add checksum annotation for replicated-secret

replicatedhq · Oct 4, 2023 · 52f976c · 52f976c
1 parent 32c2257
commit 52f976c
Show file tree

Hide file tree

Showing 3 changed files with 30 additions and 1 deletion.
diff --git a/.github/actions/validate-endpoints/action.yml b/.github/actions/validate-endpoints/action.yml
@@ -8,6 +8,10 @@ inputs:
     description: 'License fields to validate'
     required: false
     default: '[]'
+  version-label:
+    description: 'Version label to validate'
+    required: false
+    default: ''
   integration-enabled:
     description: 'If integration mode is enabled or not'
     required: false
@@ -87,6 +91,8 @@ runs:
 
     - name: Validate /app/info endpoint
       shell: bash
+      env:
+        VERSION_LABEL: ${{ inputs.version-label }}
       run: |
         appStatus=$(curl -s --fail --show-error localhost:8888/api/v1/app/info | jq -r .appStatus | tr -d '\n')
 
@@ -95,6 +101,15 @@ runs:
           exit 1
         fi
 
+        if [ -n "$VERSION_LABEL" ]; then
+          versionLabel=$(curl -s --fail --show-error localhost:8888/api/v1/app/info | jq -r .currentRelease.versionLabel | tr -d '\n')
+
+          if [ "$versionLabel" != "$VERSION_LABEL" ]; then
+            echo "Expected version label to be '$VERSION_LABEL', but is '$versionLabel'."
+            exit 1
+          fi
+        fi
+
     - name: Validate /app/updates endpoint
       shell: bash
       run: |

diff --git a/.github/workflows/main.yaml b/.github/workflows/main.yaml
@@ -136,7 +136,7 @@ jobs:
 
       - name: Create release
         id: create-release
-        uses: replicatedhq/replicated-actions/create-release@v1.1.1
+        uses: replicatedhq/replicated-actions/create-release@v1.5.2
         with:
           app-slug: ${{ env.APP_SLUG }}
           api-token: ${{ secrets.C11Y_MATRIX_TOKEN }}
@@ -268,6 +268,18 @@ jobs:
           license-fields: ${{ env.LICENSE_FIELDS }}
           integration-enabled: 'false'
 
+      - name: Upgrade via Helm as subchart in production mode to a new version
+        run: |
+          helm upgrade test-chart oci://registry.replicated.com/$APP_SLUG/$CHANNEL_SLUG/test-chart --set replicated.integration.enabled=false --set replicated.versionLabel=1.0.0 --wait --timeout 2m
+
+      - name: Validate endpoints
+        uses: ./.github/actions/validate-endpoints
+        with:
+          license-id: ${{ env.LICENSE_ID }}
+          license-fields: ${{ env.LICENSE_FIELDS }}
+          version-label: '1.0.0'
+          integration-enabled: 'false'
+
       - name: Uninstall test-chart via Helm
         run: helm uninstall test-chart --wait --timeout 2m
 

diff --git a/chart/templates/replicated-deployment.yaml b/chart/templates/replicated-deployment.yaml
@@ -20,6 +20,8 @@ spec:
       {{- include "replicated.selectorLabels" . | nindent 6 }}
   template:
     metadata:
+      annotations:
+        checksum/replicated-secret: {{ include (print $.Template.BasePath "/replicated-secret.yaml") . | sha256sum }}
       labels:
         {{- include "replicated.labels" . | nindent 8 }}
     spec: