From 308e0c3d5789be57de4111919c047e4fbfde540d Mon Sep 17 00:00:00 2001
From: Mitchell Nielsen <mnielsen@gitlab.com>
Date: Mon, 18 Sep 2023 12:16:34 -0500
Subject: [PATCH 1/5] Remove image vars that are no longer referenced

These tool versions were previously referenced in the image name/tag,
but were dereferenced in
https://gitlab.com/gitlab-org/charts/gitlab/-/merge_requests/2636.
---
 .gitlab-ci.yml | 5 -----
 1 file changed, 5 deletions(-)

diff --git a/.gitlab-ci.yml b/.gitlab-ci.yml
index 8f3aafd81c..698c892e22 100644
--- a/.gitlab-ci.yml
+++ b/.gitlab-ci.yml
@@ -602,11 +602,6 @@ review-docs-cleanup:
     DOCKER_HOST: tcp://docker:2375
     GITLAB_PASSWORD: $ROOT_PASSWORD
     S3_CONFIG_PATH: /etc/gitlab/minio
-    RUBYGEMS_VERSION: "3.4"
-    GO_VERSION: "1.19"
-    RUST_VERSION: "1.65"
-    PG_VERSION: "13"
-    CHROME_VERSION: "109"
   extends: .source_autodevops
   script:
     - ./scripts/ci/install_spec_dependencies
-- 
GitLab


From bd78455997ff1a8d56508db48a689b0ffe1e6925 Mon Sep 17 00:00:00 2001
From: Mitchell Nielsen <mnielsen@gitlab.com>
Date: Mon, 18 Sep 2023 12:17:05 -0500
Subject: [PATCH 2/5] Use default Charts base image for specs jobs

Rather than using `gitlab-build-images/debian-xxx`, this tests
using our default base image. It:

- contains the binaries at the versions we expect in the project
- better aligns with the environment in which developers run specs
- reduces our dependency on an outside project
- removes the need to run 'install_spec_dependencies', which is another
  external source of binaries and their versions that differs from
  `.tool-versions`, the Charts base image, and the Debian base image
---
 .gitlab-ci.yml | 1 -
 1 file changed, 1 deletion(-)

diff --git a/.gitlab-ci.yml b/.gitlab-ci.yml
index 698c892e22..6864becdbd 100644
--- a/.gitlab-ci.yml
+++ b/.gitlab-ci.yml
@@ -594,7 +594,6 @@ review-docs-cleanup:
 # ---------------------------------------------------------------------------
 
 .specs: &specs
-  image: registry.gitlab.com/gitlab-org/gitlab-build-images/debian-${DEBIAN_VERSION}-ruby-2.7.patched-golang-1.18-node-16.14-postgresql-11:git-2.33-lfs-2.9-chrome-109-yarn-1.22-graphicsmagick-1.3.36-kubectl-1.23-helm-3.5
   stage: specs
   services:
   - docker:dind
-- 
GitLab


From 136f98aed6e0cd08148625553b75c982a5361a6f Mon Sep 17 00:00:00 2001
From: Mitchell Nielsen <mnielsen@gitlab.com>
Date: Mon, 18 Sep 2023 12:21:38 -0500
Subject: [PATCH 3/5] Remove call to 'install_spec_dependencies' script

---
 .gitlab-ci.yml                       |  3 --
 scripts/ci/install_spec_dependencies | 78 ----------------------------
 2 files changed, 81 deletions(-)
 delete mode 100755 scripts/ci/install_spec_dependencies

