#!/bin/bash # # Copyright (c) 2018-2024 Wind River Systems, Inc. # # SPDX-License-Identifier: Apache-2.0 # # This script takes the names of packaged helm charts as arguments. # It installs them in the on-node helm chart repository and regenerates # the repository index. # We want to run as the "www" user and scripts can't be setuid. The # sudoers permissions are set up to allow sysadmin to run this script # as the "www" user without a password. WWW_ID=$(id -u www) if [ ${UID} -ne ${WWW_ID} ]; then exec sudo -u www -g www "$0" "$@" fi RETVAL=0 REINDEX=0 REPO_BASE='/var/www/pages/helm_charts' INDEX_FILENAME='index.yaml' # The 'check-only' optional parameter can be used to validate charts against the # repo without uploading them. # The 'upload-only' optional parameter can be used to upload charts bypassing the # preliminary checks. # If no optional parameters are passed then charts will be checked and uploaded if valid. # The repository name must be passed as a parameter preceding the charts. if [ $# -lt 2 ]; then echo "Usage: helm-upload .. " echo " helm-upload check-only .. " echo " helm-upload upload-only .. " exit 1 fi if [ "$1" = "check-only" ]; then RUN_CHECK=true RUN_UPLOAD=false REPO_DIR="${REPO_BASE}/$2" shift 2 elif [ "$1" = "upload-only" ]; then RUN_CHECK=false RUN_UPLOAD=true REPO_DIR="${REPO_BASE}/$2" shift 2 else RUN_CHECK=true RUN_UPLOAD=true REPO_DIR="${REPO_BASE}/$1" shift 1 fi # Make sure the repo directory exists if [ ! -e $REPO_DIR ]; then echo "$REPO_DIR doesn't exist." exit 1 fi declare -A CHARTS_INDEXED_BY_VERSION INDEX_PATH="${REPO_DIR}/${INDEX_FILENAME}" FOUND_NAME=false FOUND_URL=false # Build an array of repository charts indexed by their version while read -r LINE; do if [[ "$LINE" = *"name: "* ]]; then CHART_NAME=$(echo "$LINE" | cut -d " " -f 2) FOUND_NAME=true fi if [ "$FOUND_NAME" = true ] && [[ "$LINE" = "- "*.tgz ]]; then CHART_URL=$(echo "$LINE" | cut -d " " -f 2) FOUND_URL=true fi if [ "$FOUND_URL" = true ] && [[ "$LINE" = *"version: "* ]]; then FOUND_NAME=false FOUND_URL=false CHART_VERSION=$(echo "$LINE" | cut -d " " -f 2) CHART_FULL_NAME="${CHART_NAME}-${CHART_VERSION}" CHARTS_INDEXED_BY_VERSION["${CHART_FULL_NAME}"]="${REPO_DIR}/${CHART_URL}" fi done < "$INDEX_PATH" for FILE in "$@"; do IS_VALID=false if [[ -r $FILE && "${RUN_CHECK}" = true ]] ; then FOUND_NAME=false while read -r LINE; do if [[ "$LINE" = *"name: "* ]]; then INCOMING_CHART_NAME=$(echo "$LINE" | cut -d " " -f 2) FOUND_NAME=true fi if [ "$FOUND_NAME" = true ] && [[ "$LINE" = *"version: "* ]]; then INCOMING_CHART_VERSION=$(echo "$LINE" | cut -d " " -f 2) INCOMING_CHART="$INCOMING_CHART_NAME-$INCOMING_CHART_VERSION" break fi done <<< "$(helm show chart "$FILE")" # Check if the file already exists in the repository if [[ -v "CHARTS_INDEXED_BY_VERSION[$INCOMING_CHART]" ]] && diff <(tar -xOzf ${FILE} | sha256sum) <(tar -xOzf "${CHARTS_INDEXED_BY_VERSION[$INCOMING_CHART]}" | sha256sum) &>/dev/null; then echo "Chart ${INCOMING_CHART_NAME} (version ${INCOMING_CHART_VERSION}) already " \ "in the repository" RETVAL=2 elif [[ -v "CHARTS_INDEXED_BY_VERSION[$INCOMING_CHART]" ]]; then echo "A chart with a different content but same name (${INCOMING_CHART_NAME})" \ "and version (${INCOMING_CHART_VERSION}) already exists in the repository" RETVAL=3 else IS_VALID=true fi elif [[ ! -r $FILE ]]; then echo Cannot read file ${FILE}. RETVAL=1 fi if [[ -r $FILE && "${RUN_UPLOAD}" = true && ( "${RUN_CHECK}" = false || ( "${RUN_CHECK}" = true && "${IS_VALID}" = true ) ) ]]; then cp $FILE $REPO_DIR if [ $? -ne 0 ]; then echo Problem adding $FILE to helm chart registry. RETVAL=1 else REINDEX=1 fi elif [[ ! -r $FILE ]]; then echo Cannot read file ${FILE}. RETVAL=1 fi done # Now re-index the helm repository if we successfully copied in # any new charts. if [ $REINDEX -eq 1 ]; then /usr/sbin/helm repo index $REPO_DIR fi exit $RETVAL