Release charts #574
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| name: "Release charts" | |
| on: | |
| workflow_dispatch: | |
| ref: master | |
| branches: | |
| - master | |
| permissions: | |
| teams: | |
| - development | |
| env: | |
| HELM_VERSION: 3.15.1 | |
| YQ_VERSION: 4.44.2 | |
| jobs: | |
| release: | |
| permissions: | |
| contents: write | |
| packages: write | |
| id-token: write | |
| runs-on: ubuntu-latest | |
| steps: | |
| - name: Checkout | |
| uses: actions/checkout@v4 | |
| with: | |
| fetch-depth: 0 | |
| token: ${{ secrets.VM_BOT_GH_TOKEN }} | |
| - name: Import GPG key | |
| uses: crazy-max/ghaction-import-gpg@v6 | |
| with: | |
| gpg_private_key: ${{ secrets.VM_BOT_GPG_PRIVATE_KEY }} | |
| passphrase: ${{ secrets.VM_BOT_PASSPHRASE }} | |
| git_user_signingkey: true | |
| git_commit_gpgsign: true | |
| - name: Install tools | |
| uses: yokawasa/[email protected] | |
| with: | |
| setup-tools: | | |
| helmv3 | |
| yq | |
| helm: "${{ env.HELM_VERSION }}" | |
| yq: "${{ env.YQ_VERSION }}" | |
| - name: Add dependencies | |
| run: | | |
| yq -M eval '.repositories[] | (.name + " " + .url)' .github/ci/helm-repos.yaml | xargs -L 1 helm repo add | |
| make helm-repo-update | |
| - name: Generate docs | |
| run: make gen-docs | |
| - name: Generate release notes | |
| run: | | |
| for CHANGELOG in $(find charts/*/CHANGELOG.md); do | |
| if grep -q "^## Next release$" $CHANGELOG; then | |
| echo "Processing $CHANGELOG" | |
| else | |
| echo "ERROR: Not found 'Next release' section in $CHANGELOG" | |
| exit 1 | |
| fi | |
| # Useful variables | |
| export CHART_DIR="$(dirname $CHANGELOG)" | |
| export CHART_FILE="${CHART_DIR}/Chart.yaml" | |
| export APP_VERSION="$(yq -M '.appVersion' $CHART_FILE)" | |
| export CHART_VERSION="$(yq -M '.version' $CHART_FILE)" | |
| # If version already released | |
| if grep -q "^## $CHART_VERSION$" $CHANGELOG; then | |
| echo "There is nothing to release for $CHANGELOG" | |
| else | |
| # Release notes file | |
| BADGES='' | |
| if [ "$APP_VERSION" != "null" ]; then | |
| export APP_VERSION_HASH="$(echo $APP_VERSION | tr -d '.' | cut -f1 -d '-')" | |
| export APP_LABEL=$(echo $APP_VERSION | sed 's/-/--/g') | |
| export APP_CHANGELOG=$(yq '.annotations["artifacthub.io/links"] | from_yaml | .[] | select(.name == "Changelog").url + "#" + env(APP_VERSION_HASH)| @uri' $CHART_FILE) | |
| BADGES+=' ' | |
| fi | |
| export BADGES | |
| export CHANGELOG | |
| export RELEASE_DATE="**Release date:** $(date '+%d %b %Y')" | |
| export NOTES="$(sed -n '/## Next release/,/## /p' $CHANGELOG | sed -e '$d' -e '1d')" | |
| # ArtifactHub annotation in Chart.yaml file | |
| yq -M -i '.annotations["artifacthub.io/changes"] = (load_str(strenv(CHANGELOG)) | capture("## Next release[\s]*(?P<changes>[\s\S]*?)[\s]*##") | .changes | split("\n") | .[] |= sub("^[\s]*-[\s]+", "") | filter(length > 0) | to_yaml)' $CHART_FILE | |
