diff --git a/.github/actions/chart_releaser/action.yaml b/.github/actions/chart_releaser/action.yaml new file mode 100644 index 00000000..0ae62cf5 --- /dev/null +++ b/.github/actions/chart_releaser/action.yaml @@ -0,0 +1,96 @@ +name: "Helm Chart Releaser" +description: "Host a Helm charts repo on GitHub Pages" +author: "The Helm authors" +branding: + color: blue + icon: anchor +inputs: + version: + description: "The chart-releaser version to use (default: v1.6.0)" + required: false + default: v1.6.0 + config: + description: "The relative path to the chart-releaser config file" + required: false + charts_dir: + description: The charts directory + required: false + default: charts + install_dir: + description: "Where to install the cr tool" + required: false + install_only: + description: "Just install cr tool" + required: false + skip_packaging: + description: "Skip the packaging option (do your custom packaging before running this action)" + required: false + skip_existing: + description: "Skip package upload if release exists" + required: false + mark_as_latest: + description: Mark the created GitHub release as 'latest' + required: false + default: true +outputs: + changed_charts: + description: "A comma-separated list of charts that were released on this run. Will be an empty string if no updates were detected, will be unset if `--skip_packaging` is used: in the latter case your custom packaging step is responsible for setting its own outputs if you need them." + value: ${{ steps.release.outputs.changed_charts }} + chart_version: + description: "The version of the most recently generated charts; will be set even if no charts have been updated since the last run." + value: ${{ steps.release.outputs.chart_version }} + +runs: + using: composite + steps: + - id: release + run: | + owner=$(cut -d '/' -f 1 <<< "$GITHUB_REPOSITORY") + repo=$(cut -d '/' -f 2 <<< "$GITHUB_REPOSITORY") + + args=(--owner "$owner" --repo "$repo") + args+=(--charts-dir "${{ inputs.charts_dir }}") + + if [[ -n "${{ inputs.version }}" ]]; then + args+=(--version "${{ inputs.version }}") + fi + + if [[ -n "${{ inputs.config }}" ]]; then + args+=(--config "${{ inputs.config }}") + fi + + if [[ -z "${{ inputs.install_dir }}" ]]; then + install="$RUNNER_TOOL_CACHE/cr/${{ inputs.version }}/$(uname -m)" + echo "$install" >> "$GITHUB_PATH" + args+=(--install-dir "$install") + else + echo ${{ inputs.install_dir }} >> "$GITHUB_PATH" + args+=(--install-dir "${{ inputs.install_dir }}") + fi + + if [[ -n "${{ inputs.install_only }}" ]]; then + args+=(--install-only "${{ inputs.install_only }}") + fi + + if [[ -n "${{ inputs.skip_packaging }}" ]]; then + args+=(--skip-packaging "${{ inputs.skip_packaging }}") + fi + + if [[ -n "${{ inputs.skip_existing }}" ]]; then + args+=(--skip-existing "${{ inputs.skip_existing }}") + fi + + if [[ -n "${{ inputs.mark_as_latest }}" ]]; then + args+=(--mark-as-latest "${{ inputs.mark_as_latest }}") + fi + + "$GITHUB_ACTION_PATH/cr.sh" "${args[@]}" + + if [[ -f changed_charts.txt ]]; then + cat changed_charts.txt >> "$GITHUB_OUTPUT" + fi + if [[ -f chart_version.txt ]]; then + cat chart_version.txt >> "$GITHUB_OUTPUT" + fi + rm -f changed_charts.txt chart_version.txt + shell: bash diff --git a/.github/actions/chart_releaser/cr.sh b/.github/actions/chart_releaser/cr.sh new file mode 100644 index 00000000..a8cb24b1 --- /dev/null +++ b/.github/actions/chart_releaser/cr.sh @@ -0,0 +1,341 @@ +#!/usr/bin/env bash + +# Copyright The Helm Authors +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# https://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +set -o errexit +set -o nounset +set -o pipefail + +DEFAULT_CHART_RELEASER_VERSION=v1.6.0 + +show_help() { + cat < + + -h, --help Display help + -v, --version The chart-releaser version to use (default: $DEFAULT_CHART_RELEASER_VERSION)" + --config The path to the chart-releaser config file + -d, --charts-dir The charts directory (default: charts) + -o, --owner The repo owner + -r, --repo The repo name + -n, --install-dir The Path to install the cr tool + -i, --install-only Just install the cr tool + -s, --skip-packaging Skip the packaging step (run your own packaging before using the releaser) + --skip-existing Skip package upload if release exists + -l, --mark-as-latest Mark the created GitHub release as 'latest' (default: true) +EOF +} + +main() { + local