From c94a28baa3c8da56a5eef9550add5aff83757851 Mon Sep 17 00:00:00 2001 From: Bernd Schorgers Date: Mon, 10 Feb 2025 13:05:48 +0100 Subject: [PATCH] ci: Rework publishing CI (#381) --- .github/actions/charts-package/action.yaml | 77 ++++++++ .../charts-release-ghpages/action.yaml | 70 +++++++ .../actions/charts-release-oci/action.yaml | 59 ++++++ .github/actions/label-from-status/action.yaml | 48 ----- .../publish-folder-to-pages/action.yaml | 62 ++++++ .github/workflows/charts-lint.yaml | 7 + .github/workflows/charts-release-ghpages.yaml | 96 ---------- .github/workflows/charts-release-oci.yaml | 69 ------- .github/workflows/charts-release-steps.yaml | 180 ++++++++++++++++++ .github/workflows/charts-release.yaml | 118 ++++++------ 10 files changed, 512 insertions(+), 274 deletions(-) create mode 100644 .github/actions/charts-package/action.yaml create mode 100644 .github/actions/charts-release-ghpages/action.yaml create mode 100644 .github/actions/charts-release-oci/action.yaml delete mode 100644 .github/actions/label-from-status/action.yaml create mode 100644 .github/actions/publish-folder-to-pages/action.yaml delete mode 100644 .github/workflows/charts-release-ghpages.yaml delete mode 100644 .github/workflows/charts-release-oci.yaml create mode 100644 .github/workflows/charts-release-steps.yaml diff --git a/.github/actions/charts-package/action.yaml b/.github/actions/charts-package/action.yaml new file mode 100644 index 00000000..3765edd2 --- /dev/null +++ b/.github/actions/charts-package/action.yaml @@ -0,0 +1,77 @@ +--- +name: "Package charts" +description: "Package charts for release" +inputs: + rootFolder: + description: "Root folder containing the charts to package" + required: true + chartFolder: + description: "Folder containing the chart to package relative to the base folder" + required: true + destinationFolder: + description: "Folder where the chart packages should be stored" + required: true + default: "out" + artifactPrefix: + description: "Prefix for the artifact name" + required: false + default: "" + retentionDays: + description: "Duration after which artifacts will expire in days." + required: true + default: "1" + helmVersion: + description: "Helm version to use for packaging" + required: true + default: 3.17.0 + +runs: + using: "composite" + steps: + - name: Install Kubernetes tools + uses: yokawasa/action-setup-kube-tools@v0.11.1 + with: + setup-tools: | + helmv3 + helm: "${{ inputs.helmVersion }}" + + - name: Grab chart details + id: chart-details + shell: bash + env: + ROOT_DIR: "${{ inputs.rootFolder }}" + CHART_DIR: "${{ inputs.chartFolder }}" + run: | + PARENT_DIR=$(basename $(dirname "${ROOT_DIR}/${CHART_DIR}")) + echo "parentdir=${PARENT_DIR}" >> "$GITHUB_OUTPUT" + echo "name=$(yq '.name' ${ROOT_DIR}/${CHART_DIR}/Chart.yaml)" >> "$GITHUB_OUTPUT" + echo "version=$(yq '.version' ${ROOT_DIR}/${CHART_DIR}/Chart.yaml)" >> "$GITHUB_OUTPUT" + + - name: Dereference JSON schema before packaging + uses: bjw-s/helm-charts-actions/dereference-json-schema@main + with: + schemaFile: "${{ inputs.rootFolder }}/${{ inputs.chartFolder }}/values.schema.json" + outputFile: "${{ inputs.rootFolder }}/${{ inputs.chartFolder }}/values.schema.json" + allowFileNotFound: true + + - name: Package Helm Chart + shell: bash + env: + ROOT_DIR: "${{ inputs.rootFolder }}" + CHART_DIR: "${{ inputs.chartFolder }}" + PARENT_DIR: "${{ steps.chart-details.outputs.parentdir }}" + TARGET_DIR: "${{ inputs.destinationFolder }}" + run: | + helm package "${ROOT_DIR}/${CHART_DIR}" --dependency-update --destination "${TARGET_DIR}/${PARENT_DIR}" + + - name: Upload artifact + uses: actions/upload-artifact@v4 + env: + PARENT_DIR: "${{ steps.chart-details.outputs.parentdir }}" + CHART_NAME: "${{ steps.chart-details.outputs.name }}" + CHART_VERSION: "${{ steps.chart-details.outputs.version }}" + TARGET_DIR: "${{ inputs.destinationFolder }}" + with: + name: "${{ inputs.artifactPrefix }}${{ env.PARENT_DIR }}__${{ env.CHART_NAME }}__${{ env.CHART_VERSION }}" + path: "${{ env.TARGET_DIR }}/${{ env.PARENT_DIR }}/${{ env.CHART_NAME }}-${{ env.CHART_VERSION }}.tgz" + retention-days: ${{ inputs.retentionDays }} diff --git a/.github/actions/charts-release-ghpages/action.yaml b/.github/actions/charts-release-ghpages/action.yaml new file mode 100644 index 00000000..eec10780 --- /dev/null +++ b/.github/actions/charts-release-ghpages/action.yaml @@ -0,0 +1,70 @@ +--- +name: "Prepare chart artifacts for release" +description: "Prepare chart artifacts for release to GitHub Pages" +inputs: + artifactPattern: + description: "Pattern to match artifacts to release" + required: true + artifactPrefix: + description: "Prefix to strip from the artifact names" + required: false + default: "" + targetFolder: + description: "Folder where to move the chart artifacts" + required: true + default: gh-pages + targetBranch: + description: "Branch to push the chart artifacts" + required: true + default: gh-pages + +runs: + using: "composite" + steps: + - name: Prepare artifacts folder + shell: bash + run: | + mkdir -p artifacts + + - name: Download chart artifacts + uses: actions/download-artifact@v4 + with: + path: artifacts + pattern: ${{ inputs.artifactPrefix }}${{ inputs.artifactPattern }} + + - name: Copy artifacts to gh-pages structure + shell: bash + working-directory: artifacts + env: + ARTIFACT_PREFIX: ${{ inputs.artifactPrefix }} + TARGET_FOLDER: ${{ inputs.targetFolder }} + run: | + while IFS= read -d $'\0' -r ARTIFACT ; do + echo ${ARTIFACT} + prefix_removed_chart=${ARTIFACT/#$ARTIFACT_PREFIX} + DELIMITER='__' + s=${prefix_removed_chart}${DELIMITER} + ARTIFACT_PATH_PARTS=(); + while [[ $s ]]; do + ARTIFACT_PATH_PARTS+=( "${s%%"${DELIMITER}"*}" ); + s=${s#*"${DELIMITER}"}; + done; + + CHART_FOLDER=${ARTIFACT_PATH_PARTS[0]} + mkdir -p "${TARGET_FOLDER}/${CHART_FOLDER}" + cp ${ARTIFACT}/* ${TARGET_FOLDER}/${CHART_FOLDER}/ + done < <(find . -mindepth 1 -maxdepth 1 -type d -print0) + + - name: Update chart index + shell: bash + working-directory: ${{ inputs.targetFolder }} + run: | + helm repo index . --url https://bjw-s.github.io/helm-charts/ + + - name: Commit Changes + uses: stefanzweifel/git-auto-commit-action@v5 + with: + repository: ${{ inputs.targetFolder }} + branch: ${{ inputs.targetBranch }} + file_pattern: "index.yaml **/*.tgz" + disable_globbing: true diff --git a/.github/actions/charts-release-oci/action.yaml b/.github/actions/charts-release-oci/action.yaml new file mode 100644 index 00000000..6551ae2c --- /dev/null +++ b/.github/actions/charts-release-oci/action.yaml @@ -0,0 +1,59 @@ +--- +name: "Release charts to OCI registry" +description: "Release charts to OCI registry" +inputs: + chartName: + description: "Name of the chart to release" + required: true + chartVersion: + description: "Version of the chart to release" + required: true + workingDir: + description: "Working directory" + required: true + default: "." + ociRegistry: + description: > + Target OCI registry for Helm charts. + required: true + default: "ghcr.io" + helmVersion: + description: "Helm version to use for packaging" + required: true + default: 3.17.0 + +runs: + using: "composite" + steps: + - name: Install Cosign + uses: sigstore/cosign-installer@v3.6.0 + + - name: Install Kubernetes tools + uses: yokawasa/action-setup-kube-tools@v0.11.1 + with: + setup-tools: | + helmv3 + helm: ${{ inputs.helmVersion }} + + - name: Login to OCI Registry + uses: docker/login-action@v3 + with: + registry: ${{ inputs.ociRegistry }} + username: ${{ github.actor }} + password: ${{ github.token }} + + - name: Push Helm