| export README=${CHART_DIR}/README.md | |
| yq -M -i '.annotations["artifacthub.io/readme"] = load_str(strenv(README))' $CHART_FILE | |
| # Create release notes | |
| cat <<EOT > ${CHART_DIR}/RELEASE_NOTES | |
| # Release notes for version $CHART_VERSION | |
| $RELEASE_DATE | |
| $BADGES | |
| $NOTES | |
| EOT | |
| # Update chart version in CHANGELOG | |
| sed -i 's/## Next release/&\n\n- TODO\n\n## $CHART_VERSION\n\n$RELEASE_DATE\n\n$BADGES/' $CHANGELOG | |
| envsubst < $CHANGELOG > $CHANGELOG.copy | |
| mv $CHANGELOG.copy $CHANGELOG | |
| fi | |
| done | |
| - name: Release | |
| if: ${{ hashFiles('charts/*/RELEASE_NOTES') != '' }} | |
| uses: helm/[email protected] | |
| env: | |
| CR_TOKEN: "${{ secrets.VM_BOT_GH_TOKEN }}" | |
| with: | |
| config: .github/ci/cr.yaml | |
| - name: Login to GitHub Container Registry | |
| uses: docker/login-action@v3 | |
| with: | |
| registry: ghcr.io | |
| username: ${{ github.actor }} | |
| password: ${{ secrets.GITHUB_TOKEN }} | |
| - name: Cosign sign | |
| uses: sigstore/cosign-installer@v3 | |
| - name: Release OCI | |
| if: ${{ hashFiles('charts/*/RELEASE_NOTES') != '' }} | |
| run: | | |
| helm registry login \ | |
| -u ${{ github.actor }} \ | |
| -p ${{ github.token }} \ | |
| ghcr.io | |
| mkdir -p .cr-release-packages | |
| CHART_REPO="ghcr.io/${GITHUB_REPOSITORY_OWNER,,}/helm-charts" | |
| for chart in charts/*; do | |
| export CHART_FILE="${chart}/Chart.yaml" | |
| export CHART_VERSION="$(yq -M '.version' $CHART_FILE)" | |
| export CHART_NAME=$(basename $chart) | |
| package=".cr-release-packages/${CHART_NAME}-${CHART_VERSION}.tgz"; | |
| if [ ! -f $chart/RELEASE_NOTES ]; then | |
| echo "no release notes for chart $chart. removing it from uploading..." | |
| rm -rf $package | |
| else | |
| echo "publishing ${CHART_NAME} ${CHART_VERSION}" | |
| HELM_OUTPUT=$(helm push $package oci://${CHART_REPO} 2>&1) | |
| CHART_DIGEST=$(echo "$HELM_OUTPUT" | awk '/^Digest: sha256:[0-9a-f]{64}$/ { print $2 }') | |
| cosign sign --yes ${CHART_REPO}/${CHART_NAME}@${CHART_DIGEST} | |
| fi | |
| done | |
| - name: Automatic update changelogs and readme | |
| if: ${{ hashFiles('charts/*/RELEASE_NOTES') != '' }} | |
| run: | | |
| rm -rf charts/*/RELEASE_NOTES | |
| export VM_GIT_BRANCH_NAME="changelog-update-$(date +%s)" | |
| git checkout -b "${VM_GIT_BRANCH_NAME}" | |
| git add charts/*/CHANGELOG.md | |
| git add charts/*/README.md | |
| git commit -S -m "Automatic update CHANGELOGs and READMEs" | |
| git push origin ${VM_GIT_BRANCH_NAME} | |
| gh pr create \ | |
| -H $(git branch --show-current) \ | |
| -t "Automatic update CHANGELOGs and READMEs" \ | |
| -b "Automatic update CHANGELOGs and READMEs" | |
| env: | |
| GH_TOKEN: "${{ secrets.VM_BOT_GH_TOKEN }}" | |
| GITHUB_TOKEN: "${{ secrets.VM_BOT_GH_TOKEN }}" |