Skip to content

Add console-backend-rbac Helm chart and update chart structure #403

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Merged
thokra-nav merged 3 commits into from
Apr 17, 2026
Merged

Add console-backend-rbac Helm chart and update chart structure #403

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
3 commits
Select commit Hold shift + click to select a range
69b2ebb
Add console-backend-rbac Helm chart and update chart structure
thokra-nav Apr 17, 2026
256fda7
Set permission for github token
thokra-nav Apr 17, 2026
bb38df4
Move permission to root
thokra-nav Apr 17, 2026
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
72 changes: 72 additions & 0 deletions .github/workflows/console-backend-rbac-chart.yaml
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -0,0 +1,72 @@
name: Build and push chart console-backend-rbac
on:
push:
branches:
- main
paths:
- charts/console-backend-rbac/**
- .github/workflows/console-backend-rbac-chart.yaml

permissions:
contents: read

env:
NAME: console-backend-rbac
IMAGE_REPOSITORY: oci://europe-north1-docker.pkg.dev/nais-io/nais

jobs:
lint:
name: Lint
runs-on: ubuntu-latest
steps:
- uses: actions/checkout@v6
- uses: jdx/mise-action@v4
- run: helm lint --strict charts/console-backend-rbac

build_push:
needs:
- lint
permissions:
contents: read
id-token: write
if: github.triggering_actor != 'dependabot[bot]'
name: Build and push
runs-on: ubuntu-latest
outputs:
version: ${{ steps.version.outputs.version }}
steps:
- uses: actions/checkout@v6
- uses: jdx/mise-action@v4
- name: Generate version
id: version
run: echo "version=$(TZ='Europe/Oslo' date +'%Y-%m-%d-%H%M%S')-$(git rev-parse --short HEAD)" >> $GITHUB_OUTPUT
- name: Authenticate to Google Cloud
id: auth
uses: google-github-actions/auth@v3
with:
workload_identity_provider: ${{ secrets.NAIS_IO_WORKLOAD_IDENTITY_PROVIDER }}
service_account: gh-api@nais-io.iam.gserviceaccount.com
token_format: access_token
- name: Login to Google Artifact Registry
run: echo "${{ steps.auth.outputs.access_token }}" | helm registry login europe-north1-docker.pkg.dev --username oauth2accesstoken --password-stdin
- name: Build Chart
run: |-
sed -i "s/^version: .*/version: ${{ steps.version.outputs.version }}/g" charts/console-backend-rbac/Chart.yaml
cat charts/console-backend-rbac/Chart.yaml
helm package charts/console-backend-rbac
- name: Push Chart
run: helm push ${{ env.NAME }}*.tgz ${{ env.IMAGE_REPOSITORY }}

rollout:
needs:
- lint
- build_push
runs-on: fasit-deploy
if: github.ref == 'refs/heads/main'
permissions:
id-token: write
steps:
- uses: nais/fasit-deploy@v2 # ratchet:exclude
with:
chart: ${{ env.IMAGE_REPOSITORY }}/${{ env.NAME }}
version: ${{ needs.build_push.outputs.version }}
8 changes: 4 additions & 4 deletions .github/workflows/main.yaml
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -36,7 +36,7 @@ jobs:
with:
key: lint
restore-keys: test
- run: helm lint --strict ./charts
- run: helm lint --strict ./charts/*
- run: mise run check:staticcheck
- run: mise run check:vulncheck
- name: Check code format and run code generators
Expand Down Expand Up @@ -74,9 +74,9 @@ jobs:
push: true
- name: Build Chart
run: |-
sed -i "s/^version: .*/version: ${{ steps.build-push-sign.outputs.version }}/g" charts/Chart.yaml
cat charts/Chart.yaml
helm package charts
sed -i "s/^version: .*/version: ${{ steps.build-push-sign.outputs.version }}/g" charts/nais-api/Chart.yaml
cat charts/nais-api/Chart.yaml
helm package charts/nais-api
- name: Push Chart
run: |-
helm push ${{ env.NAME }}*.tgz ${{ env.IMAGE_REPOSITORY }}
Expand Down
2 changes: 1 addition & 1 deletion .mise-tasks/check/helm-lint
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -3,4 +3,4 @@

set -e

helm lint --strict ./charts
helm lint --strict ./charts/*
23 changes: 23 additions & 0 deletions charts/console-backend-rbac/.helmignore
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -0,0 +1,23 @@
# Patterns to ignore when building packages.
# This supports shell glob matching, relative path matching, and
# negation (prefixed with !). Only one pattern per line.
.DS_Store
# Common VCS dirs
.git/
.gitignore
.bzr/
.bzrignore
.hg/
.hgignore
.svn/
# Common backup files
*.swp
*.bak
*.tmp
*.orig
*~
# Various IDEs
.project
.idea/
*.tmproj
.vscode/
7 changes: 7 additions & 0 deletions charts/console-backend-rbac/Chart.yaml
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -0,0 +1,7 @@
apiVersion: v2
name: console-backend-rbac
description: ClusterRole and ClusterRoleBinding for console-backend
type: application
version: 0.1.1
sources:
- https://github.com/nais/api/tree/main/charts/console-backend-rbac
8 changes: 8 additions & 0 deletions charts/console-backend-rbac/Feature.yaml
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -0,0 +1,8 @@
environmentKinds:
- tenant
- onprem
values:
managementProjectID:
displayName: Management Project ID
computed:
template: "{{ .Management.project_id }}"
Loading
Loading