charts to OCI registry + shell: bash + working-directory: ${{ inputs.workingDir }} + env: + CHART_NAME: ${{ inputs.chartName }} + CHART_VERSION: ${{ inputs.chartVersion }} + CHART_TAG_BASE: ${{ inputs.ociRegistry }}/${{ github.actor }}/helm + CHART_TAG: ${{ inputs.chartName }}:${{ inputs.chartVersion }} + run: | + helm push "${CHART_NAME}-${CHART_VERSION}.tgz" oci://${CHART_TAG_BASE} &> push-metadata.txt + CHART_DIGEST=$(awk '/Digest: /{print $2}' push-metadata.txt) + cosign sign --yes "${CHART_TAG_BASE}/${CHART_TAG}@${CHART_DIGEST}" + cosign verify "${CHART_TAG_BASE}/${CHART_TAG}@${CHART_DIGEST}" \ + --certificate-oidc-issuer "https://token.actions.githubusercontent.com" \ + --certificate-identity "https://github.com/${{ github.repository }}/.github/workflows/charts-release-steps.yaml@${{ github.ref }}" diff --git a/.github/actions/label-from-status/action.yaml b/.github/actions/label-from-status/action.yaml deleted file mode 100644 index a89fc9c6..00000000 --- a/.github/actions/label-from-status/action.yaml +++ /dev/null @@ -1,48 +0,0 @@ -name: "Set issue labels based on status" -description: "Sets / removes issue labels based on CI job status" -inputs: - token: - required: true - description: "The Github API token to use" - issue-number: - required: true - description: "The issue to label" - prefix: - required: true - description: "The label prefix (e.g. lint, install)" - job-status: - required: true - description: "The status of the CI job" - remove-on-skipped: - required: false - default: "false" - description: "Remove the label if the job was skipped" - -runs: - using: "composite" - steps: - - name: Label success - uses: andymckay/labeler@1.0.4 - if: ${{ inputs.job-status == 'success' }} - with: - repo-token: ${{ inputs.token }} - issue-number: ${{ inputs.issue-number }} - add-labels: "${{ inputs.prefix }}:ok" - remove-labels: "${{ inputs.prefix }}:failed" - - - name: Label failure - uses: andymckay/labeler@1.0.4 - if: ${{ inputs.job-status == 'failure' }} - with: - repo-token: ${{ inputs.token }} - issue-number: ${{ inputs.issue-number }} - add-labels: "${{ inputs.prefix }}:failed" - remove-labels: "${{ inputs.prefix }}:ok" - - - name: Remove label - uses: andymckay/labeler@1.0.4 - if: ${{ (inputs.job-status == 'skipped') && (inputs.remove-on-skipped == 'true') }} - with: - repo-token: ${{ inputs.token }} - issue-number: ${{ inputs.issue-number }} - remove-labels: "${{ inputs.prefix }}:ok, ${{ inputs.prefix }}:failed" diff --git a/.github/actions/publish-folder-to-pages/action.yaml b/.github/actions/publish-folder-to-pages/action.yaml new file mode 100644 index 00000000..5d759a40 --- /dev/null +++ b/.github/actions/publish-folder-to-pages/action.yaml @@ -0,0 +1,62 @@ +--- +name: "Publish folder to GitHub Pages" +description: "Publish the contents of a folder to GitHub Pages" +inputs: + path: + description: "Path that contains the content to publish" + required: true + default: "gh-pages/" + artifactName: + description: "Filename of the artifact" + required: true + default: "github-pages" + retention-days: + description: "Duration after which artifact will expire in days." + required: true + default: "1" + deleteArtifactAfterPublish: + description: "Delete the artifact after deployment?" + required: true + default: "false" + +runs: + using: "composite" + steps: + - name: Prepare gh-pages artifact + shell: sh + env: + INPUT_PATH: ${{ inputs.path }} + run: | + echo ::group::Archive artifact + tar \ + --dereference --hard-dereference \ + --directory "$INPUT_PATH" \ + -cvf "$RUNNER_TEMP/artifact.tar" \ + --exclude=.git \ + --exclude=.github \ + --exclude=".[^/]*" \ + . + echo ::endgroup:: + + - name: Upload gh-pages artifact + id: upload-artifact + uses: actions/upload-artifact@v4 + with: + name: ${{ inputs.artifactName }} + path: ${{ runner.temp }}/artifact.tar + retention-days: 1 + if-no-files-found: error + + - name: Deploy to GitHub Pages + id: deploy-gh-pages + uses: actions/deploy-pages@v4 + with: + artifact_name: ${{ inputs.artifactName }} + + - name: Clean up artifact + if: ${{ inputs.deleteArtifactAfterPublish == 'true' }} + uses: joernott/rm-artifact@v1 + with: + name: ${{ inputs.artifactName }} + useGlob: false + failOnError: true diff --git a/.github/workflows/charts-lint.yaml b/.github/workflows/charts-lint.yaml index 39620799..29934f04 100644 --- a/.github/workflows/charts-lint.yaml +++ b/.github/workflows/charts-lint.yaml @@ -71,6 +71,13 @@ jobs: chart: ${{ matrix.chart }} overrides: ${{ inputs.overrideDeps }} + - name: Dereference JSON schema before packaging + uses: bjw-s/helm-charts-actions/dereference-json-schema@main + with: + schemaFile: "charts/${{ matrix.chart }}/values.schema.json" + outputFile: "charts/${{ matrix.chart }}/values.schema.json" + allowFileNotFound: true + - name: Run chart-testing (lint) run: ct lint --config .ci/ct/ct.yaml --charts "charts/${{ matrix.chart }}" diff --git a/.github/workflows/charts-release-ghpages.yaml b/.github/workflows/charts-release-ghpages.yaml deleted file mode 100644 index b8077cda..00000000 --- a/.github/workflows/charts-release-ghpages.yaml +++ /dev/null @@ -1,96 +0,0 @@ -name: "Charts: Release to GitHub pages" - -on: - workflow_call: - inputs: - charts: - description: > - Json encoded list of Helm charts to release. - Defaults to releasing everything. - default: "[]" - required: false - type: string - secrets: - BJWS_APP_ID: - required: true - BJWS_APP_PRIVATE_KEY: - required: true - -env: - HELM_VERSION: 3.11.2 - -jobs: - release-charts: - name: Release charts - runs-on: ubuntu-22.04 - steps: - - name: "Generate Short Lived OAuth App Token (ghs_*)" - uses: actions/create-github-app-token@v1.10.4 - id: app-token - with: - app-id: "${{ secrets.BJWS_APP_ID }}" - private-key: "${{ secrets.BJWS_APP_PRIVATE_KEY }}" - - - name: Checkout charts branch - uses: actions/checkout@v4 - with: - token: ${{ steps.app-token.outputs.token }} - path: "src" - fetch-depth: 0 - - - name: Checkout gh-pages branch - uses: actions/checkout@v4 - with: - token: ${{ steps.app-token.outputs.token }} - path: "dest" - ref: "gh-pages" - fetch-depth: 0 - - - name: Install Kubernetes tools - uses: yokawasa/action-setup-kube-tools@v0.11.1 - with: - setup-tools: | - helmv3 - helm: "${{ env.HELM_VERSION }}" - - - name: Package Helm Charts - shell: bash - env: - SRC_DIR: "src/charts" - DEST_DIR: "dest" - run: | - CHARTS=( $(yq --null-input e '${{ inputs.charts }}[]' ) ) - - for CHART in "${CHARTS[@]}" ; do - mapfile -t CHART_PATH_PARTS < <(echo "$CHART" | tr '/' '\n') - CHART_TYPE=${CHART_PATH_PARTS[0]} - - helm package "${SRC_DIR}/${CHART}" --dependency-update --destination "${DEST_DIR}/${CHART_TYPE}" - done - - - name: Update chart index - shell: bash - working-directory: dest - run: | - helm repo index . --url https://bjw-s.github.io/helm-charts/ - - - name: Commit changes - uses: stefanzweifel/git-auto-commit-action@v5 - id: auto-commit - with: - repository: dest - branch: gh-pages - commit_user_name: "bjw-s-bot[bot]" - commit_user_email: 87358111+bjw-s-bot[bot]@users.noreply.github.com - commit_author: bjw-s-bot[bot] <87358111+bjw-s-bot[bot]@users.noreply.github.com> - file_pattern: "index.yaml **/*.tgz" - disable_globbing: true - - - name: Wait for deploy - uses: fountainhead/action-wait-for-check@v1.2.0 - if: ${{ steps.auto-commit.outputs.changes_detected }} - id: wait-for-deploy - with: - token: ${{ steps.app-token.outputs.token }} - ref: ${{ steps.auto-commit.outputs.commit_hash }} - checkName: deploy diff --git a/.github/workflows/charts-release-oci.yaml b/.github/workflows/charts-release-oci.yaml