diff --git a/.gitlab-ci.yml b/.gitlab-ci.yml
index 6864becdbd..c9de731923 100644
--- a/.gitlab-ci.yml
+++ b/.gitlab-ci.yml
@@ -51,8 +51,6 @@ variables:
   RUBY_VERSION: "3.0"
   CI_TOOLS_VERSION: "4.22.0"
   GITLAB_QA_VERSION: "12.4.1"
-  # STRICT_VERSIONS is used in RSpecs to ensure exact version match for tools like "helm" and "kubectl"
-  STRICT_VERSIONS: "true"
   KUBE_CRD_SCHEMA_URL: "https://raw.githubusercontent.com/kubernetes/kubernetes/master/api/openapi-spec/v3/apis__apiextensions.k8s.io__v1_openapi.json"
   HELM_DEFAULT_SETTINGS: |
     certmanager-issuer:
@@ -603,7 +601,6 @@ review-docs-cleanup:
     S3_CONFIG_PATH: /etc/gitlab/minio
   extends: .source_autodevops
   script:
-    - ./scripts/ci/install_spec_dependencies
     - set_context
     - ./scripts/ci/run_specs
   artifacts:
diff --git a/scripts/ci/install_spec_dependencies b/scripts/ci/install_spec_dependencies
deleted file mode 100755
index 7964420269..0000000000
--- a/scripts/ci/install_spec_dependencies
+++ /dev/null
@@ -1,78 +0,0 @@
-#!/bin/bash
-set -e
-
-export DEBIAN_FRONTEND=noninteractive
-HELM_VERSION=${HELM_VERSION:-3.5.2}
-GOMPLATE_VERSION=${GOMPLATE_VERSION:-v3.11.4}
-DOCKER_VERSION="20.10.13"
-DOCKER_DEB_VERSION="5:${DOCKER_VERSION}~3-0~debian-${DEBIAN_VERSION:-bullseye}"
-KUBECTL_VERSION=${KUBECTL_VERSION:-1.26.7}
-TARGET_DIR=${TARGET_DIR:-"/usr/local/bin"}
-
-apt-get update -qq
-apt-get install -y --no-install-recommends \
-    curl ca-certificates
-
-DOCKER_INSTALLED_VERSION=""
-if command -v docker; then
-    DOCKER_INSTALLED_VERSION=$(docker version --format '{{ .Client.Version }}')
-    echo "Docker ${DOCKER_INSTALLED_VERSION} already installed"
-    echo "Expected version: ${DOCKER_VERSION}"
-fi
-
-if [ "${STRICT_VERSIONS:-false}" == "true" ] && [ "${DOCKER_INSTALLED_VERSION}" != "${DOCKER_VERSION}" ] || [ -z "${DOCKER_INSTALLED_VERSION}" ]; then
-    echo "Installing Docker version ${DOCKER_DEB_VERSION}"
-    curl -fsSL https://download.docker.com/linux/debian/gpg | gpg --dearmor -o /usr/share/keyrings/docker-archive-keyring.gpg
-    echo "deb [arch=amd64 signed-by=/usr/share/keyrings/docker-archive-keyring.gpg] https://download.docker.com/linux/debian $(lsb_release -cs) stable" | tee /etc/apt/sources.list.d/docker.list > /dev/null
-
-    apt-get update -qq
-    apt install -y docker-ce-cli=${DOCKER_DEB_VERSION}
-fi
-docker version --format 'Effective: docker-{{ .Client.Version }}'
-
-GOMPLATE_INSTALLED_VERSION=""
-if command -v gomaplate; then
-    GOMPLATE_INSTALLED_VERSION=$(gomplate -v | cut -d' ' -f3)
-    echo "gomplate-${GOMPLATE_INSTALLED_VERSION} already installed"
-    echo "Expected version: ${GOMPLATE_VERSION}"
-fi
-
-if [ "${STRICT_VERSIONS:-false}" == "true" ] && [ "${GOMPLATE_INSTALLED_VERSION}" != "${GOMPLATE_VERSION}" ] || [ -z "${GOMPLATE_INSTALLED_VERSION}" ]; then
-    echo "Installing gomplate-${GOMPLATE_VERSION}"
-    curl -o gomplate -sSL https://github.com/hairyhenderson/gomplate/releases/download/${GOMPLATE_VERSION}/gomplate_linux-amd64
-    chmod +x gomplate
-    mv gomplate ${TARGET_DIR}/gomplate
-fi
-echo -n "Effective: "; gomplate -v
-
-
-HELM_INSTALLED_VERSION=""
-if command -v helm; then
-    echo "Helm already installed"
-    echo "Expected version: ${HELM_VERSION}"
-    HELM_INSTALLED_VERSION=$(helm version --template '{{.Version}}' | sed -e 's/^v//' )
-    echo "Installed version: ${HELM_INSTALLED_VERSION}"
-fi
-
-if [ "${STRICT_VERSIONS:-false}" == "true" ] && [ "${HELM_INSTALLED_VERSION}" != "${HELM_VERSION}" ] || [ -z "${HELM_INSTALLED_VERSION}" ]; then
-    echo "Installing helm-${HELM_VERSION}"
-    curl -Ls https://get.helm.sh/helm-v${HELM_VERSION}-linux-amd64.tar.gz | tar zxf -
-    chmod +x linux-amd64/helm
-    mv linux-amd64/helm ${TARGET_DIR}/helm
-    rm -rf linux-amd64/
-fi
-
-KUBECTL_INSTALLED_VERSION=""
-if command -v kubectl; then
-    echo "Kubectl already installed"
-    echo "Expected version: ${KUBECTL_VERSION}"
-    KUBECTL_INSTALLED_VERSION=$(kubectl version --client=true -o yaml | awk '/gitVersion/ { sub("^v","",$2); print $2; }')
-    echo "Installed kubectl version: ${KUBECTL_INSTALLED_VERSION}"
-fi
-
-if [ "${STRICT_VERSIONS:-false}" == "true" ] && [ "${KUBECTL_INSTALLED_VERSION}" != "${KUBECTL_VERSION}" ] || [ -z "${KUBECTL_INSTALLED_VERSION}" ]; then
-    echo "Installing kubectl-${KUBECTL_VERSION}"
-    curl -LsO https://storage.googleapis.com/kubernetes-release/release/v${KUBECTL_VERSION}/bin/linux/amd64/kubectl
-    chmod +x kubectl
-    mv kubectl ${TARGET_DIR}/kubectl
-fi
-- 
GitLab


