vrr/Pulse
2
0
Fork 0
mirror of https://github.com/rcourtman/Pulse.git synced 2026-05-10 03:51:54 +00:00
Code Issues Projects Releases Packages Wiki Activity Actions 1

Add Helm chart tooling, CI, and release packaging

Browse source
This commit is contained in:
Pulse Automation Bot 2025-10-18 11:50:57 +00:00
parent 6df3fa6ec5
commit c3becc5272
25 changed files with 1299 additions and 5 deletions
Download patch file Download diff file Expand all files Collapse all files

31
.github/workflows/README.md vendored
View file

@ -49,3 +49,34 @@ ssh pulse-relay "curl -fsSL https://raw.githubusercontent.com/rcourtman/Pulse/ma
- ✅ Validates install script works on real server
- ✅ Removes manual step from release process
- ✅ Free to run (public repos get unlimited GitHub Actions minutes)
## Helm CI
**File**: `helm-ci.yml`
Runs `helm lint --strict` and renders the chart with common configuration combinations on every pull request that touches Helm content (and on pushes to `main`). This prevents regressions before they land.
- Triggered by PRs/pushes touching `deploy/helm/**`, docs, or the workflow itself
- Uses Helm v3.15.2
- Renders both the default deployment and an agent-enabled configuration to catch template issues
## Publish Helm Chart
**File**: `publish-helm-chart.yml`
Packages the Helm chart and pushes it to the GitHub Container Registry (OCI) whenever a GitHub Release is published. Also makes the packaged `.tgz` available as both an Actions artifact and a release asset. The same behaviour can be triggered locally via `./scripts/package-helm-chart.sh <version> [--push]`.
- Triggered automatically on `release: published`, or manually via workflow dispatch (requires `chart_version` input)
- Chart and app versions mirror the Pulse release tag (e.g., `v4.24.0``4.24.0`)
- Publishes to `oci://ghcr.io/<owner>/pulse-chart`
- Requires no additional secrets—uses the built-in `GITHUB_TOKEN` with `packages: write` permission
## Helm Integration (Kind)
**File**: `helm-integration.yml`
Creates a disposable Kind cluster, installs the chart, waits for the hub deployment to report ready, and performs a `/health` smoke check from inside the cluster.
- Triggered alongside the lint workflow for PRs/pushes touching Helm content
- Disables persistence to keep the Kind cluster lightweight
- Provides early detection of runtime issues (missing secrets, invalid probes, etc.)

48
.github/workflows/helm-ci.yml vendored Normal file
View file

@ -0,0 +1,48 @@
name: Helm CI
on:
push:
branches: [main]
paths:
- "deploy/helm/**"
- ".github/workflows/helm-ci.yml"
- "docs/KUBERNETES.md"
- "README.md"
pull_request:
paths:
- "deploy/helm/**"
- ".github/workflows/helm-ci.yml"
- "docs/KUBERNETES.md"
- "README.md"
workflow_dispatch: {}
jobs:
lint:
name: Lint and Render Chart
runs-on: ubuntu-latest
steps:
- name: Checkout repository
uses: actions/checkout@v4
- name: Set up Helm
uses: azure/setup-helm@v4
with:
version: v3.15.2
- name: Helm lint (strict)
run: helm lint deploy/helm/pulse --strict
- name: Render default manifests
run: helm template pulse deploy/helm/pulse > /tmp/pulse-rendered.yaml
- name: Render agent-enabled manifests
run: |
helm template pulse deploy/helm/pulse \
--set agent.enabled=true \
--set agent.kind=Deployment \
--set agent.secretEnv.create=true \
--set agent.secretEnv.data.PULSE_TOKEN=dummy-token \
--set server.secretEnv.create=true \
--set server.secretEnv.data.API_TOKENS=dummy-token \
--set persistence.enabled=false \
> /tmp/pulse-agent-rendered.yaml