deleted file mode 100644 index 5fb8479c..00000000 --- a/.github/workflows/charts-release-oci.yaml +++ /dev/null @@ -1,69 +0,0 @@ -name: "Charts: Release to GHCR OCI" - -on: - workflow_call: - inputs: - charts: - description: > - Json encoded list of Helm charts to release. - Defaults to releasing everything. - default: "[]" - required: false - type: string - -env: - HELM_VERSION: 3.11.2 - CHARTS_SRC_DIR: "charts" - TARGET_REGISTRY: ghcr.io - -jobs: - release-charts: - name: Release charts - runs-on: ubuntu-22.04 - permissions: - contents: read - packages: write # needed for ghcr access - actions: read # for detecting the Github Actions environment. - id-token: write # for creating OIDC tokens for signing. - steps: - - name: Checkout chart sources - uses: actions/checkout@v4 - with: - fetch-depth: 0 - - - name: Install Kubernetes tools - uses: yokawasa/action-setup-kube-tools@v0.11.1 - with: - setup-tools: | - helmv3 - helm: "${{ env.HELM_VERSION }}" - - - name: Install Cosign - uses: sigstore/cosign-installer@v3.6.0 - - - name: Login to GitHub Container Registry - uses: docker/login-action@v3 - with: - registry: ${{ env.TARGET_REGISTRY }} - username: ${{ github.actor }} - password: ${{ secrets.GITHUB_TOKEN }} - - - name: Package & Push Helm Charts - shell: bash - run: | - CHARTS=( $(yq --null-input e '${{ inputs.charts }}[]' ) ) - - for CHART in "${CHARTS[@]}" ; do - mapfile -t CHART_PATH_PARTS < <(echo "$CHART" | tr '/' '\n') - CHART_TYPE=${CHART_PATH_PARTS[0]} - CHART_NAME=${CHART_PATH_PARTS[1]} - CHART_VERSION=$(yq e '.version' ${{ env.CHARTS_SRC_DIR }}/${CHART}/Chart.yaml) - - helm package "${{ env.CHARTS_SRC_DIR }}/${CHART_TYPE}/${CHART_NAME}" --dependency-update --destination "${{ env.CHARTS_SRC_DIR }}/${CHART_TYPE}" --version "${CHART_VERSION}" - helm push "${{ env.CHARTS_SRC_DIR }}/${CHART_TYPE}/${CHART_NAME}-${CHART_VERSION}.tgz" oci://${{ env.TARGET_REGISTRY }}/${{ github.actor }}/helm &> push-metadata.txt - CHART_DIGEST=$(awk '/Digest: /{print $2}' push-metadata.txt) - cosign sign --yes "${{ env.TARGET_REGISTRY }}/${{ github.actor }}/helm/${CHART_NAME}:${CHART_VERSION}@${CHART_DIGEST}" - cosign verify "${{ env.TARGET_REGISTRY }}/${{ github.actor }}/helm/${CHART_NAME}:${CHART_VERSION}@${CHART_DIGEST}" \ - --certificate-oidc-issuer "https://token.actions.githubusercontent.com" \ - --certificate-identity "https://github.com/bjw-s/helm-charts/.github/workflows/charts-release-oci.yaml@refs/heads/main" - done diff --git a/.github/workflows/charts-release-steps.yaml b/.github/workflows/charts-release-steps.yaml new file mode 100644 index 00000000..ba20f1be --- /dev/null +++ b/.github/workflows/charts-release-steps.yaml @@ -0,0 +1,180 @@ +--- +name: "Charts: Release" + +on: + workflow_call: + inputs: + charts: + description: > + Json encoded list of Helm charts to release. + Defaults to releasing everything. + default: "[]" + required: false + type: string + excludedChartsRelease: + description: > + Json encoded list of Helm charts to exclude from release. + default: "[]" + required: false + type: string + publishToGhPages: + description: > + Should the charts be published to GitHub Pages. + default: true + required: false + type: boolean + ghPagesBranch: + description: > + Target branch for GitHub Pages. + default: "gh-pages" + required: false + type: string + publishToOciRegistry: + description: > + Should the charts be published to an OCI registry. + default: true + required: false + type: boolean + ociRegistry: + description: > + Target OCI registry for Helm charts. + default: "ghcr.io" + required: false + type: string + helmVersion: + description: > + Helm version to use. + default: "3.11.2" + required: false + type: string + +jobs: + package-charts: + name: Package charts + runs-on: ubuntu-22.04 + strategy: + matrix: + charts: ${{ fromJSON(inputs.charts) }} + fail-fast: false + steps: + - name: Checkout source branch + if: ${{ !contains(fromJSON(inputs.excludedChartsRelease), matrix.charts) }} + uses: actions/checkout@v4 + with: + path: src + fetch-depth: 0 + + - name: Package Helm charts + uses: ./src/.github/actions/charts-package + if: ${{ !contains(fromJSON(inputs.excludedChartsRelease), matrix.charts) }} + with: + rootFolder: src/charts + chartFolder: ${{ matrix.charts }} + artifactPrefix: chart__ + helmVersion: ${{ inputs.helmVersion }} + + release-charts-to-github-pages: + name: Release charts to GitHub Pages + runs-on: ubuntu-22.04 + if: ${{ inputs.publishToGhPages }} + needs: + - package-charts + steps: + - name: Checkout source branch + uses: actions/checkout@v4 + with: + path: src + + - name: Checkout gh-pages branch + uses: actions/checkout@v4 + with: + token: ${{ github.token }} + path: gh-pages + ref: ${{ inputs.ghPagesBranch }} + fetch-depth: 0 + + - name: Prepare artifacts for release to GitHub Pages + uses: ./src/.github/actions/charts-release-ghpages + with: + artifactPattern: "*" + artifactPrefix: chart__ + targetFolder: gh-pages + targetBranch: gh-pages + + - name: Publish changes to GitHub Pages + uses: ./src/.github/actions/publish-folder-to-pages + with: + path: gh-pages/ + + prepare-release-charts-to-oci: + name: Prepare releasing charts to OCI registry + runs-on: ubuntu-22.04 + if: ${{ inputs.publishToOciRegistry }} + needs: + - package-charts + outputs: + artifacts: ${{ steps.artifacts.outputs.artifacts }} + steps: + - name: List artifacts + id: list + uses: yakubique/list-artifacts@v1.1 + with: + name: chart__* + + - name: Rewrite artifacts output + id: artifacts + shell: bash + env: + JQ_COMMAND: |- + [.[] | {artifact_name: .name, chart_name: (.name | split("__")[-2]), chart_version: (.name | split("__")[-1]) }] + run: | + echo '${{ steps.list.outputs.result }}' | jq -c -r "$JQ_COMMAND" > artifacts + echo "artifacts=$(cat artifacts)" >> "$GITHUB_OUTPUT" + + release-charts-to-oci: + name: Release charts to OCI registry + runs-on: ubuntu-22.04 + if: ${{ inputs.publishToOciRegistry && needs.prepare-release-charts-to-oci.outputs.artifacts != '[]' }} + strategy: + matrix: + artifacts: ${{ fromJSON(needs.prepare-release-charts-to-oci.outputs.artifacts) }} + fail-fast: false + needs: + - package-charts + - prepare-release-charts-to-oci + env: + TARGET_REGISTRY: ghcr.io + steps: + - name: Download chart artifacts + uses: actions/download-artifact@v4 + with: + path: artifacts + pattern: ${{ matrix.artifacts.artifact_name }} + + - name: Checkout source branch + uses: actions/checkout@v4 + with: + path: src + + - name: Release chart to OCI registry + uses: ./src/.github/actions/charts-release-oci + with: + workingDir: artifacts/${{ matrix.artifacts.artifact_name }} + chartName: ${{ matrix.artifacts.chart_name }} + chartVersion: ${{ matrix.artifacts.chart_version }} + + cleanup-charts-artifacts: + name: Clean up artifacts + runs-on: ubuntu-22.04 + needs: + - package-charts + - release-charts-to-github-pages + - release-charts-to-oci + if: ${{ always() && !contains(needs.*.result, 'failure') && !contains(needs.*.result, 'cancelled') }} + steps: + - name: Clean up artifact + uses: joernott/rm-artifact@v1 + with: + name: "*" + useGlob: true + failOnError: true diff --git a/.github/workflows/charts-release.yaml b/.github/workflows/charts-release.yaml index 212cde9d..a07eb353 100644 --- a/.github/workflows/charts-release.yaml +++ b/.github/workflows/charts-release.yaml @@ -1,92 +1,88 @@ +--- name: "Charts: Release" concurrency: helm-release on: workflow_dispatch: - inputs: - charts: - description: > - Charts to release. Comma-separated string. - Defaults to releasing everything. - default: "" - required: false - push: branches: - main paths: - "charts/**" -env: - HELM_VERSION: 3.11.2 - jobs: - prepare: + prepare-release: name: Prepare data required for release runs-on: ubuntu-22.04 outputs: - libraryChartsToRelease: ${{ steps.collect-charts.outputs.chartsLibraryToRelease }} - applicationChartsToRelease: ${{ steps.collect-charts.outputs.chartsApplicationToRelease }} + repoConfiguration: ${{ steps.repo-config.outputs.config }} + libraryChartsToRelease: ${{ steps.changed-library-charts.outputs.all_changed_files }} + applicationChartsToRelease: ${{ steps.changed-charts.outputs.all_changed_files }} steps: - name: Checkout uses: actions/checkout@v4 with: fetch-depth: 0 - - name: Collect charts to release - uses: bjw-s/helm-charts-actions/collect-charts@main - id: collect-charts + - name: Grab repository configuration + id: repo-config + shell: bash + run: | + echo "config=$(yq '.' '.ci/repo-config.yaml' -o json -I=0)" >> "$GITHUB_OUTPUT" + + - name: Get changed library charts + id: changed-library-charts + uses: tj-actions/changed-files@v45 with: - repoConfigFile: ./.ci/repo-config.yaml - overrideCharts: "[${{ inputs.charts }}]" - requireHeadAheadOfBase: false + matrix: true + path: charts + dir_names: true + dir_names_max_depth: 2 + files: | + library/** + + - name: Get changed charts + id: changed-charts + uses: tj-actions/changed-files@v45 + with: + matrix: true + path: charts + dir_names: true + dir_names_max_depth: 2 + files_ignore: | + library/** release-library-charts: - name: Release Library charts to GitHub pages - uses: ./.github/workflows/charts-release-ghpages.yaml + name: Release library charts needs: - - prepare + - prepare-release + if: ${{ needs.prepare-release.outputs.libraryChartsToRelease != '[]' }} + uses: ./.github/workflows/charts-release-steps.yaml + permissions: + pages: write + id-token: write + contents: write + packages: write with: - charts: "${{ needs.prepare.outputs.libraryChartsToRelease }}" - secrets: inherit + charts: ${{ needs.prepare-release.outputs.libraryChartsToRelease }} + excludedChartsRelease: ${{ toJSON(fromJSON(needs.prepare-release.outputs.repoConfiguration).excluded-charts-release) }} + ghPagesBranch: gh-pages + publishToOciRegistry: false - tag-library-charts: - name: Create git tags for library charts - uses: ./.github/workflows/tag-charts.yaml + release-other-charts: + name: Release other charts needs: - - prepare + - prepare-release - release-library-charts + if: ${{ needs.prepare-release.outputs.applicationChartsToRelease != '[]' }} + uses: ./.github/workflows/charts-release-steps.yaml + permissions: + pages: write + id-token: write + contents: write + packages: write with: - charts: "${{ needs.prepare.outputs.libraryChartsToRelease }}" - secrets: inherit - - release-application-charts: - name: Release Application charts to GitHub pages - uses: ./.github/workflows/charts-release-ghpages.yaml - needs: - - prepare - - release-library-charts - with: - charts: "${{ needs.prepare.outputs.applicationChartsToRelease }}" - secrets: inherit - - tag-application-charts: - name: Create git tags for application charts - uses: ./.github/workflows/tag-charts.yaml - needs: - - prepare - - release-application-charts - with: - charts: "${{ needs.prepare.outputs.applicationChartsToRelease }}" - secrets: inherit - - release-github-oci: - name: Release Application charts to GitHub Container Registry - uses: ./.github/workflows/charts-release-oci.yaml - needs: - - prepare - - release-library-charts - with: - charts: "${{ needs.prepare.outputs.applicationChartsToRelease }}" - secrets: inherit + charts: ${{ needs.prepare-release.outputs.applicationChartsToRelease }} + excludedChartsRelease: ${{ toJSON(fromJSON(needs.prepare-release.outputs.repoConfiguration).excluded-charts-release) }} + ghPagesBranch: gh-pages