From aa35a9b70f6704f7175f17cca0f0d88e4f43317b Mon Sep 17 00:00:00 2001
From: Mitchell Nielsen <mnielsen@gitlab.com>
Date: Mon, 18 Sep 2023 12:43:06 -0500
Subject: [PATCH 4/5] Tmp: reference image with added dependencies

Temporary commit to reference an image that contains
the added dependencies.

Can be reverted once related gitlab-build-images MR is merged.
---
 .gitlab-ci.yml | 4 +++-
 1 file changed, 3 insertions(+), 1 deletion(-)

diff --git a/.gitlab-ci.yml b/.gitlab-ci.yml
index c9de731923..e15a29b3fe 100644
--- a/.gitlab-ci.yml
+++ b/.gitlab-ci.yml
@@ -25,7 +25,9 @@
 # Note: Auto CI does not work with multiple buildpacks yet
 
 default:
-  image: registry.gitlab.com/gitlab-org/gitlab-build-images:gitlab-charts-build-base-helm-3.7
+  image: registry.gitlab.com/mnielsen/tmp-registry/gitlab-charts-build-base:charts-add-dependencies
+  # TODO: restore the image below when dependency MR is merged.
+  # image: registry.gitlab.com/gitlab-org/gitlab-build-images:gitlab-charts-build-base-helm-3.7
 
 variables:
   AUTO_DEPLOY_TAG_REGEX: '^[0-9]+\.[0-9]+\.[0-9]+\+[a-z0-9]{7,}$'
-- 
GitLab


From b55c229b47e85727af9bc07bc5941f29bfc8aa3e Mon Sep 17 00:00:00 2001
From: Mitchell Nielsen <mnielsen@gitlab.com>
Date: Mon, 18 Sep 2023 15:12:12 -0500
Subject: [PATCH 5/5] Use kubeconform binary directly, not helm plugin

This changes uses the kubeconform binary directly rather than the
helm plugin, which has problems installing in the alpine-based build
image.
---
 .gitlab-ci.yml | 14 +++++++-------
 1 file changed, 7 insertions(+), 7 deletions(-)

diff --git a/.gitlab-ci.yml b/.gitlab-ci.yml
index e15a29b3fe..4f9352de24 100644
--- a/.gitlab-ci.yml
+++ b/.gitlab-ci.yml
@@ -183,14 +183,14 @@ lint_package:
     - helm dependency update
     - echo "$HELM_DEFAULT_SETTINGS" | tee ./template_settings.yaml
     - echo "$HELM_SETTINGS" | tee -a ./template_settings.yaml
+    - helm template . -f ./template_settings.yaml > manifests.yaml
     - >
-      helm kubeconform --strict --summary
-      -f ./template_settings.yaml
-      --kubernetes-version $KUBE_VERSION
-      --schema-location default
-      --schema-location "$KUBE_CRD_SCHEMA_URL"
-      --output json
-      .
+      kubeconform -strict -summary
+      -kubernetes-version $KUBE_VERSION
+      -schema-location default
+      -schema-location "$KUBE_CRD_SCHEMA_URL"
+      -output json
+      ./manifests.yaml
   rules:
     - if: '$PIPELINE_TYPE =~ /_MR_PIPELINE$/'
     - if: '$PIPELINE_TYPE =~ /_BRANCH_PIPELINE$/'
-- 
GitLab