58
.github/workflows/helm-integration.yml vendored Normal file
View file

@ -0,0 +1,58 @@
name: Helm Integration
on:
push:
branches: [main]
paths:
- "deploy/helm/**"
- ".github/workflows/helm-*.yml"
- "docs/KUBERNETES.md"
- "README.md"
pull_request:
paths:
- "deploy/helm/**"
- ".github/workflows/helm-*.yml"
- "docs/KUBERNETES.md"
- "README.md"
workflow_dispatch: {}
jobs:
kind-smoke-test:
name: Deploy to Kind and Smoke Test
runs-on: ubuntu-latest
timeout-minutes: 15
steps:
- name: Checkout repository
uses: actions/checkout@v4
- name: Set up Helm
uses: azure/setup-helm@v4
with:
version: v3.15.2
- name: Create Kind cluster
uses: helm/kind-action@v1.8.0
with:
wait: 120s
- name: Install Pulse chart
run: |
helm upgrade --install pulse ./deploy/helm/pulse \
--namespace pulse \
--create-namespace \
--set persistence.enabled=false \
--set server.secretEnv.create=true \
--set server.secretEnv.data.API_TOKENS=dummy-token \
--wait \
--timeout 5m
- name: Verify deployment is available
run: kubectl -n pulse wait --for=condition=available deployment/pulse --timeout=120s
- name: Hit health endpoint from inside the cluster
run: |
kubectl -n pulse run smoke-test \
--rm \
--image=curlimages/curl:8.3.0 \
--restart=Never \
-- curl -fsS http://pulse:7655/health

92
.github/workflows/publish-helm-chart.yml vendored Normal file
View file

@ -0,0 +1,92 @@
name: Publish Helm Chart
on:
release:
types: [published]
workflow_dispatch:
inputs:
chart_version:
description: "Chart version (required when running manually, use format 4.24.0)"
required: true
app_version:
description: "Application version to embed (defaults to chart version)"
required: false
jobs:
publish:
name: Package and Push Helm Chart
runs-on: ubuntu-latest
permissions:
contents: read
packages: write
steps:
- name: Checkout repository
uses: actions/checkout@v4
- name: Set up Helm
uses: azure/setup-helm@v4
with:
version: v3.15.2
- name: Determine chart version
id: versions
run: |
if [ "${{ github.event_name }}" = "workflow_dispatch" ]; then
CHART_VERSION="${{ inputs.chart_version }}"
if [ -z "$CHART_VERSION" ]; then
echo "::error::chart_version input is required when running manually"
exit 1
fi
APP_VERSION="${{ inputs.app_version }}"
if [ -z "$APP_VERSION" ]; then
APP_VERSION="$CHART_VERSION"
fi
RELEASE_TAG="$CHART_VERSION"
else
RELEASE_TAG="${{ github.event.release.tag_name }}"
if [ -z "$RELEASE_TAG" ]; then
echo "::error::Release tag is empty"
exit 1
fi
CHART_VERSION="${RELEASE_TAG#v}"
APP_VERSION="$CHART_VERSION"
fi
echo "chart_version=$CHART_VERSION" >> "$GITHUB_OUTPUT"
echo "app_version=$APP_VERSION" >> "$GITHUB_OUTPUT"
echo "release_tag=$RELEASE_TAG" >> "$GITHUB_OUTPUT"
- name: Helm lint (strict)
run: helm lint deploy/helm/pulse --strict
- name: Package chart
run: |
mkdir -p dist
helm package deploy/helm/pulse \
--version "${{ steps.versions.outputs.chart_version }}" \
--app-version "${{ steps.versions.outputs.app_version }}" \
--destination dist
- name: Upload packaged chart artifact
uses: actions/upload-artifact@v4
with:
name: pulse-chart-${{ steps.versions.outputs.chart_version }}
path: dist/pulse-${{ steps.versions.outputs.chart_version }}.tgz
- name: Authenticate with GHCR
run: |
echo "${{ github.token }}" | helm registry login ghcr.io --username "${{ github.actor }}" --password-stdin
- name: Push chart to GHCR
run: |
helm push dist/pulse-${{ steps.versions.outputs.chart_version }}.tgz \
oci://ghcr.io/${{ github.repository_owner }}/pulse-chart
- name: Attach chart to release
if: github.event_name == 'release'
env:
GITHUB_TOKEN: ${{ github.token }}
run: |
gh release upload "${{ steps.versions.outputs.release_tag }}" \
dist/pulse-${{ steps.versions.outputs.chart_version }}.tgz \
--clobber