emqx-operator/.github/workflows/release-helm.yml at main-2.3 · emqx/emqx-operator · GitHub

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
name: Release Helm Chart

on:
  push:
    tags:
      - 'helm-[0-9]+.[0-9]*'
  workflow_dispatch:
    inputs:
      branch:
        description: 'Branch to build from (e.g., main-2.3)'
        required: true
        default: main-2.3
      tag:
        description: 'Helm tag (e.g. helm-2.3.0). Empty = dry run.'
        required: false

permissions:
  contents: read

jobs:
  helm:
    runs-on: ubuntu-latest
    steps:
      - uses: actions/checkout@v6
        with:
          ref: ${{ (github.event_name == 'workflow_dispatch' && inputs.branch) || github.ref }}

      - name: Resolve chart version from tag
        run: |
          if [ "${{ github.event_name }}" = "workflow_dispatch" ]; then
            TAG="${{ inputs.tag }}"
          else
            TAG="${{ github.ref_name }}"
          fi
          case "$TAG" in
            helm-*)
              echo "CHART_VERSION=${TAG#helm-}" | tee -a "$GITHUB_ENV"
              ;;
            "")
              echo "No Helm release tag, dry running"
              ;;
            *)
              echo "::error::Helm release tags must match helm-X.Y.[...], got ${TAG}"
              exit 1
              ;;
          esac

      - uses: azure/setup-helm@v5

      - uses: actions/setup-go@v6
        with:
          go-version-file: 'go.mod'

      - name: Create Kind cluster
        uses: helm/kind-action@v1.14.0

      - name: Generate CRDs
        run: make build-crd

      - name: Helm lint
        run: helm lint deploy/charts/emqx-operator

      - name: Helm template dry-run
        run: helm template emqx-operator deploy/charts/emqx-operator | kubectl apply --dry-run=client -f -

      - name: Helm install
        run: |
          helm install emqx-operator deploy/charts/emqx-operator \
            --namespace "emqx-operator-system" \
            --create-namespace \
            --wait \
            --timeout 3m

      - name: Verify Operator workload
        run: |
          kubectl wait --for=condition=ready pod \
            -n "emqx-operator-system" \
            -l control-plane=controller-manager \
            --timeout=180s
          kubectl -n "emqx-operator-system" get all -l control-plane=controller-manager
          kubectl -n "emqx-operator-system" get events

      - name: Vet Chart
        if: ${{ env.CHART_VERSION != '' }}
        run: |
          chart_version=$(yq '.version' deploy/charts/emqx-operator/Chart.yaml)
          if [ "$chart_version" != "$CHART_VERSION" ]; then
            echo "::error::Chart version `$chart_version` does not match git tag `helm-${CHART_VERSION}`"
            exit 1
          fi

      - name: Push Helm Chart
        if: ${{ env.CHART_VERSION != '' }}
        env:
          HELM_REPO_AWS_BUCKET_NAME: "repos-emqx-io"
          AWS_DEFAULT_REGION: "us-west-2"
          AWS_ACCESS_KEY_ID: ${{ secrets.AWS_ACCESS_KEY_ID }}
          AWS_SECRET_ACCESS_KEY: ${{ secrets.AWS_SECRET_ACCESS_KEY }}
        working-directory: "deploy/charts/emqx-operator"
        run: |
          # Update helm packages
          helm dependency update
          helm package .
          # Upload to AWS
          mkdir -p /tmp/helm-repo
          aws s3 sync s3://${{ env.HELM_REPO_AWS_BUCKET_NAME }}/charts/ /tmp/helm-repo/
          mv *.tgz /tmp/helm-repo
          cd /tmp/helm-repo
          helm repo index .
          aws s3 sync . s3://${{ env.HELM_REPO_AWS_BUCKET_NAME }}/charts/