version="$DEFAULT_CHART_RELEASER_VERSION" + local config= + local charts_dir=charts + local owner= + local repo= + local install_dir= + local install_only= + local skip_packaging= + local skip_existing= + local mark_as_latest=true + + parse_command_line "$@" + + : "${CR_TOKEN:?Environment variable CR_TOKEN must be set}" + + local repo_root + repo_root=$(git rev-parse --show-toplevel) + pushd "$repo_root" >/dev/null + + if [[ -z "$skip_packaging" ]]; then + echo 'Looking up latest tag...' + local latest_tag + latest_tag=$(lookup_latest_tag) + + echo "Discovering changed charts since '$latest_tag'..." + local changed_charts=() + readarray -t changed_charts <<<"$(lookup_changed_charts "$latest_tag")" + + if [[ -n "${changed_charts[*]}" ]]; then + install_chart_releaser + + rm -rf .cr-release-packages + mkdir -p .cr-release-packages + + rm -rf .cr-index + mkdir -p .cr-index + + for chart in "${changed_charts[@]}"; do + if [[ -d "$chart" ]]; then + package_chart "$chart" + else + echo "Nothing to do. No chart changes detected." + fi + done + + release_charts + update_index + echo "changed_charts=$( + IFS=, + echo "${changed_charts[*]}" + )" >changed_charts.txt + else + echo "Nothing to do. No chart changes detected." + echo "changed_charts=" >changed_charts.txt + fi + else + install_chart_releaser + rm -rf .cr-index + mkdir -p .cr-index + release_charts + update_index + fi + + echo "chart_version=${latest_tag}" >chart_version.txt + + popd >/dev/null +} + +parse_command_line() { + while :; do + case "${1:-}" in + -h | --help) + show_help + exit + ;; + --config) + if [[ -n "${2:-}" ]]; then + config="$2" + shift + else + echo "ERROR: '--config' cannot be empty." >&2 + show_help + exit 1 + fi + ;; + -v | --version) + if [[ -n "${2:-}" ]]; then + version="$2" + shift + else + echo "ERROR: '-v|--version' cannot be empty." >&2 + show_help + exit 1 + fi + ;; + -d | --charts-dir) + if [[ -n "${2:-}" ]]; then + charts_dir="$2" + shift + else + echo "ERROR: '-d|--charts-dir' cannot be empty." >&2 + show_help + exit 1 + fi + ;; + -o | --owner) + if [[ -n "${2:-}" ]]; then + owner="$2" + shift + else + echo "ERROR: '--owner' cannot be empty." >&2 + show_help + exit 1 + fi + ;; + -r | --repo) + if [[ -n "${2:-}" ]]; then + repo="$2" + shift + else + echo "ERROR: '--repo' cannot be empty." >&2 + show_help + exit 1 + fi + ;; + -n | --install-dir) + if [[ -n "${2:-}" ]]; then + install_dir="$2" + shift + fi + ;; + -i | --install-only) + if [[ -n "${2:-}" ]]; then + install_only="$2" + shift + fi + ;; + -s | --skip-packaging) + if [[ -n "${2:-}" ]]; then + skip_packaging="$2" + shift + fi + ;; + --skip-existing) + if [[ -n "${2:-}" ]]; then + skip_existing="$2" + shift + fi + ;; + -l | --mark-as-latest) + if [[ -n "${2:-}" ]]; then + mark_as_latest="$2" + shift + fi + ;; + *) + break + ;; + esac + + shift + done + + if [[ -z "$owner" ]]; then + echo "ERROR: '-o|--owner' is required." >&2 + show_help + exit 1 + fi + + if [[ -z "$repo" ]]; then + echo "ERROR: '-r|--repo' is required." >&2 + show_help + exit 1 + fi + + if [[ -z "$install_dir" ]]; then + local arch + arch=$(uname -m) + install_dir="$RUNNER_TOOL_CACHE/cr/$version/$arch" + fi + + if [[ -n "$install_only" ]]; then + echo "Will install cr tool and not run it..." + install_chart_releaser + exit 0 + fi +} + +install_chart_releaser() { + if [[ ! -d "$RUNNER_TOOL_CACHE" ]]; then + echo "Cache directory '$RUNNER_TOOL_CACHE' does not exist" >&2 + exit 1 + fi + + if [[ ! -d "$install_dir" ]]; then + mkdir -p "$install_dir" + + echo "Installing chart-releaser on $install_dir..." + curl -sSLo cr.tar.gz "https://github.com/helm/chart-releaser/releases/download/$version/chart-releaser_${version#v}_linux_amd64.tar.gz" + tar -xzf cr.tar.gz -C "$install_dir" + rm -f cr.tar.gz + fi + + echo 'Adding cr directory to PATH...' + export PATH="$install_dir:$PATH" +} + +lookup_latest_tag() { + git fetch --tags >/dev/null 2>&1 + + if git symbolic-ref --short -q HEAD; then + if ! git describe --tags --abbrev=0 HEAD~ 2>/dev/null; then + git rev-list --max-parents=0 --first-parent HEAD + fi + else + # In a detached HEAD state, such as when the pipeline + # is triggered by a push on a tag commit, we need to look back + # by date + current_commit=$(git rev-parse HEAD) + for tag in $(git tag --sort=-creatordate); do + if [ $(git rev-parse "$tag") = "$current_commit" ]; then + continue + else + echo "$tag" + break + fi + done + fi +} + + +filter_charts() { + while read -r chart; do + [[ ! -d "$chart" ]] && continue + local file="$chart/Chart.yaml" + if [[ -f "$file" ]]; then + echo "$chart" + else + echo "WARNING: $file is missing, assuming that '$chart' is not a Helm chart. Skipping." 1>&2 + fi + done +} + +lookup_changed_charts() { + local commit="$1" + + if [ -z "$commit" ]; then + # If no commit is given (i.e., no previous tag), consider all charts. + find "$charts_dir" -maxdepth 1 -type d | filter_charts + else + local changed_files + changed_files=$(git diff --find-renames --name-only "$commit" -- "$charts_dir") + + local depth=$(($(tr "/" "\n" <<<"$charts_dir" | sed '/^\(\.\)*$/d' | wc -l) + 1)) + local fields="1-${depth}" + + cut -d '/' -f "$fields" <<<"$changed_files" | uniq | filter_charts + fi +} + + +package_chart() { + local chart="$1" + + local args=("$chart" --package-path .cr-release-packages) + if [[ -n "$config" ]]; then + args+=(--config "$config") + fi + + echo "Packaging chart '$chart'..." + cr package "${args[@]}" +} + +release_charts() { + local args=(-o "$owner" -r "$repo" -c "$(git rev-parse HEAD)") + if [[ -n "$config" ]]; then + args+=(--config "$config") + fi + if [[ -n "$skip_existing" ]]; then + args+=(--skip-existing) + fi + if [[ "$mark_as_latest" = false ]]; then + args+=(--make-release-latest=false) + fi + + echo 'Releasing charts...' + cr upload "${args[@]}" +} + +update_index() { + local args=(-o "$owner" -r "$repo" --push) + if [[ -n "$config" ]]; then + args+=(--config "$config") + fi + + echo 'Updating charts repo index...' + cr index "${args[@]}" +} + +main "$@" diff --git a/.github/actions/chart_releaser/cr.yaml b/.github/actions/chart_releaser/cr.yaml new file mode 100644 index 00000000..dc5f6966 --- /dev/null +++ b/.github/actions/chart_releaser/cr.yaml @@ -0,0 +1,4 @@ +owner: bcgov +git-repo: vc-authn-oidc +git-base-url: https://api.github.com/ +git-upload-url: https://uploads.github.com/ diff --git a/.github/workflows/chart_release.yaml b/.github/workflows/chart_release.yaml new file mode 100644 index 00000000..b6bdc9fb --- /dev/null +++ b/.github/workflows/chart_release.yaml @@ -0,0 +1,47 @@ +name: Helm Chart Release + +on: + release: + types: [published] + workflow_dispatch: + +jobs: + # Sometimes chart-releaser might fetch an outdated index.yaml from gh-pages, causing a WAW hazard on the repo + # This job checks the remote file is up to date with the local one on release + validate-gh-pages-index: + runs-on: ubuntu-latest + steps: + - name: Checkout + uses: actions/checkout@v3 + with: + ref: gh-pages + - name: Download remote index file and check equality + run: | + curl -vsSL https://${{ github.repository_owner }}.github.io/${{ github.event.repository.name }}/index.yaml > index.yaml.remote + LOCAL="$(md5sum < index.yaml)" + REMOTE="$(md5sum < index.yaml.remote)" + echo "$LOCAL" = "$REMOTE" + test "$LOCAL" = "$REMOTE" + + chart-release: + name: Create chart release + runs-on: ubuntu-latest + needs: [ validate-gh-pages-index ] + steps: + - uses: actions/checkout@v3 + with: + fetch-depth: 0 + - name: Configure Git + run: | + git config user.name "$GITHUB_ACTOR" + git config user.email "$GITHUB_ACTOR@users.noreply.github.com" + - name: Install Helm + uses: azure/setup-helm@v3 + - name: Add bitnami repository + run: helm repo add bitnami https://charts.bitnami.com/bitnami + - name: Run chart-releaser + uses: ./.github/actions/chart_releaser + with: + config: .github/actions/chart_releaser/cr.yaml + env: + CR_TOKEN: "${{ secrets.GITHUB_TOKEN }}" diff --git a/.github/workflows/publish.yml b/.github/workflows/publish.yml index 4cfca49a..9580b830 100644 --- a/.github/workflows/publish.yml +++ b/.github/workflows/publish.yml @@ -92,27 +92,3 @@ jobs: run: | rm -rf /tmp/.buildx-cache mv /tmp/.buildx-cache-new /tmp/.buildx-cache - publish-chart: - runs-on: ubuntu-latest - steps: - - name: Checkout - uses: actions/checkout@v3 - with: - fetch-depth: 0 - - - name: Configure Git - run: | - git config user.name "$GITHUB_ACTOR" - git config user.email "$GITHUB_ACTOR@users.noreply.github.com" - - - name: Install Helm - uses: azure/setup-helm@v3 - - - name: Add dependency chart repos - run: | - helm repo add bitnami https://charts.bitnami.com/bitnami - - - name: Run chart-releaser - uses: helm/chart-releaser-action@v1.5.0 - env: - CR_TOKEN: "${{ secrets.GITHUB_TOKEN }}"