feat: add git chart downloader / git getter

This is meant to be compatible with the [helm-git](https://github.com/aslafy-z/helm-git) plugin. The plugin has been reimplemented here since it relies on unsupported helm commands and since it doesn't build git charts as effective as khelm. khelm uses go-git to keep the image small and self-contained: the git binary would increase the container image size by 15m while using go-git increases the size by 3m only. However currently [go-git does not support sparse checkouts](go-git/go-git#90).
mgoltzsche · Oct 17, 2022 · 8506c41 · 8506c41
1 parent 4e163f7
commit 8506c41
Show file tree

Hide file tree

Showing 20 changed files with 751 additions and 19 deletions.
diff --git a/Dockerfile b/Dockerfile
@@ -1,4 +1,4 @@
-FROM alpine:3.15 AS khelm
+FROM alpine:3.16 AS khelm
 RUN apk update --no-cache
 RUN mkdir /helm && chown root:nobody /helm && chmod 1777 /helm
 ENV HELM_REPOSITORY_CONFIG=/helm/repository/repositories.yaml

diff --git a/README.md b/README.md
@@ -24,6 +24,7 @@ Since [kpt](https://github.com/GoogleContainerTools/kpt) is [published](https://
 * Automatically fetches and updates required repository index files when needed
 * Allows to automatically reload dependencies when lock file is out of sync
 * Allows to use any repository without registering it in repositories.yaml
+* Allows to use a Helm chart from a remote git repository
 * Allows to exclude certain resources from the Helm chart output
 * Allows to enforce namespace-scoped resources within the template output
 * Allows to enforce a namespace on all resources
@@ -212,10 +213,17 @@ khelm template cert-manager --version=0.9.x --repo=https://charts.jetstack.io
 _For all available options see the [table](#configuration-options) below._
 
 #### Docker usage example
+
+Generate a manifest from a chart:
 ```sh
 docker run mgoltzsche/khelm:latest template cert-manager --version=0.9.x --repo=https://charts.jetstack.io
 ```
 
+Generate a manifest from a chart within a git repository:
+```sh
+docker run mgoltzsche/khelm:latest template cert-manager --repo=git+https://github.com/cert-manager/cert-manager@deploy/charts?ref=v0.6.2
+```
+
 ### Go API
 
 The khelm Go API `github.com/mgoltzsche/khelm/v2/pkg/helm` provides a simple templating interface on top of the Helm Go API.
@@ -269,6 +277,20 @@ When running khelm as kpt function or within a container the `repositories.yaml`
 
 Unlike Helm khelm allows usage of any repository when `repositories.yaml` is not present or `--trust-any-repo` (env var `KHELM_TRUST_ANY_REPO`) is enabled.
 
+#### Git URLs as Helm repositories
+
+Helm charts can be fetched from git repositories by letting the Helm repository URL point to the chart's parent directory using the URL scheme `git+https` or `git+ssh`.
+The path within the git repository URL and the repository part of the URL must be separated by `@`.
+The `ref` parameter can be used to specify the git tag.  
+
+The following example points to an old version of cert-manager using a git URL:
+```
+git+https://github.com/cert-manager/cert-manager@deploy/charts?ref=v0.6.2
+```
+
+This feature is meant to be compatible with Helm's [helm-git](https://github.com/aslafy-z/helm-git#usage) plugin (but is reimplemented in Go).
+However currently khelm does not support `sparse` git checkouts (due to [lack of support in go-git](https://github.com/go-git/go-git/issues/90)).
+
 ## Helm support
 
 * Helm 2 is supported by the `v1` module version.

diff --git a/e2e/cli-tests.bats b/e2e/cli-tests.bats
@@ -1,5 +1,7 @@
 #!/usr/bin/env bats
 
+bats_require_minimum_version 1.5.0
+
 IMAGE=${IMAGE:-mgoltzsche/khelm:latest}
 EXAMPLE_DIR="$(pwd)/example"
 OUT_DIR="$(mktemp -d)"
@@ -20,6 +22,15 @@ teardown() {
 	grep -q myrelease "$OUT_DIR/subdir/manifest.yaml"
 }
 
