Get it

2021-02-05 13:35:17 +01:00 · 2021-02-05 13:35:17 +01:00 · 9abc83b022
parent d303eddf44
commit 9abc83b022
3 changed files with 67 additions and 0 deletions
--- a/30
+++ b/30
@ -0,0 +1,30 @@
+FROM argoproj/argocd:v1.8.3 as base
+
+ARG HELM_SECRETS_VERSION="3.4.1" 
+USER root  
+RUN apt-get update  --allow-insecure-repositories --allow-unauthenticated && \
+    apt-get install -y \
+    curl \
+    gpg && \
+    apt-get clean && \
+    rm -rf /var/lib/apt/lists/* /tmp/* /var/tmp/* 
+    
+FROM mozilla/sops:v3.6.1 as sops
+# better to grab from the docker image, even though it seems crazy, it's so renovate can give us PRs!
+
+FROM base as addwrapper
+COPY helm-wrapper.sh /usr/local/bin/
+COPY --from=sops /go/bin/sops /usr/local/bin/
+USER root
+RUN cd /usr/local/bin && \
+    mv helm helm.bin && \
+    mv helm2 helm2.bin && \
+    mv helm-wrapper.sh helm && \
+    ln helm helm2 && \
+    chmod +x helm helm2 sops
+
+FROM addwrapper
+# helm secrets plugin should be installed as user argocd or it won't be found
+USER argocd
+RUN /usr/local/bin/helm.bin plugin install https://github.com/jkroepke/helm-secrets --version ${HELM_SECRETS_VERSION}
+ENV HELM_PLUGINS="/home/argocd/.local/share/helm/plugins/"
--- a/drone.yml
+++ b/drone.yml
@ -0,0 +1,15 @@
+- name: publish
+  image: plugins/docker:18
+  settings:
+    auto_tag: true
+    auto_tag_suffix: linux-amd64
+    dockerfile: build/package/Dockerfile
+    repo: imartyn/ledcontroller
+    username:
+      from_secret: docker_username
+    password:
+      from_secret: docker_password
+    when:
+      event:
+      - push
+      - tag
--- a/helm-wrapper.sh
+++ b/helm-wrapper.sh
@ -0,0 +1,22 @@
+# helm secrets only supports a few helm commands
+if [ $1 = "template" ] || [ $1 = "install" ] || [ $1 = "upgrade" ] || [ $1 = "lint" ] || [ $1 = "diff" ]
+then 
+    # Helm secrets add some useless outputs to every commands including template, namely
+    # 'remove: <secret-path>.dec' for every decoded secrets.
+    # As argocd use helm template output to compute the resources to apply, these outputs
+    # will cause a parsing error from argocd, so we need to remove them.
+    # We cannot use exec here as we need to pipe the output so we call helm in a subprocess and
+    # handle the return code ourselves.
+    out=$(helm.bin secrets $@) 
+    code=$? 
+    if [ $code -eq 0 ]; then
+        # printf insted of echo here because we really don't want any backslash character processing
+        printf '%s\n' "$out" | sed -E "/^removed '.+\.dec'$/d"      
+        exit 0
+    else
+        exit $code
+    fi
+else
+    # helm.bin is the original helm binary
+    exec helm.bin $@
+fi