Get it
This commit is contained in:
parent
d303eddf44
commit
9abc83b022
|
@ -0,0 +1,30 @@
|
||||||
|
FROM argoproj/argocd:v1.8.3 as base
|
||||||
|
|
||||||
|
ARG HELM_SECRETS_VERSION="3.4.1"
|
||||||
|
USER root
|
||||||
|
RUN apt-get update --allow-insecure-repositories --allow-unauthenticated && \
|
||||||
|
apt-get install -y \
|
||||||
|
curl \
|
||||||
|
gpg && \
|
||||||
|
apt-get clean && \
|
||||||
|
rm -rf /var/lib/apt/lists/* /tmp/* /var/tmp/*
|
||||||
|
|
||||||
|
FROM mozilla/sops:v3.6.1 as sops
|
||||||
|
# better to grab from the docker image, even though it seems crazy, it's so renovate can give us PRs!
|
||||||
|
|
||||||
|
FROM base as addwrapper
|
||||||
|
COPY helm-wrapper.sh /usr/local/bin/
|
||||||
|
COPY --from=sops /go/bin/sops /usr/local/bin/
|
||||||
|
USER root
|
||||||
|
RUN cd /usr/local/bin && \
|
||||||
|
mv helm helm.bin && \
|
||||||
|
mv helm2 helm2.bin && \
|
||||||
|
mv helm-wrapper.sh helm && \
|
||||||
|
ln helm helm2 && \
|
||||||
|
chmod +x helm helm2 sops
|
||||||
|
|
||||||
|
FROM addwrapper
|
||||||
|
# helm secrets plugin should be installed as user argocd or it won't be found
|
||||||
|
USER argocd
|
||||||
|
RUN /usr/local/bin/helm.bin plugin install https://github.com/jkroepke/helm-secrets --version ${HELM_SECRETS_VERSION}
|
||||||
|
ENV HELM_PLUGINS="/home/argocd/.local/share/helm/plugins/"
|
|
@ -0,0 +1,15 @@
|
||||||
|
- name: publish
|
||||||
|
image: plugins/docker:18
|
||||||
|
settings:
|
||||||
|
auto_tag: true
|
||||||
|
auto_tag_suffix: linux-amd64
|
||||||
|
dockerfile: build/package/Dockerfile
|
||||||
|
repo: imartyn/ledcontroller
|
||||||
|
username:
|
||||||
|
from_secret: docker_username
|
||||||
|
password:
|
||||||
|
from_secret: docker_password
|
||||||
|
when:
|
||||||
|
event:
|
||||||
|
- push
|
||||||
|
- tag
|
|
@ -0,0 +1,22 @@
|
||||||
|
# helm secrets only supports a few helm commands
|
||||||
|
if [ $1 = "template" ] || [ $1 = "install" ] || [ $1 = "upgrade" ] || [ $1 = "lint" ] || [ $1 = "diff" ]
|
||||||
|
then
|
||||||
|
# Helm secrets add some useless outputs to every commands including template, namely
|
||||||
|
# 'remove: <secret-path>.dec' for every decoded secrets.
|
||||||
|
# As argocd use helm template output to compute the resources to apply, these outputs
|
||||||
|
# will cause a parsing error from argocd, so we need to remove them.
|
||||||
|
# We cannot use exec here as we need to pipe the output so we call helm in a subprocess and
|
||||||
|
# handle the return code ourselves.
|
||||||
|
out=$(helm.bin secrets $@)
|
||||||
|
code=$?
|
||||||
|
if [ $code -eq 0 ]; then
|
||||||
|
# printf insted of echo here because we really don't want any backslash character processing
|
||||||
|
printf '%s\n' "$out" | sed -E "/^removed '.+\.dec'$/d"
|
||||||
|
exit 0
|
||||||
|
else
|
||||||
|
exit $code
|
||||||
|
fi
|
||||||
|
else
|
||||||
|
# helm.bin is the original helm binary
|
||||||
|
exec helm.bin $@
|
||||||
|
fi
|
Loading…
Reference in New Issue