+@test "CLI should reject repository when not in repositories.yaml and trust-any disabled" {
+	run -1 docker run --rm -u $(id -u):$(id -g) -v "$OUT_DIR:/out" -e KHELM_TRUST_ANY_REPO=false "$IMAGE" template cert-manager \
+		--name=myrelease \
+		--version 1.0.4 \
+		--repo https://charts.jetstack.io \
+		--output /out/subdir/manifest.yaml \
+		--debug
+}
+
 @test "CLI should output kustomization" {
 	docker run --rm -u $(id -u):$(id -g) -v "$OUT_DIR:/out" -v "$EXAMPLE_DIR/namespace:/chart" "$IMAGE" template /chart \
 		--output /out/kdir/ \
@@ -37,4 +48,37 @@ teardown() {
 		--debug
 	[ -f "$OUT_DIR/manifest.yaml" ]
 	grep -q myreleasex "$OUT_DIR/manifest.yaml"
-}
+}
+
+@test "CLI should accept git url as helm repository" {
+	docker run --rm -u $(id -u):$(id -g) -v "$OUT_DIR:/out" "$IMAGE" template cert-manager \
+		--repo git+https://github.com/cert-manager/cert-manager@deploy/charts?ref=v0.6.2 \
+		--output /out/manifest.yaml \
+		--debug
+	[ -f "$OUT_DIR/manifest.yaml" ]
+	grep -q ca-sync "$OUT_DIR/manifest.yaml"
+}
+
+@test "CLI should cache git repository" {
+	mkdir $OUT_DIR/cache
+	docker run --rm -u $(id -u):$(id -g) -v "$OUT_DIR:/out" -v "$OUT_DIR/cache:/helm/cache" "$IMAGE" template cert-manager \
+		--repo git+https://github.com/cert-manager/cert-manager@deploy/charts?ref=v0.6.2 \
+		--output /out/manifest.yaml \
+		--debug
+	[ -f "$OUT_DIR/manifest.yaml" ]
+	grep -q ca-sync "$OUT_DIR/manifest.yaml"
+	rm -f "$OUT_DIR/manifest.yaml"
+	docker run --rm -u $(id -u):$(id -g) -v "$OUT_DIR:/out" -v "$OUT_DIR/cache:/helm/cache" --network=none "$IMAGE" template cert-manager \
+		--repo git+https://github.com/cert-manager/cert-manager@deploy/charts?ref=v0.6.2 \
+		--output /out/manifest.yaml \
+		--debug
+	[ -f "$OUT_DIR/manifest.yaml" ]
+	grep -q ca-sync "$OUT_DIR/manifest.yaml"
+}
+
+@test "CLI should reject git repository when not in repositories.yaml and trust-any disabled" {
+	run -1 docker run --rm -u $(id -u):$(id -g) -v "$OUT_DIR:/out" -e KHELM_TRUST_ANY_REPO=false "$IMAGE" template cert-manager \
+		--repo git+https://github.com/cert-manager/cert-manager@deploy/charts?ref=v0.6.2 \
+		--output /out/manifest.yaml \
+		--debug
+}
diff --git a/example/git-https-dependency/Chart.lock b/example/git-https-dependency/Chart.lock
@@ -0,0 +1,6 @@
+dependencies:
+- name: cert-manager
+  repository: git+https://github.com/cert-manager/cert-manager@deploy/charts?ref=v0.6.2
+  version: v0.6.6
+digest: sha256:cd75b404696beff523a4297ba055389e9dd9e8214f47c668cfbf3f200ea41191
+generated: "2022-10-14T00:58:00.186187675+02:00"
diff --git a/example/git-https-dependency/Chart.yaml b/example/git-https-dependency/Chart.yaml
@@ -0,0 +1,8 @@
+apiVersion: v2
+description: example chart using a git url as dependency
+name: git-https-dependency
+version: 0.1.0
+dependencies:
+- name: cert-manager
+  version: "x.x.x"
+  repository: "git+https://github.com/cert-manager/cert-manager@deploy/charts?ref=v0.6.2"
diff --git a/example/git-https-dependency/generator.yaml b/example/git-https-dependency/generator.yaml
@@ -0,0 +1,6 @@
+apiVersion: khelm.mgoltzsche.github.com/v2
+kind: ChartRenderer
+metadata:
+  name: cert-manager
+  namespace: cert-manager
+chart: .
diff --git a/example/git-https-dependency/kustomization.yaml b/example/git-https-dependency/kustomization.yaml
@@ -0,0 +1,2 @@
+generators:
+- generator.yaml
diff --git a/go.mod b/go.mod
@@ -4,6 +4,7 @@ go 1.18
 
