/sysdig-charts

The official source for Sysdig’s Helm charts

Primary LanguageMustache

Sysdig Helm Charts

This GitHub repository is the official source for Sysdig's Helm charts.

For instructions about how to install charts from this repository, visit the public website at https://charts.sysdig.com


Contribute

contribute

Development

How to make changes to an existing chart without publishing

If you make changes to an existing chart, but do not change its version, nothing new will be published to the charts repository.

Add a new chart

To add a new chart, create a directory inside charts with it contents at main branch.

When you commit it, it will be picked up by the GitHub action, and if it contains a chart and version that doesn't already exist in the charts repository, a new release with the package for the chart will be published on the GitHub repository, and the list of all charts at index.yaml on gh-pages branch will be updated on the charts repository.

Please remind to include the new chart also in .github/workflows/helm-unit-test.yaml and .github/workflows/k8s-apis-deprecation.yml.

Add tests

Currently, two types of tests are available:


Pull Requests

Comply with requirements

Checklist to comply-with when doing the PR

  • Title of the PR starts with type and scope
    • In order to automatically generate a meaningful changelog PR titles must respect the following rules (the same title must be used when merging it)
    • A Type and Scope should always be present. check Conventional Commits ex.:feat(agent,node-analyzer,sysdig-deploy): add automated changelogs
  • Chart Version bumped
  • Variables are documented in the README.md (or README.tpl in some charts)
  • Check GithubAction checks (run pre-commit) to avoid merge-check stoppers
  • Changelogs and Release Notes are automated based on the commit messages using git-chglog

Comply with GithubAction Checks

Several checks are tested before a PR is merged. Make sure to fail-fast on your local, before committing, with pre-commit plugin, configured in /.pre-commit-config.yaml, to automate this step, and validate/detect the issues when committing from your local.

Some current checks:

  • lint checks, running
  • docs autogeneration, based on values.yaml. this does only apply to charts with README.tpl templates (ex.: admission-controller)
  • unit-test, which will call unit-tets

Changelog

Extended Changelog

If necessary it is possible to add extended details to a changelog entry by adding a special section in the commit body.

The custom section must start with Extended Changelog:, in order to instruct the rendering engine to stop and avoid capturing things like Signed-off-by: it is possible to add @@__CHGLOG_DELIMITER__@@ at the end of the section.

Example with Signed-off-by

Extended Changelog: Fixed 21 CVEs in total, the ones with high or critical severity are:
            * CVE-2022-1941
            * CVE-2022-1996
@@__CHGLOG_DELIMITER__@@

Signed-off-by: someone@sysdig.com

NOTE: Do not add the delimiter @@__CHGLOG_DELIMITER__@@ at the end of the commit body as it will cause an error.

Example without Signed-off-by

Extended Changelog: Fixed 21 CVEs in total, the ones with high or critical severity are:
            * CVE-2022-1941
            * CVE-2022-1996

NOTE: While merging a PR with Squash & Merge the Extended Changelog section must be manually added to the body or the workflow won't be able to process it.

Manual Changelog

Although not usually recommended it is possible to manually add a changelog entry, the ci does a simple grep in the CHANGELOG.md file and if the version being released is already present it will skip adding a new entry.

GithubPages / Documentation

https://charts.sysdig.com is managed through GithubPages action, .github/workflows/release.yml will merge each charts/*/README.md into the gh-pages branch.


Release

Publishing a new version of a chart

TL;DR: When a commit to main includes a new version of a chart, a GitHub action will make it available on the charts repository.

With each commit to main, a GitHub action will compare all charts versions at the charts folder on main branch with published versions at the index.yaml chart list on gh-pages branch.

When it detects that the version in the folder doesn't exist in index.yaml, it will create a release with the packaged chart content on the GitHub repository, and update index.yaml to include it on the charts repository.

index.yaml is accesible from https://sysdiglabs.github.io/charts/index.yaml and is the list of all charts and their versions available when you interact with the charts repository using Helm.

The packaged referenced in index.yaml, when it's updated using the GitHub action, will link for download to the URL provided by the GitHub repository release files.


More informations

You can find more information at: