osg-hosted-ce: create Certificate object if requested (SOFTWARE-6247) #141
Workflow file for this run
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| name: Publish Helm Chart | |
| on: | |
| push: | |
| pull_request: | |
| branches: | |
| - main | |
| jobs: | |
| build-chart-list: | |
| runs-on: ubuntu-latest | |
| outputs: | |
| chartpaths: ${{ steps.helm-list.outputs.json }} | |
| BASE: ${{steps.helm-list.outputs.basecommit}} | |
| steps: | |
| - uses: actions/checkout@v3 | |
| with: | |
| fetch-depth: 0 | |
| - id: helm-list | |
| run: | | |
| # Get the list of files changed based on the type of event | |
| # kicking off the GHA: | |
| # 1. For the main branch, diff the previous state of main vs | |
| # the current commit | |
| # 2. For other branches (i.e., on someone's fork), diff main | |
| # vs the current commit | |
| # 3. For PRs, diff the base ref vs the current commit | |
| if [[ $GITHUB_EVENT_NAME == 'pull_request' ]] || | |
| [[ $GITHUB_EVENT_NAME == 'push' ]]; then | |
| if [[ $GITHUB_EVENT_NAME == 'pull_request' ]]; then | |
| BASE=$(git merge-base origin/$GITHUB_BASE_REF HEAD) | |
| echo "basecommit=$BASE" >> $GITHUB_OUTPUT | |
| elif [[ $GITHUB_REF == 'refs/heads/main' ]]; then | |
| BASE=${{github.event.before}} | |
| echo "basecommit=$BASE" >> $GITHUB_OUTPUT | |
| else | |
| BASE=origin/main | |
| echo "basecommit=$BASE" >> $GITHUB_OUTPUT | |
| fi | |
| # List helm-chart root dirs where files have changed and the | |
| # root dir exists. Example value: | |
| # "helm-charts/supported helm-charts/contrib" | |
| chartpaths=$(git diff --name-only \ | |
| "$BASE" \ | |
| "$GITHUB_SHA" | | |
| cut -d/ -f -3 | | |
| sort | | |
| uniq | | |
| xargs -I {} find . -type d \ | |
| -wholename ./{} \ | |
| -printf "%P\n") | |
| fi | |
| # Ensure that the generated JSON array has a member, | |
| # otherwise GHA will throw an error about an empty matrix | |
| # vector in subsequent steps | |
| chart_json=$(echo -n "${chartpaths:-dummy}" | jq -Rcs '.|split("\n")') | |
| echo "json=${chart_json}" >> $GITHUB_OUTPUT | |
| build-and-push: | |
| runs-on: ubuntu-latest | |
| if: needs.build-chart-list.outputs.chartpaths != '["dummy"]' | |
| needs: build-chart-list | |
| strategy: | |
| fail-fast: false | |
| matrix: | |
| chartpath: ${{ fromJson(needs.build-chart-list.outputs.chartpaths) }} | |
| steps: | |
| - name: Checkout code | |
| uses: actions/checkout@v3 | |
| with: | |
| fetch-depth: 0 | |
| - name: Helm tool installer | |
| uses: Azure/setup-helm@v3 | |
| with: | |
| version: 'v3.12.0' | |
| id: install | |
| - name: Upstream Repo Sync | |
| # if build-config.json in this chartpath specifies an external git repo, | |
| # clone that repo and move its contents to chartpath | |
| if: ${{ hashFiles(format('{0}/{1}', matrix.chartpath, 'build-config.json')) != '' }} | |
| run: | | |
| UPSTREAM=$(jq -r '.upstream' ${{matrix.chartpath}}/build-config.json) | |
| REF=$(jq -r '.ref' ${{matrix.chartpath}}/build-config.json) | |
| CHART_DIR=$(jq -r '.chart_dir' ${{matrix.chartpath}}/build-config.json) | |
| git clone $UPSTREAM ${{matrix.chartpath}}/upstream | |
| (cd ${{matrix.chartpath}}/upstream; git fetch && git reset --hard $REF) | |
| # Re-organize the directory so that Chart.yaml sits at the top level of ${{matrix.chartpath}} | |
| # to align directory structure with remaining GHA steps | |
| mv ${{matrix.chartpath}}/upstream/$CHART_DIR/* ${{matrix.chartpath}} | |
