found --allow-missing-template-keys)" == "" ]; then - # Delete secret/signing-secrets if already exists since by default cosign creates immutable secrets - echo -n "." - kubectl delete secrets -n "$PIPELINES_NAMESPACE" "$SECRET" --ignore-not-found=true - - # To make this run conveniently without user input let's create a random password - echo -n "." - RANDOM_PASS=$( openssl rand -base64 30 ) - - # Generate the key pair secret directly in the cluster. - # The secret should be created as immutable. - echo -n "." - env COSIGN_PASSWORD=$RANDOM_PASS cosign generate-key-pair "k8s://$PIPELINES_NAMESPACE/$SECRET" >/dev/null - fi - # If the secret is not marked as immutable, make it so. - if [ "$(kubectl get secret -n "$PIPELINES_NAMESPACE" "$SECRET" -o jsonpath='{.immutable}')" != "true" ]; then - echo -n "." - kubectl patch secret -n "$PIPELINES_NAMESPACE" "$SECRET" --dry-run=client -o yaml \ - --patch='{"immutable": true}' \ - | kubectl apply -f - >/dev/null - fi - echo "OK" - - echo - echo "Configuration successful" - echo "Step 1: Completed" - - ## Configure Pipelines - echo "Step 2: Configure Pipelines" - - # Variables - PIPELINES_NAMESPACE=${PIPELINES_NAMESPACE:-"openshift-pipelines"} - PIPELINES_SECRET_NAME=${PIPELINES_SECRET_NAME:-'chatbot-pipelines-secret'} - - # Waiting for CRD - # Waits for TektonConfig CRD to become avaiable when performing deployment of the pipelines - # services. - echo -n "* Waiting for 'tektonconfigs' CRD: " - while [ $(kubectl api-resources | grep -c "^tektonconfigs ") = "0" ] ; do - echo -n "." - sleep 3 - done - if [ $? -ne 0 ]; then - echo "FAIL" - exit 1 - fi - echo "OK" - - # Waiting for pipelines operator deployment - # Waits for the deployment of the pipelines services to finish before proceeding. - echo -n "* Waiting for pipelines operator deployment: " - until kubectl get namespace "$PIPELINES_NAMESPACE" >/dev/null 2>&1; do - echo -n "." - sleep 3 - done - until kubectl get route -n "$PIPELINES_NAMESPACE" pipelines-as-code-controller >/dev/null 2>&1; do - echo -n "." - sleep 3 - done - if [ $? -ne 0 ]; then - echo "FAIL" - exit 1 - fi - echo "OK" - - # Update the TektonConfig resource - # Updates Tekton config CR to have setup with target namespace and - # compatiablty with RHDH instances - echo -n "* Update the TektonConfig resource: " - until kubectl get tektonconfig config >/dev/null 2>&1; do - echo -n "_" - sleep 3 - done - - echo -n "* Update the TektonConfig resource: " - until kubectl get tektonconfig config >/dev/null 2>&1; do - echo -n "_" - sleep 3 - done - kubectl patch tektonconfig config --type 'merge' --patch "$( cat </dev/null - else - WEBHOOK_SECRET="$(kubectl -n "$NAMESPACE" get secret "$PIPELINES_SECRET_NAME" ) -o jsonpath="{.data.webhook-github-secret}" | base64 -d" - fi - if [ $? -ne 0 ]; then - echo "FAIL" - exit 1 - fi - - if [ "$(kubectl get secret -n "$PIPELINES_NAMESPACE" "pipelines-as-code-secret" -o name --ignore-not-found | wc -l | tr -d '[:space:]')" = "0" ]; then - kubectl -n "$PIPELINES_NAMESPACE" create secret generic pipelines-as-code-secret \ - --from-literal github-application-id="$GITHUB_APP_APP_ID" \ - --from-literal github-private-key="$GITHUB_APP_PRIVATE_KEY" \ - --from-literal webhook.secret="$GITHUB_APP_WEBHOOK_SECRET" \ - --dry-run=client -o yaml | kubectl apply -f - >/dev/null - - if [ $? -ne 0 ]; then - echo "FAIL" - exit 1 - fi - fi - echo "OK" - - # Fetching cosign public key - # Fetches cosign public key needed for namespace setup - echo -n "* Fetching cosign public key: " - while ! kubectl get secrets -n $PIPELINES_NAMESPACE signing-secrets >/dev/null 2>&1; do - echo -n "_" - sleep 2 - done - echo -n "." - COSIGN_SIGNING_PUBLIC_KEY="" - while [ -z "${COSIGN_SIGNING_PUBLIC_KEY:-}" ]; do - echo -n "_" - sleep 2 - COSIGN_SIGNING_PUBLIC_KEY=$(kubectl get secrets -n $PIPELINES_NAMESPACE signing-secrets -o jsonpath='{.data.cosign\.pub}' 2>/dev/null) - if [ $? -ne 0 ]; then - echo -n "FAIL" - exit 1 - fi - done - echo "OK" - - # Configure Namespaces - # Configuring namespaces with needed resources - echo -n "* Configuring Namespaces: " - - SECRET_NAME="cosign-pub" - if [ -n "$COSIGN_SIGNING_PUBLIC_KEY" ]; then - cat </dev/null - apiVersion: v1 - data: - cosign.pub: $COSIGN_SIGNING_PUBLIC_KEY - kind: Secret - metadata: - labels: - app.kubernetes.io/instance: default - app.kubernetes.io/part-of: tekton-chains - operator.tekton.dev/operand-name: tektoncd-chains - name: $SECRET_NAME - namespace: $NAMESPACE - type: Opaque - EOF - if [ $? -ne 0 ]; then - echo -n "FAIL" - exit 1 - fi - echo -n "." - fi - - SECRET_NAME="gitops-auth-secret" - if [ -n "$GITHUB_TOKEN" ]; then - kubectl -n $NAMESPACE create secret generic "$SECRET_NAME" \ - --from-literal=password=$GITHUB_TOKEN \ - --type=kubernetes.io/basic-auth \ - --dry-run=client -o yaml | kubectl -n $NAMESPACE apply --filename - --overwrite=true >/dev/null - if [ $? -ne 0 ]; then - echo -n "FAIL" - exit 1 - fi - echo -n "." - fi - - SECRET_NAME="pipelines-secret" - if [ -n "$GITHUB_APP_WEBHOOK_SECRET" ]; then - kubectl -n $NAMESPACE create secret generic "$SECRET_NAME" \ - --from-literal=webhook.secret=$GITHUB_APP_WEBHOOK_SECRET \ - --dry-run=client -o yaml | kubectl -n $NAMESPACE apply --filename - --overwrite=true >/dev/null - if [ $? -ne 0 ]; then - echo -n "FAIL" - exit 1 - fi - echo -n "." - fi - - SECRET_NAME="helm-chart-image-registry-token" - if [ -n "$QUAY_DOCKERCONFIGJSON" ]; then - DATA=$(mktemp) - echo -n "$QUAY_DOCKERCONFIGJSON" >"$DATA" - kubectl -n $NAMESPACE create secret docker-registry "$SECRET_NAME" \ - --from-file=.dockerconfigjson="$DATA" --dry-run=client -o yaml | \ - kubectl -n $NAMESPACE apply --filename - --overwrite=true >/dev/null - if [ $? -ne 0 ]; then - echo -n "FAIL" - exit 1 - fi - rm "$DATA" - echo -n "." - while ! kubectl -n $NAMESPACE get serviceaccount pipeline >/dev/null; do - sleep 2 - echo -n "_" - done - for SA in default pipeline; do - kubectl -n $NAMESPACE patch serviceaccounts "$SA" --patch " - secrets: - - name: $SECRET_NAME - imagePullSecrets: - - name: $SECRET_NAME - " >/dev/null - if [ $? -ne 0 ]; then - echo -n "FAIL" - exit 1 - fi - echo -n "." - done - echo -n "." - fi - echo "OK" - restartPolicy: "Never" - serviceAccountName: helm-manager diff --git a/charts/openshift-pipelines/templates/subscription.yaml b/charts/openshift-pipelines/templates/subscription.yaml deleted file mode 100644 index 786dd0e..0000000 --- a/charts/openshift-pipelines/templates/subscription.yaml +++ /dev/null @@ -1,13 +0,0 @@ -apiVersion: operators.coreos.com/v1alpha1 -kind: Subscription -metadata: - annotations: - helm.sh/resource-policy: keep - name: openshift-pipelines-operator - namespace: openshift-operators -spec: - channel: pipelines-1.14 - installPlanApproval: Automatic - name: openshift-pipelines-operator-rh - source: redhat-operators - sourceNamespace: openshift-marketplace diff --git a/charts/openshift-pipelines/values.yaml b/charts/openshift-pipelines/values.yaml deleted file mode 100644 index 58ed63b..0000000 --- a/charts/openshift-pipelines/values.yaml +++ /dev/null @@ -1,12 +0,0 @@ -application: - name: "chatbot-configuration" - namespace: "ai-software-templates-dev" - -gitops: - gitSecretName: "github-secrets" - gitSecretKeyToken: "GITHUB_TOKEN" - gitSecretKeyAppId: "GITHUB_APP_APP_ID" - gitSecretKeyWebhookURL: "GITHUB_APP_WEBHOOK_URL" - gitSecretKeyWebhookSecret: "GITHUB_APP_WEBHOOK_SECRET" - gitSecretKeyPrivateKey: "GITHUB_APP_PRIVATE_KEY" - gitSecretKeyQuayDockerConfigJSON: "QUAY_DOCKERCONFIGJSON"