From 8bcd2dc63b00af2cd19d1c08113eaf7be19bca34 Mon Sep 17 00:00:00 2001
From: justusbunsi <justusbunsi@noreply.gitea.com>
Date: Mon, 27 Nov 2023 18:36:47 +0000
Subject: [PATCH] Detect major dependency version bumps (#571)

As seen in #507 and #569, there is no guarantee for us that minor
dependency updates are actually minor updates for the dependent
application itself. The Chart version might be minor - and therefore
automatically merged when build is green - but the used Docker image
inside the Chart could still be a major version change.

To effectively prevent such automerge when the application major version
changes, there is now a test file that has the currently used major
versions hard-coded. In case of an actual major bump, this file has to
be adjusted.

Looking at `redis-cluster`, there might be several major Chart versions
with the same major application version.

This PR is related to #409 but does not fully resolve it.

Reviewed-on: https://gitea.com/gitea/helm-chart/pulls/571
Reviewed-by: pat-s <pat-s@noreply.gitea.com>
---
 Makefile                                    |  2 +-
 unittests/dependency-major-image-check.yaml | 42 +++++++++++++++++++++
 2 files changed, 43 insertions(+), 1 deletion(-)
 create mode 100644 unittests/dependency-major-image-check.yaml

diff --git a/Makefile b/Makefile
index e3e4f03..4e4b5bd 100644
--- a/Makefile
+++ b/Makefile
@@ -9,7 +9,7 @@ readme: prepare-environment
 
 .PHONY: unittests
 unittests:
-	helm unittest --strict -f 'unittests/**/*.yaml' ./
+	helm unittest --strict -f 'unittests/**/*.yaml' -f 'unittests/dependency-major-image-check.yaml' ./
 
 .PHONY: helm
 update-helm-dependencies:
diff --git a/unittests/dependency-major-image-check.yaml b/unittests/dependency-major-image-check.yaml
new file mode 100644
index 0000000..f50d58c
--- /dev/null
+++ b/unittests/dependency-major-image-check.yaml
@@ -0,0 +1,42 @@
+suite: Dependency update consistency
+release:
+  name: gitea-unittests
+  namespace: testing
+tests:
+  - it: "[postgresql-ha] ensures we detect major image version upgrades"
+    template: charts/postgresql-ha/templates/postgresql/statefulset.yaml
+    set:
+      postgresql:
+        enabled: false
+      postgresql-ha:
+        enabled: true
+    asserts:
+      - documentIndex: 0
+        matchRegex:
+          path: spec.template.spec.containers[0].image
+          # IN CASE OF AN INTENTIONAL MAJOR BUMP, ADJUST THIS TEST
+          pattern: ^docker.io/bitnami/postgresql-repmgr:15.+$
+  - it: "[postgresql] ensures we detect major image version upgrades"
+    template: charts/postgresql/templates/primary/statefulset.yaml
+    set:
+      postgresql:
+        enabled: true
+      postgresql-ha:
+        enabled: false
+    asserts:
+      - documentIndex: 0
+        matchRegex:
+          path: spec.template.spec.containers[0].image
+          # IN CASE OF AN INTENTIONAL MAJOR BUMP, ADJUST THIS TEST
+          pattern: ^docker.io/bitnami/postgresql:15.+$
+  - it: "[redis-cluster] ensures we detect major image version upgrades"
+    template: charts/redis-cluster/templates/redis-statefulset.yaml
+    set:
+      redis-cluster:
+        enabled: true
+    asserts:
+      - documentIndex: 0
+        matchRegex:
+          path: spec.template.spec.containers[0].image
+          # IN CASE OF AN INTENTIONAL MAJOR BUMP, ADJUST THIS TEST
+          pattern: ^docker.io/bitnami/redis-cluster:7.+$