344 lines
15 KiB
YAML
344 lines
15 KiB
YAML
name: "Charts: Release"
|
|
|
|
concurrency: helm-release
|
|
|
|
on:
|
|
workflow_dispatch:
|
|
push:
|
|
branches:
|
|
- master
|
|
paths:
|
|
- "charts/**"
|
|
|
|
jobs:
|
|
release-helm:
|
|
runs-on: ubuntu-latest
|
|
container:
|
|
image: ghcr.io/truecharts/devcontainer:3.1.10@sha256:c239addf725eb5cedf79517f8089fdafdc32b5270d1893ee87ae6e511b9bcae3
|
|
steps:
|
|
- name: Checkout
|
|
uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 # v4
|
|
with:
|
|
token: ${{ secrets.BOT_TOKEN }}
|
|
fetch-depth: 1
|
|
|
|
- name: Checkout Helm-Staging
|
|
uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 # v4
|
|
with:
|
|
fetch-depth: 1
|
|
repository: truecharts/helm-staging
|
|
token: ${{ secrets.BOT_TOKEN }}
|
|
path: helm
|
|
|
|
- name: Fix Pre-Commit issues
|
|
shell: bash
|
|
run: |
|
|
echo "Running pre-commit test-and-cleanup..."
|
|
pre-commit run --all ||:
|
|
# Fix sh files to always be executable
|
|
find . -name '*.sh' | xargs chmod +x
|
|
|
|
- name: Commit Helm Changes
|
|
run: |
|
|
rm -rf helm/charts
|
|
mkdir helm/charts
|
|
cp -rf charts helm
|
|
|
|
- name: Commit Helm Changes
|
|
run: |
|
|
cd helm
|
|
git config user.name "TrueCharts-Bot"
|
|
git config user.email "bot@truecharts.org"
|
|
git add --all
|
|
git commit -sm "Commit released Helm Charts for TrueCharts" || exit 0
|
|
git push
|
|
cd -
|
|
|
|
release-scale:
|
|
runs-on: ubuntu-latest
|
|
outputs:
|
|
ref: ${{ steps.save-commit-hash.outputs.commit_hash }}
|
|
container:
|
|
image: ghcr.io/truecharts/devcontainer:3.1.10@sha256:c239addf725eb5cedf79517f8089fdafdc32b5270d1893ee87ae6e511b9bcae3
|
|
steps:
|
|
- name: Install Kubernetes tools
|
|
uses: yokawasa/action-setup-kube-tools@af4ebb1af1efd30c5bd84a2e9773355ad6362a33 # v0.9.3
|
|
with:
|
|
setup-tools: |
|
|
helmv3
|
|
helm: "3.8.0"
|
|
|
|
- name: Prep Helm
|
|
run: |
|
|
helm repo add truecharts https://charts.truecharts.org
|
|
helm repo add truecharts-library https://library-charts.truecharts.org
|
|
helm repo add truecharts-deps https://deps.truecharts.org
|
|
helm repo add jetstack https://charts.jetstack.io
|
|
helm repo update
|
|
|
|
# Optional step if GPG signing is used
|
|
- name: Prepare GPG key
|
|
shell: bash
|
|
run: |
|
|
gpg_dir=.cr-gpg
|
|
mkdir -p "$gpg_dir"
|
|
keyring="$gpg_dir/secring.gpg"
|
|
base64 -d <<< "$GPG_KEYRING_BASE64" > "$keyring"
|
|
passphrase_file="$gpg_dir/passphrase"
|
|
echo "$GPG_PASSPHRASE" > "$passphrase_file"
|
|
echo "CR_PASSPHRASE_FILE=$passphrase_file" >> "$GITHUB_ENV"
|
|
echo "CR_KEYRING=$keyring" >> "$GITHUB_ENV"
|
|
env:
|
|
GPG_KEYRING_BASE64: "${{ secrets.GPG_KEYRING_BASE64 }}"
|
|
GPG_PASSPHRASE: "${{ secrets.GPG_PASSPHRASE }}"
|
|
|
|
- name: Checkout
|
|
uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 # v4
|
|
with:
|
|
token: ${{ secrets.BOT_TOKEN }}
|
|
fetch-depth: 0
|
|
|
|
- name: Setting repo parent dir as safe safe.directory
|
|
run: git config --global --add safe.directory "$GITHUB_WORKSPACE"
|
|
|
|
- name: Collect changes
|
|
id: collect-changes
|
|
uses: ./.github/actions/collect-changes
|
|
|
|
- name: Generate Changelog
|
|
shell: bash
|
|
if: |
|
|
steps.collect-changes.outputs.changesDetectedAfterTag == 'true'
|
|
run: |
|
|
CHARTS=(${{ steps.collect-changes.outputs.modifiedChartsAfterTag }})
|
|
parthreads=$(($(nproc) * 2))
|
|
parallel -j ${parthreads} .github/scripts/changelog.sh '2>&1' ::: ${CHARTS[@]}
|
|
|
|
- name: Fix Pre-Commit issues
|
|
shell: bash
|
|
if: |
|
|
steps.collect-changes.outputs.changesDetectedAfterTag == 'true'
|
|
run: |
|
|
echo "Running pre-commit test-and-cleanup..."
