chore: release main (#10) #23
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| name: release-please | |
| on: | |
| push: | |
| branches: | |
| - main | |
| paths: | |
| - "charts/**" | |
| jobs: | |
| release-please: | |
| runs-on: ubuntu-latest | |
| permissions: | |
| contents: write | |
| pull-requests: write | |
| outputs: | |
| releases_created: ${{ steps.release.outputs.releases_created }} | |
| steps: | |
| # PR should not be triggered by repository's token to trigger GHA for auto approval | |
| # so, use github apps token instead of repository token | |
| # https://docs.github.com/en/actions/security-guides/automatic-token-authentication#using-the-github_token-in-a-workflow | |
| - shell: bash | |
| run: | | |
| env | sort | |
| - id: app-token | |
| uses: actions/create-github-app-token@v1 | |
| with: | |
| app-id: ${{ secrets.APP_ID }} | |
| private-key: ${{ secrets.PK }} | |
| owner: ${{ github.repository_owner }} | |
| repositories: "meowhq-helm-charts" | |
| - id: release | |
| uses: google-github-actions/release-please-action@v4 | |
| with: | |
| token: ${{ steps.app-token.outputs.token }} | |
| get-bumped-charts: | |
| runs-on: ubuntu-latest | |
| needs: release-please | |
| if: ${{ needs.release-please.outputs.releases_created }} | |
| name: 'Get modified charts' | |
| permissions: | |
| contents: read | |
| outputs: | |
| charts: ${{ steps.get-bumped-charts.outputs.charts }} | |
| result: ${{ steps.get-bumped-charts.outputs.result }} | |
| steps: | |
| - uses: actions/checkout@v4 | |
| with: | |
| fetch-depth: 2 # to be able to obtain files changed in the latest commit | |
| - id: get-bumped-charts | |
| name: 'Get modified charts' | |
| run: | | |
| # get the changed files | |
| files_changed="$(git show --pretty="" --name-only)" | |
| echo "files_changed=$files_changed" | |
| # get the directories that includes Chart.yaml file changes to get the charts that changed version | |
| chart_file_changed="$(echo $files_changed | grep -E 'Chart\.ya?ml' | xargs dirname | grep -o "charts/[^/]*" | sort | uniq || true)" | |
| # Initialize an empty array for version-changed charts | |
| version_changed_charts=() | |
| for chart in $chart_file_changed; do | |
| # Check if there's a version change in the Chart.yaml file | |
| if git show "$chart" | grep -q "+version"; then | |
| version_changed_charts+=("$chart") | |
| fi | |
| done | |
| # make the outputs | |
| if [ ${#version_changed_charts[@]} -gt 0 ]; then | |
| echo "charts=${version_changed_charts[@]}" >>$GITHUB_OUTPUT | |
| echo "result=ok" >>$GITHUB_OUTPUT | |
| else | |
| echo "error=No version changed charts found" >>$GITHUB_OUTPUT | |
| echo "result=fail" >>$GITHUB_OUTPUT | |
| fi | |
| # print the outputs | |
| cat $GITHUB_OUTPUT | |
| - id: show-warning | |
| name: 'Show Warning' | |
| if: ${{ steps.get-bumped-charts.outputs.result == 'fail' }} | |
| run: | | |
| echo "${{ steps.get-bumped-charts.outputs.error }}" | |
| echo "publish jobs/steps will be interrupted" | |
| # uses: actions/github-script@v6 | |
| # with: | |
| # script: | | |
| # core.setFailed('${{ steps.get-bumped-charts.outputs.error }}') | |
| publish-charts: | |
| runs-on: self-hosted | |
| needs: get-bumped-charts | |
| if: ${{ needs.get-bumped-charts.outputs.result == 'ok' }} | |
| name: Publish Charts to registry | |
| permissions: | |
| contents: read | |
| env: | |
| PUBLISH_DIR: ".target" | |
| steps: | |
| - name: Install Helm | |
| uses: azure/setup-helm@v3 | |
| with: | |
| version: v3.13.0 | |
| - name: Checkout Repository | |
| uses: actions/checkout@v4 | |
| - name: Build the package of updated Charts | |
| id: package-charts | |
| run: | | |
| rm -rf $PUBLISH_DIR && mkdir -p $PUBLISH_DIR | |
| version_changed_charts="${{needs.get-bumped-charts.outputs.charts}}" | |
| for dir in ${version_changed_charts}; do | |
| helm package $dir --dependency-update --destination $PUBLISH_DIR | |
| done | |
| - name: Publish Charts to repository | |
| id: push-charts-repository | |
| run: | | |
| # install helm plugin helm-push to publish chart to "repository" | |
| helm plugin install https://github.com/chartmuseum/helm-push | |
| # Use a for loop to packaged each .tgz file in the $PUBLISH_DIR directory | |
| for file in "$PUBLISH_DIR"/*.tgz; do | |
| if [ -f "$file" ]; then | |
| echo "Publishing $file to Helm Repository" | |
| helm cm-push \ | |
| --username ${{ secrets.HELM_REPO_USERNAME }} \ | |
| --password ${{ secrets.HELM_REPO_PASSWORD }} \ | |
| $file \ | |
| https://chartmuseum.lab.meowhq.dev | |
| fi | |
| done | |
| - name: Publish Charts to OCI Registry | |
| id: push-charts-oci | |
| run: | | |
| # login to oci registry | |
| echo '${{ secrets.HARBOR_CICD_PASSWORD }}' | \ | |
| helm registry login --username '${{ secrets.HARBOR_CICD_USERNAME }}' \ | |
| --password-stdin \ | |
| harbor.lab.meowhq.dev | |
| # Use a for loop to packaged each .tgz file in the $PUBLISH_DIR directory | |
| for file in "$PUBLISH_DIR"/*.tgz; do | |
| if [ -f "$file" ]; then | |
| echo "Publishing $file to OCI Registry" | |
| helm push $file oci://harbor.lab.meowhq.dev/charts | |
| fi | |
| done | |
| # this is currently in test | |
| publish-charts-github-release: | |
| runs-on: ubuntu-latest | |
| needs: get-bumped-charts | |
| if: ${{ needs.get-bumped-charts.outputs.result == 'ok' }} | |
| name: Publish Charts to Github | |
| permissions: | |
| contents: write | |
| packages: write | |
| pages: write | |
| steps: | |
| - uses: actions/checkout@v4 | |
| name: Checkout Repository | |
| - name: Run chart-releaser | |
| uses: helm/[email protected] | |
| with: | |
| charts_dir: charts | |
| env: | |
| CR_TOKEN: ${{ secrets.GITHUB_TOKEN }} |