Add repository config option for private repositories

[SimKev2]

Closes #922

What we are trying to do

Usage of private Helm repositories right now requires the credentials to be stored in the chartfile.yaml. This leads to issues described in the linked issue where different users usually have different credentials, and those credentials you probably don't want to commit to version control. Helm has a repositories.yaml file that is updated when you run helm repo add where it stores your user-supplied credentials to any private repository. This file has a similar layout to the repositories section in the chartfile.yaml

# repositories.yaml
apiVersion: ""
generated: "0001-01-01T00:00:00Z"
repositories:
- caFile: ""
  certFile: ""
  insecure_skip_tls_verify: false
  keyFile: ""
  name: simkev2
  pass_credentials_all: false
  password: <generated token>
  url: https://raw.githubusercontent.com/SimKev2/charts/main/stable/
  username: <generated token>

It would be good to provide users an option to use this existing helm config file with their tanka commands to manage helm charts.

Testing

Currently you can add the chart but it has errors vendoring:

$ tk tool charts add simkev2/[email protected]:1.2.0
{"level":"info","time":"2024-04-19T10:01:20-05:00","message":"Adding 1 Charts ..."}
{"level":"info","time":"2024-04-19T10:01:20-05:00","message":"OK: simkev2/[email protected]:1.2.0"}
{"level":"info","time":"2024-04-19T10:01:20-05:00","message":"Added 1 Charts to helmfile.yaml. Vendoring ..."}
{"level":"info","time":"2024-04-19T10:01:20-05:00","message":"Vendoring..."}
{"level":"info","time":"2024-04-19T10:01:20-05:00","message":"Syncing Repositories ..."}
{"level":"info","time":"2024-04-19T10:01:20-05:00","message":"Pulling Charts ..."}
Error: repository "simkev2" not found for chart "simkev2/nginx-ingress"

$ tk tool charts vendor
{"level":"info","time":"2024-04-19T10:01:45-05:00","message":"Vendoring..."}
{"level":"info","time":"2024-04-19T10:01:45-05:00","message":"Syncing Repositories ..."}
{"level":"info","time":"2024-04-19T10:01:46-05:00","message":"Pulling Charts ..."}
Error: repository "simkev2" not found for chart "simkev2/nginx-ingress"

After these changes I can specify my helm config file and it works:

$ ../../../../../go/src/github.com/grafana/tanka/tk tool charts add --repository-config $HOME/Library/Preferences/helm/repositories.yaml simkev2/[email protected]:1.2.0
{"level":"info","time":"2024-04-19T10:02:51-05:00","message":"Adding 1 Charts ..."}
{"level":"info","time":"2024-04-19T10:02:51-05:00","message":"OK: simkev2/[email protected]:1.2.0"}
{"level":"info","time":"2024-04-19T10:02:51-05:00","message":"Added 1 Charts to helmfile.yaml. Vendoring ..."}
{"level":"info","time":"2024-04-19T10:02:51-05:00","message":"Vendoring..."}
{"level":"info","time":"2024-04-19T10:02:51-05:00","message":"Syncing Repositories ..."}
{"level":"info","time":"2024-04-19T10:02:51-05:00","message":"Pulling Charts ..."}
{"level":"info","time":"2024-04-19T10:02:51-05:00","message":"simkev2/[email protected] downloaded"}

$ rm -rf charts/1.2.0/
$ ../../../../../go/src/github.com/grafana/tanka/tk tool charts vendor --repository-config $HOME/Library/Preferences/helm/repositories.yaml
{"level":"info","time":"2024-04-19T10:03:27-05:00","message":"Vendoring..."}
{"level":"info","time":"2024-04-19T10:03:27-05:00","message":"fluxcd-community/[email protected] (dir: 2.12.4) exists"}
{"level":"info","time":"2024-04-19T10:03:27-05:00","message":"Syncing Repositories ..."}
{"level":"info","time":"2024-04-19T10:03:27-05:00","message":"Pulling Charts ..."}
{"level":"info","time":"2024-04-19T10:03:28-05:00","message":"simkev2/[email protected] downloaded"}

Questions for Discussion

2 questions I have for these changes

1. Is there a better way to share repository-config flag between the Add and Vendor commands? I see the log-level option uses the addCommandsWithLogLevelOption function, but I don't believe I can run the function through a helper function like that twice? And having a helper function that adds the repo config option and then calls that seemed weird to me.

2. Should we try and merge the repositories.yaml repositories with the chartfile.yaml repositories instead of overwriting them? I went for the simple option of just replacing the existing config with the helm config, but this does mean that if you had a mix of public and private repositories you would need to ensure that helm repo add ... was run on your local machine for each of the public repos. I don't think that is a huge ask for the simplicity it brings the code, but I am open to opinions if we should try to merge-with-overwrite the helm config file to our chartfile.yaml.

[github-actions]

PR Preview Action v1.4.7
Preview removed because the pull request was closed.
2024-04-19 17:44 UTC

[julienduchesne]

1. eh, let's adhere to the WET principle (write everything twice). We can always reformat later if this becomes an issue
2. I think the way you did it is good enough. It maintains the current functionality and provides enough to close the issue.

[julienduchesne]

Very nice!