feature: Add create options for role and rolebinding (#295) #135
Workflow file for this run
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
name: Release Helm Chart | |
"on": | |
push: | |
tags: | |
# 2023.9.1, but not 2023.09.01 | |
# 2023.11.5, but not 2023.11.05 | |
# https://docs.github.com/en/actions/using-workflows/workflow-syntax-for-github-actions#filter-pattern-cheat-sheet | |
- '2[0-9][2-9][3-9].1?[0-9].[1-3]?[0-9]' | |
jobs: | |
release: | |
runs-on: ubuntu-latest | |
steps: | |
- name: Checkout | |
uses: actions/checkout@v4 | |
with: | |
fetch-depth: 0 | |
- name: Get the version tags | |
id: get_version | |
run: | | |
# Enable pipefail so git command failures do not result in null versions downstream | |
set -x | |
echo "RELEASE_VERSION=$(echo $GITHUB_REF | cut -d / -f 3)" >> $GITHUB_OUTPUT | |
echo "PREFECT_VERSION=$(\ | |
git ls-remote --tags --refs --sort="v:refname" \ | |
https://github.com/PrefectHQ/prefect.git '*.*.*' | tail -n1 | sed 's/.*\///' \ | |
)" >> $GITHUB_OUTPUT | |
- name: Copy Artifact Hub metadata | |
run: | | |
mkdir -p /tmp/chart | |
cp artifacthub-repo.yml /tmp/chart | |
- name: Configure Git | |
run: | | |
git config user.name "$GITHUB_ACTOR" | |
git config user.email "[email protected]" | |
- name: Set up Helm | |
uses: azure/[email protected] | |
- name: Prepare GPG key for signing | |
run: | | |
gpg_dir=/tmp/.gpg | |
mkdir "$gpg_dir" | |
keyring="$gpg_dir/secring.gpg" | |
base64 -d <<< "$GPG_KEYRING_BASE64" > "$keyring" | |
passphrase_file="$gpg_dir/passphrase" | |
echo "$GPG_PASSPHRASE" > "$passphrase_file" | |
echo "SIGN_PASSPHRASE_FILE=$passphrase_file" >> "$GITHUB_ENV" | |
echo "SIGN_KEYRING=$keyring" >> "$GITHUB_ENV" | |
env: | |
GPG_KEYRING_BASE64: "${{ secrets.GPG_KEYRING_BASE64 }}" | |
GPG_PASSPHRASE: "${{ secrets.GPG_PASSPHRASE }}" | |
- name: Add dependency chart repos | |
run: | | |
helm repo add bitnami https://charts.bitnami.com/bitnami | |
- name: Package Agent helm chart | |
run: | | |
mkdir -p /tmp/chart | |
cd charts | |
# Update the prefect version tag in values.yaml | |
sed -i "s/prefectTag:.*$/prefectTag: $PREFECT_VERSION-python3.10/g" prefect-agent/values.yaml | |
helm package prefect-agent \ | |
--destination /tmp/chart \ | |
--dependency-update \ | |
--version $RELEASE_VERSION \ | |
--app-version $PREFECT_VERSION \ | |
--sign --key '[email protected]' \ | |
--keyring $SIGN_KEYRING \ | |
--passphrase-file $SIGN_PASSPHRASE_FILE | |
env: | |
RELEASE_VERSION: ${{ steps.get_version.outputs.RELEASE_VERSION }} | |
PREFECT_VERSION: ${{ steps.get_version.outputs.PREFECT_VERSION }} | |
SIGN_KEYRING: ${{ env.SIGN_KEYRING }} | |
SIGN_PASSPHRASE_FILE: ${{ env.SIGN_PASSPHRASE_FILE }} | |
- name: Package Worker helm chart | |
run: | | |
mkdir -p /tmp/chart | |
cd charts | |
# Update the prefect version tag in values.yaml | |
sed -i "s/prefectTag:.*$/prefectTag: $PREFECT_VERSION-python3.11-kubernetes/g" prefect-worker/values.yaml | |
helm package prefect-worker \ | |
--destination /tmp/chart \ | |
--dependency-update \ | |
--version $RELEASE_VERSION \ | |
--app-version $PREFECT_VERSION \ | |
--sign --key '[email protected]' \ | |
--keyring $SIGN_KEYRING \ | |
--passphrase-file $SIGN_PASSPHRASE_FILE | |
env: | |
RELEASE_VERSION: ${{ steps.get_version.outputs.RELEASE_VERSION }} | |
PREFECT_VERSION: ${{ steps.get_version.outputs.PREFECT_VERSION }} | |
SIGN_KEYRING: ${{ env.SIGN_KEYRING }} | |
SIGN_PASSPHRASE_FILE: ${{ env.SIGN_PASSPHRASE_FILE }} | |
- name: Package Server helm chart | |
run: | | |
mkdir -p /tmp/chart | |
cd charts | |
# Update the prefect version tag in values.yaml | |
sed -i "s/prefectTag:.*$/prefectTag: $PREFECT_VERSION-python3.10/g" prefect-server/values.yaml | |
helm package prefect-server \ | |
--destination /tmp/chart \ | |
--dependency-update \ | |
--version $RELEASE_VERSION \ | |
--app-version $PREFECT_VERSION \ | |
--sign --key '[email protected]' \ | |
--keyring $SIGN_KEYRING \ | |
--passphrase-file $SIGN_PASSPHRASE_FILE | |
env: | |
RELEASE_VERSION: ${{ steps.get_version.outputs.RELEASE_VERSION }} | |
PREFECT_VERSION: ${{ steps.get_version.outputs.PREFECT_VERSION }} | |
SIGN_KEYRING: ${{ env.SIGN_KEYRING }} | |
SIGN_PASSPHRASE_FILE: ${{ env.SIGN_PASSPHRASE_FILE }} | |
- name: Update chart index | |
run: | | |
git stash # Stash changes to the values.yaml so checkout doesn't complain | |
git checkout gh-pages | |
helm repo index /tmp/chart --url https://prefecthq.github.io/prefect-helm/charts --merge ./index.yaml | |
- name: Commit and push | |
run: | | |
cp /tmp/chart/artifacthub-repo.yml . | |
cp /tmp/chart/index.yaml . | |
cp /tmp/chart/prefect-agent-$RELEASE_VERSION.* ./charts | |
cp /tmp/chart/prefect-server-$RELEASE_VERSION.* ./charts | |
cp /tmp/chart/prefect-worker-$RELEASE_VERSION.* ./charts | |
git add ./artifacthub-repo.yml ./index.yaml ./charts/prefect-agent-$RELEASE_VERSION.* ./charts/prefect-server-$RELEASE_VERSION.* ./charts/prefect-worker-$RELEASE_VERSION.* | |
git commit -m "Release $RELEASE_VERSION" | |
git push origin gh-pages | |
env: | |
RELEASE_VERSION: ${{ steps.get_version.outputs.RELEASE_VERSION }} | |
- name: Trigger deploy-latest-helm-version workflow | |
run: | | |
gh workflow run deploy-latest-helm-version.yaml \ | |
--ref main \ | |
-f helm_version=$RELEASE_VERSION | |
env: | |
GITHUB_TOKEN: ${{ github.token }} | |
RELEASE_VERSION: ${{ steps.get_version.outputs.RELEASE_VERSION }} |