| - name: Helm Chart Linter | |
| run: | | |
| helm lint ${{matrix.chartpath}} | |
| - name: SEMVER Check | |
| # Checks Chart Version Number against SEMVER regex | |
| run: | | |
| version=$(helm show chart ${{matrix.chartpath}} | | |
| awk '/version:/ {print $2}') | |
| # Checks for semantic versioning specification, https://semver.org/ | |
| semver_regex="^(0|[1-9][0-9]*)\.(0|[1-9][0-9]*)\.(0|[1-9][0-9]*)\ | |
| (-(0|[1-9A-Za-z-][0-9A-Za-z-]*)(\.[0-9A-Za-z-]+)*)?(\+[0-9A-Za-z-]\ | |
| +(\.[0-9A-Za-z-]+)*)?$" | |
| if [[ $version =~ $semver_regex ]]; then | |
| echo "$version uses SEMVER, https://semver.org/" | |
| else | |
| echo "$version is not using SEMVER, https://semver.org/" | |
| exit 1 | |
| fi | |
| - name: Helm Chart Version Check | |
| # if build-config.json in this chartpath specifies an external git repo, | |
| # assume that an explicit upgrade was detected and don't compare semvers | |
| if: ${{ hashFiles(format('{0}/{1}', matrix.chartpath, 'build-config.json')) == '' }} | |
| env: | |
| BASE: ${{needs.build-chart-list.outputs.BASE}} | |
| run: | | |
| # old_chart_version diffs commit that triggered workflow against previous | |
| # commit. Pulls out version number of the existing chart or "old chart". | |
| # The git diff gives spits out both version numbers, head -2 | tail -1 | |
| # Grabs the value on the second line. | |
| old_chart_version=$(git diff "$BASE" ${{ github.sha }} -- ${{matrix.chartpath}} | | |
| awk '/version:/ {print $2}' | | |
| head -1 | | |
| tail -1 | | |
| tr -d '"') | |
| # Grabs the chart version number out of the chart that needs | |
| # to be checked. | |
| new_chart_version=$(helm show chart ${{matrix.chartpath}} | | |
| awk '/version:/ {print $2}') | |
| # Checks if the new chart version number | |
| # is > than the existing chart. | |
| versioncheck() { | |
| if [ "$1" == "$2" ]; then | |
| return 1 | |
| else | |
| [ "$1" == "`echo -e "$1\n$2" | sort -V | head -n1`" ] | |
| fi | |
| } | |
| if versioncheck $old_chart_version $new_chart_version; then | |
| echo "Helm chart version updated." | |
| else | |
| echo "Helm chart version needs to be updated!" | |
| exit 1 | |
| fi | |
| - name: Helm Template Check | |
| run: | | |
| helm template ${{matrix.chartpath}} | |
| - name: Build Helm Chart | |
| id: build-chart | |
| run: | | |
| # Extract tarball name from a line that looks like | |
| # Successfully packaged chart and saved it to: /home/blin/vcs/images/osg-helm-charts/supported/osg-htc/osdf-origin/osdf-origin-0.29.tgz | |
| helm_package_success_message=$(helm package ${{matrix.chartpath}} | grep -m1 '^Success') | |
| chart_tarball=${helm_package_success_message#*': '} # delete up to and including ': ' | |
| if [[ ! $chart_tarball ]]; then | |
| echo "helm package failed" >&2 | |
| exit 1 | |
| fi | |
| echo "tarball=${chart_tarball}" >> "$GITHUB_OUTPUT" | |
| - name: Push Helm chart | |
| if: >- | |
| github.ref == 'refs/heads/main' && | |
| github.event_name != 'pull_request' && | |
| github.repository_owner == 'osg-htc' | |
| run: | | |
| echo ${{secrets.OSG_HARBOR_PASSWORD}} \ | |
| | helm registry login -u ${{secrets.OSG_HARBOR_USER}} \ | |
| --password-stdin \ | |
| hub.opensciencegrid.org | |
| dest_project=$(echo ${{matrix.chartpath}} | cut -d/ -f 2) | |
| helm push ${{ steps.build-chart.outputs.tarball }} \ | |
| oci://hub.opensciencegrid.org/${dest_project} |