Continuous Integration

Each Kubitus App includes a CI template from apps/common, with the following jobs:

• commitlint
• kubitus-helm-ci
• test e2e (and cleanup e2e)
• kubitus-sync-images 1 to 6
• trivy images
• trivy config
• release

kubitus-helm-ci

This job ensures a good quality level of Helm charts:

• For each included chart (in charts/* directories):
  • charts/<chart>/values.schema.json should exists
  • charts/<chart>/values.schema.json should be strict (using additionalProperties=false for example)
  • An empty charts/<chart>/ci/empty-values.yaml file is created
  • For each charts/<chart>/ci/<values>-values.yaml:
    • the chart is tested against this values file, using helm template and helm lint
    • if a corresponding golden file is found (charts/<chart>/ci/<values>-golden.yaml), the result should exactly match
  • helm-docs is called, and the generated README.md should match the version in the Git repository.
• Files in directory charts matching pattern *.tgz are forbidden.
• a list of images images.list is created by extracting image from computed resources and from ci/*.gitlab-ci.yml
• a list of image repositories image-repositories.list is created from images.list. This file should match the version in the Git repository
• Both generated images.list and image-repositories.list should match commited versions
• All images should contain a digest (there are exceptions for the common repository)
• for each patches/*.patch, patch is checked to be already applied (with --strip=1)
• yamllint is called