-
Notifications
You must be signed in to change notification settings - Fork 64
149 lines (134 loc) · 5.81 KB
/
helm-release.yaml
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
name: Release Helm Chart
"on":
push:
tags:
# 2023.9.1, but not 2023.09.01
# 2023.11.5, but not 2023.11.05
# https://docs.github.com/en/actions/using-workflows/workflow-syntax-for-github-actions#filter-pattern-cheat-sheet
- '2[0-9][2-9][3-9].1?[0-9].[1-3]?[0-9]'
jobs:
release:
runs-on: ubuntu-latest
steps:
- name: Checkout
uses: actions/checkout@v4
with:
fetch-depth: 0
- name: Get the version tags
id: get_version
run: |
# Enable pipefail so git command failures do not result in null versions downstream
set -x
echo "RELEASE_VERSION=$(echo $GITHUB_REF | cut -d / -f 3)" >> $GITHUB_OUTPUT
echo "PREFECT_VERSION=$(\
git ls-remote --tags --refs --sort="v:refname" \
https://github.com/PrefectHQ/prefect.git '*.*.*' | tail -n1 | sed 's/.*\///' \
)" >> $GITHUB_OUTPUT
- name: Copy Artifact Hub metadata
run: |
mkdir -p /tmp/chart
cp artifacthub-repo.yml /tmp/chart
- name: Configure Git
run: |
git config user.name "$GITHUB_ACTOR"
git config user.email "[email protected]"
- name: Set up Helm
uses: azure/[email protected]
- name: Prepare GPG key for signing
run: |
gpg_dir=/tmp/.gpg
mkdir "$gpg_dir"
keyring="$gpg_dir/secring.gpg"
base64 -d <<< "$GPG_KEYRING_BASE64" > "$keyring"
passphrase_file="$gpg_dir/passphrase"
echo "$GPG_PASSPHRASE" > "$passphrase_file"
echo "SIGN_PASSPHRASE_FILE=$passphrase_file" >> "$GITHUB_ENV"
echo "SIGN_KEYRING=$keyring" >> "$GITHUB_ENV"
env:
GPG_KEYRING_BASE64: "${{ secrets.GPG_KEYRING_BASE64 }}"
GPG_PASSPHRASE: "${{ secrets.GPG_PASSPHRASE }}"
- name: Add dependency chart repos
run: |
helm repo add bitnami https://charts.bitnami.com/bitnami
- name: Package Agent helm chart
run: |
mkdir -p /tmp/chart
cd charts
# Update the prefect version tag in values.yaml
sed -i "s/prefectTag:.*$/prefectTag: $PREFECT_VERSION-python3.10/g" prefect-agent/values.yaml
helm package prefect-agent \
--destination /tmp/chart \
--dependency-update \
--version $RELEASE_VERSION \
--app-version $PREFECT_VERSION \
--sign --key '[email protected]' \
--keyring $SIGN_KEYRING \
--passphrase-file $SIGN_PASSPHRASE_FILE
env:
RELEASE_VERSION: ${{ steps.get_version.outputs.RELEASE_VERSION }}
PREFECT_VERSION: ${{ steps.get_version.outputs.PREFECT_VERSION }}
SIGN_KEYRING: ${{ env.SIGN_KEYRING }}
SIGN_PASSPHRASE_FILE: ${{ env.SIGN_PASSPHRASE_FILE }}
- name: Package Worker helm chart
run: |
mkdir -p /tmp/chart
cd charts
# Update the prefect version tag in values.yaml
sed -i "s/prefectTag:.*$/prefectTag: $PREFECT_VERSION-python3.11-kubernetes/g" prefect-worker/values.yaml
helm package prefect-worker \
--destination /tmp/chart \
--dependency-update \
--version $RELEASE_VERSION \
--app-version $PREFECT_VERSION \
--sign --key '[email protected]' \
--keyring $SIGN_KEYRING \
--passphrase-file $SIGN_PASSPHRASE_FILE
env:
RELEASE_VERSION: ${{ steps.get_version.outputs.RELEASE_VERSION }}
PREFECT_VERSION: ${{ steps.get_version.outputs.PREFECT_VERSION }}
SIGN_KEYRING: ${{ env.SIGN_KEYRING }}
SIGN_PASSPHRASE_FILE: ${{ env.SIGN_PASSPHRASE_FILE }}
- name: Package Server helm chart
run: |
mkdir -p /tmp/chart
cd charts
# Update the prefect version tag in values.yaml
sed -i "s/prefectTag:.*$/prefectTag: $PREFECT_VERSION-python3.10/g" prefect-server/values.yaml
helm package prefect-server \
--destination /tmp/chart \
--dependency-update \
--version $RELEASE_VERSION \
--app-version $PREFECT_VERSION \
--sign --key '[email protected]' \
--keyring $SIGN_KEYRING \
--passphrase-file $SIGN_PASSPHRASE_FILE
env:
RELEASE_VERSION: ${{ steps.get_version.outputs.RELEASE_VERSION }}
PREFECT_VERSION: ${{ steps.get_version.outputs.PREFECT_VERSION }}
SIGN_KEYRING: ${{ env.SIGN_KEYRING }}
SIGN_PASSPHRASE_FILE: ${{ env.SIGN_PASSPHRASE_FILE }}
- name: Update chart index
run: |
git stash # Stash changes to the values.yaml so checkout doesn't complain
git checkout gh-pages
helm repo index /tmp/chart --url https://prefecthq.github.io/prefect-helm/charts --merge ./index.yaml
- name: Commit and push
run: |
cp /tmp/chart/artifacthub-repo.yml .
cp /tmp/chart/index.yaml .
cp /tmp/chart/prefect-agent-$RELEASE_VERSION.* ./charts
cp /tmp/chart/prefect-server-$RELEASE_VERSION.* ./charts
cp /tmp/chart/prefect-worker-$RELEASE_VERSION.* ./charts
git add ./artifacthub-repo.yml ./index.yaml ./charts/prefect-agent-$RELEASE_VERSION.* ./charts/prefect-server-$RELEASE_VERSION.* ./charts/prefect-worker-$RELEASE_VERSION.*
git commit -m "Release $RELEASE_VERSION"
git push origin gh-pages
env:
RELEASE_VERSION: ${{ steps.get_version.outputs.RELEASE_VERSION }}
- name: Trigger deploy-latest-helm-version workflow
run: |
gh workflow run deploy-latest-helm-version.yaml \
--ref main \
-f helm_version=$RELEASE_VERSION
env:
GITHUB_TOKEN: ${{ github.token }}
RELEASE_VERSION: ${{ steps.get_version.outputs.RELEASE_VERSION }}