 require (
 	github.com/Masterminds/semver/v3 v3.1.1
+	github.com/go-git/go-git/v5 v5.4.2
 	github.com/pkg/errors v0.9.1
 	github.com/spf13/cobra v1.5.0
 	github.com/stretchr/testify v1.8.0
@@ -27,8 +28,11 @@ require (
 	github.com/Masterminds/goutils v1.1.1 // indirect
 	github.com/Masterminds/sprig/v3 v3.2.2 // indirect
 	github.com/Masterminds/squirrel v1.5.3 // indirect
+	github.com/Microsoft/go-winio v0.5.1 // indirect
+	github.com/ProtonMail/go-crypto v0.0.0-20210428141323-04723f9f07d7 // indirect
 	github.com/PuerkitoBio/purell v1.1.1 // indirect
 	github.com/PuerkitoBio/urlesc v0.0.0-20170810143723-de5bf2ad4578 // indirect
+	github.com/acomagu/bufpipe v1.0.3 // indirect
 	github.com/asaskevich/govalidator v0.0.0-20200428143746-21a406dcc535 // indirect
 	github.com/beorn7/perks v1.0.1 // indirect
 	github.com/cespare/xxhash/v2 v2.1.2 // indirect
@@ -44,10 +48,13 @@ require (
 	github.com/docker/go-metrics v0.0.1 // indirect
 	github.com/docker/go-units v0.4.0 // indirect
 	github.com/emicklei/go-restful/v3 v3.8.0 // indirect
+	github.com/emirpasic/gods v1.12.0 // indirect
 	github.com/evanphx/json-patch v5.6.0+incompatible // indirect
 	github.com/exponent-io/jsonpath v0.0.0-20151013193312-d6023ce2651d // indirect
 	github.com/fatih/color v1.13.0 // indirect
 	github.com/go-errors/errors v1.0.1 // indirect
+	github.com/go-git/gcfg v1.5.0 // indirect
+	github.com/go-git/go-billy/v5 v5.3.1 // indirect
 	github.com/go-gorp/gorp/v3 v3.0.2 // indirect
 	github.com/go-logr/logr v1.2.3 // indirect
 	github.com/go-openapi/jsonpointer v0.19.5 // indirect
@@ -68,9 +75,11 @@ require (
 	github.com/huandu/xstrings v1.3.2 // indirect
 	github.com/imdario/mergo v0.3.12 // indirect
 	github.com/inconshreveable/mousetrap v1.0.0 // indirect
+	github.com/jbenet/go-context v0.0.0-20150711004518-d14ea06fba99 // indirect
 	github.com/jmoiron/sqlx v1.3.5 // indirect
 	github.com/josharian/intern v1.0.0 // indirect
 	github.com/json-iterator/go v1.1.12 // indirect
+	github.com/kevinburke/ssh_config v0.0.0-20201106050909-4977a11b4351 // indirect
 	github.com/klauspost/compress v1.13.6 // indirect
 	github.com/lann/builder v0.0.0-20180802200727-47ae307949d0 // indirect
 	github.com/lann/ps v0.0.0-20150810152359-62de8c46ede0 // indirect
@@ -82,6 +91,7 @@ require (
 	github.com/mattn/go-runewidth v0.0.9 // indirect
 	github.com/matttproud/golang_protobuf_extensions v1.0.2-0.20181231171920-c182affec369 // indirect
 	github.com/mitchellh/copystructure v1.2.0 // indirect
+	github.com/mitchellh/go-homedir v1.1.0 // indirect
 	github.com/mitchellh/go-wordwrap v1.0.0 // indirect
 	github.com/mitchellh/reflectwalk v1.0.2 // indirect
 	github.com/moby/locker v1.0.1 // indirect
@@ -102,10 +112,12 @@ require (
 	github.com/prometheus/procfs v0.7.3 // indirect
 	github.com/rubenv/sql-migrate v1.1.2 // indirect
 	github.com/russross/blackfriday v1.5.2 // indirect
+	github.com/sergi/go-diff v1.1.0 // indirect
 	github.com/shopspring/decimal v1.2.0 // indirect
 	github.com/sirupsen/logrus v1.8.1 // indirect
 	github.com/spf13/cast v1.4.1 // indirect
 	github.com/spf13/pflag v1.0.5 // indirect
+	github.com/xanzy/ssh-agent v0.3.0 // indirect
 	github.com/xeipuuv/gojsonpointer v0.0.0-20180127040702-4e3ac2762d5f // indirect
 	github.com/xeipuuv/gojsonreference v0.0.0-20180127040603-bd5ef7bd5415 // indirect
 	github.com/xeipuuv/gojsonschema v1.2.0 // indirect
@@ -125,6 +137,7 @@ require (
 	google.golang.org/grpc v1.47.0 // indirect
 	google.golang.org/protobuf v1.28.0 // indirect
 	gopkg.in/inf.v0 v0.9.1 // indirect
+	gopkg.in/warnings.v0 v0.1.2 // indirect
 	gopkg.in/yaml.v2 v2.4.0 // indirect
 	k8s.io/api v0.25.2 // indirect
 	k8s.io/apiextensions-apiserver v0.25.2 // indirect