mongodb additional config #21
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| name: Validate Charts | |
| on: | |
| pull_request: | |
| branches: [main] | |
| paths: | |
| - 'charts/**' | |
| - 'profiles/**' | |
| - 'environments/**' | |
| - 'helmfile.yaml.gotmpl' | |
| concurrency: | |
| group: validate-${{ github.head_ref }} | |
| cancel-in-progress: true | |
| permissions: {} | |
| env: | |
| FORCE_JAVASCRIPT_ACTIONS_TO_NODE24: true | |
| jobs: | |
| lint: | |
| name: Lint Charts | |
| runs-on: ubuntu-latest | |
| timeout-minutes: 5 | |
| permissions: | |
| contents: read | |
| steps: | |
| - uses: actions/checkout@v5 | |
| - name: Install Helm | |
| uses: azure/setup-helm@v4 | |
| with: | |
| version: v3.17.0 | |
| - name: Build chart dependencies | |
| run: | | |
| for chart in charts/*/; do | |
| if grep -q '^dependencies:' "${chart}Chart.yaml" 2>/dev/null; then | |
| echo "Building dependencies for $(basename "${chart}")..." | |
| helm dependency build "${chart}" | |
| fi | |
| done | |
| - name: Lint all charts | |
| run: | | |
| exit_code=0 | |
| for chart in charts/*/; do | |
| echo "::group::Linting $(basename "${chart}")..." | |
| helm lint "${chart}" --strict || exit_code=1 | |
| echo "::endgroup::" | |
| done | |
| exit $exit_code | |
| template: | |
| name: Template Render | |
| runs-on: ubuntu-latest | |
| timeout-minutes: 5 | |
| permissions: | |
| contents: read | |
| steps: | |
| - uses: actions/checkout@v5 | |
| - name: Install Helm | |
| uses: azure/setup-helm@v4 | |
| with: | |
| version: v3.17.0 | |
| - name: Build chart dependencies | |
| run: | | |
| for chart in charts/*/; do | |
| if grep -q '^dependencies:' "${chart}Chart.yaml" 2>/dev/null; then | |
| echo "Building dependencies for $(basename "${chart}")..." | |
| helm dependency build "${chart}" | |
| fi | |
| done | |
| - name: Template render all charts | |
| run: | | |
| exit_code=0 | |
| for chart in charts/*/; do | |
| chart_name=$(basename "${chart}") | |
| echo "::group::Rendering ${chart_name}..." | |
| # provide dummy secrets so helm template can render without a cluster | |
| case "${chart_name}" in | |
| countly) | |
| helm template test-release "${chart}" \ | |
| --set secrets.common.encryptionReportsKey=test \ | |
| --set secrets.common.webSessionSecret=test \ | |
| --set secrets.common.passwordSecret=test \ | |
| --set secrets.clickhouse.password=test \ | |
| --set secrets.mongodb.password=test \ | |
| > /dev/null || exit_code=1 | |
| ;; | |
| countly-clickhouse) | |
| helm template test-release "${chart}" \ | |
| --set auth.defaultUserPassword.password=test \ | |
| > /dev/null || exit_code=1 | |
| ;; | |
| countly-kafka) | |
| helm template test-release "${chart}" \ | |
| --set kafkaConnect.clickhouse.password=test \ | |
| > /dev/null || exit_code=1 | |
| ;; | |
| countly-mongodb) | |
| helm template test-release "${chart}" \ | |
| --set users.admin.password=test \ | |
| --set users.app.password=test \ | |
| --set users.metrics.password=test \ | |
| > /dev/null || exit_code=1 | |
| ;; | |
| countly-cluster-secret-store) | |
| helm template test-release "${chart}" \ | |
| --set secretStore.secretManagerProjectID=test-project \ | |
| --set secretStore.clusterProjectID=test-cluster-project \ | |
| --set secretStore.clusterName=test-cluster \ | |
| --set secretStore.clusterLocation=test-location \ | |
| > /dev/null || exit_code=1 | |
| ;; | |
| countly-migration) | |
| helm template test-release "${chart}" \ | |
| --set backingServices.mongodb.password=test \ | |
| --set backingServices.clickhouse.password=test \ | |
| > /dev/null || exit_code=1 | |
| ;; | |
| *) | |
| helm template test-release "${chart}" > /dev/null || exit_code=1 | |
| ;; | |
| esac | |
| echo "::endgroup::" | |
| done | |
| exit $exit_code | |
| profile-validate: | |
| name: Validate Profiles | |
| runs-on: ubuntu-latest | |
| timeout-minutes: 3 | |
| permissions: | |
| contents: read | |
| steps: | |
| - uses: actions/checkout@v5 | |
| - name: Validate profile paths | |
| run: | | |
| exit_code=0 | |
| # Sizing profiles — every chart should have a file for each size | |
| for size in local small production; do | |
| for chart in countly mongodb clickhouse kafka observability; do | |
| path="profiles/sizing/${size}/${chart}.yaml" | |
| if [ ! -f "${path}" ]; then | |
| echo "::warning::Missing sizing profile: ${path}" | |
| fi | |
| done | |
| done | |
| # Observability profiles — helmfile references observability.yaml, countly.yaml, kafka.yaml per mode | |
| for mode in disabled full external external-grafana; do | |
| for file in observability.yaml countly.yaml kafka.yaml; do | |
| path="profiles/observability/${mode}/${file}" | |
| if [ ! -f "${path}" ]; then | |
| echo "::error::Missing observability profile: ${path}" | |
| exit_code=1 | |
| fi | |
| done | |
| done | |
| # Kafka-connect profiles | |
| for mode in throughput balanced low-latency; do | |
| path="profiles/kafka-connect/${mode}/kafka.yaml" | |
| if [ ! -f "${path}" ]; then | |
| echo "::error::Missing kafka-connect profile: ${path}" | |
| exit_code=1 | |
| fi | |
| done | |
| # TLS profiles | |
| for mode in none letsencrypt provided selfSigned; do | |
| path="profiles/tls/${mode}/countly.yaml" | |
| if [ ! -f "${path}" ]; then | |
| echo "::error::Missing TLS profile: ${path}" | |
| exit_code=1 | |
| fi | |
| done | |
| # Security profiles | |
| for mode in open hardened; do | |
| for chart in countly mongodb clickhouse kafka observability; do | |
| path="profiles/security/${mode}/${chart}.yaml" | |
| if [ ! -f "${path}" ]; then | |
| echo "::error::Missing security profile: ${path}" | |
| exit_code=1 | |
| fi | |
| done | |
| done | |
| exit $exit_code | |
| version-check: | |
| name: Version Consistency | |
| runs-on: ubuntu-latest | |
| timeout-minutes: 2 | |
| permissions: | |
| contents: read | |
| steps: | |
| - uses: actions/checkout@v5 | |
| - name: Check Chart.yaml versions | |
| run: | | |
| for chart in charts/*/Chart.yaml; do | |
| chart_name=$(basename "$(dirname "${chart}")") | |
| version=$(grep '^version:' "${chart}" | awk '{print $2}' | tr -d '"'"'") | |
| if [ -z "${version}" ]; then | |
| echo "::error::Missing version in ${chart}" | |
| exit 1 | |
| fi | |
| echo "${chart_name}: v${version}" | |
| done |