|
|
pre-commit run --all ||:
|
|
# Fix sh files to always be executable
|
|
find . -name '*.sh' | xargs chmod +x
|
|
|
|
- name: Checkout
|
|
uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 # v4
|
|
if: |
|
|
steps.collect-changes.outputs.changesDetectedAfterTag == 'true'
|
|
with:
|
|
fetch-depth: 1
|
|
repository: truecharts/website
|
|
token: ${{ secrets.BOT_TOKEN }}
|
|
path: website
|
|
|
|
- name: Copy docs to website
|
|
if: |
|
|
steps.collect-changes.outputs.changesDetectedAfterTag == 'true'
|
|
shell: bash
|
|
run: |
|
|
#!/bin/bash
|
|
CHARTS=(${{ steps.collect-changes.outputs.modifiedChartsAfterTag }})
|
|
echo "Removing Chart Docs prior to regeneration..."
|
|
mkdir -p website/static/img/hotlink-ok/chart-icons || echo "chart-icons path already exists, continuing..."
|
|
for i in "${CHARTS[@]}"
|
|
do
|
|
IFS='/' read -r -a chart_parts <<< "$i"
|
|
if [ -f "charts/${chart_parts[0]}"/"${chart_parts[1]}/Chart.yaml" ]; then
|
|
train=${chart_parts[0]}
|
|
chart=${chart_parts[1]}
|
|
echo "copying docs to website for ${chart}"
|
|
mkdir -p website/docs/charts/${train}/${chart} || echo "chart path already exists, continuing..."
|
|
mkdir -p tmp/website/docs/charts/${train}/${chart}/ || echo "chart path already exists, continuing..."
|
|
if [[ -f "website/docs/charts/${train}/${chart}/CHANGELOG.md" ]]; then
|
|
echo "changelog found..."
|
|
true
|
|
else
|
|
echo "changelog not found, starting with empty changelog..."
|
|
touch "website/docs/charts/${train}/${chart}/CHANGELOG.md"
|
|
fi
|
|
if [[ -f "website/docs/charts/${train}/${chart}/helm-security.md" ]]; then
|
|
echo "helm-security found..."
|
|
true
|
|
else
|
|
echo "helm-security not found, starting with empty helm-security..."
|
|
touch "website/docs/charts/${train}/${chart}/helm-security.md"
|
|
echo "# Helm Security" >> website/docs/charts/${train}/${chart}/helm-security.md
|
|
fi
|
|
if [[ -f "website/docs/charts/${train}/${chart}/container-security.md" ]]; then
|
|
echo "container-security found..."
|
|
true
|
|
else
|
|
echo "container-security not found, starting with empty container-security..."
|
|
touch "website/docs/charts/${train}/${chart}/container-security.md"
|
|
echo "# Helm Security" >> website/docs/charts/${train}/${chart}/container-security.md
|
|
fi
|
|
# keep some docs safe
|
|
mv -f website/docs/charts/${train}/${chart}/CHANGELOG.md tmp/website/docs/charts/${train}/${chart}/CHANGELOG.md || :
|
|
mv -f website/docs/charts/${train}/${chart}/helm-security.md tmp/website/docs/charts/${train}/${chart}/helm-security.md || :
|
|
mv -f website/docs/charts/${train}/${chart}/container-security.md tmp/website/docs/charts/${train}/${chart}/container-security.md || :
|
|
|
|
# remove old docs everywhere and recreate based on charts repo
|
|
rm -rf website/docs/charts/*/${chart} || :
|
|
mkdir -p website/docs/charts/${train}/${chart} || echo "chart path already exists, continuing..."
|
|
yes | cp -rf charts/${train}/${chart}/docs/* website/docs/charts/${train}/${chart}/ 2>/dev/null || :
|
|
yes | cp -rf charts/${train}/${chart}/icon.png website/static/img/hotlink-ok/chart-icons/${chart}.png 2>/dev/null || :
|
|
yes | cp -rf charts/${train}/${chart}/screenshots/* website/static/img/hotlink-ok/chart-screenshots/${chart}/ 2>/dev/null || :
|
|
|
|
# Copy over kept documents
|
|
mv -f tmp/website/docs/charts/${train}/${chart}/CHANGELOG.md website/docs/charts/${train}/${chart}/CHANGELOG.md 2>/dev/null || :
|
|
mv -f tmp/website/docs/charts/${train}/${chart}/helm-security.md website/docs/charts/${train}/${chart}/helm-security.md 2>/dev/null || :
|
|
mv -f tmp/website/docs/charts/${train}/${chart}/container-security.md website/docs/charts/${train}/${chart}/container-security.md 2>/dev/null || :
|
|
|
|
# Append SCALE changelog to actual changelog
|
|
sed -i '1d' "website/docs/charts/${train}/${chart}/CHANGELOG.md" || echo "failed to sed 1d changelog..."
|
|
cat "charts/${train}/${chart}/app-changelog.md" | cat - "website/docs/charts/${train}/${chart}/CHANGELOG.md" > temp && mv temp "website/docs/charts/${train}/${chart}/CHANGELOG.md"
|
|
sed -i '1s/^/# Changelog\n\n/' "website/docs/charts/${train}/${chart}/CHANGELOG.md" || echo "failed to add changelog header..."
|
|
|
|
touch website/docs/charts/${train}/${chart}/index.md
|
|
echo "# ${chart}" >> website/docs/charts/${train}/${chart}/index.md
|
|
echo "" >> website/docs/charts/${train}/${chart}/index.md
|
|
version=$(cat charts/${train}/${chart}/Chart.yaml | grep "^version: " | awk -F" " '{ print $2 }')
|
|
appversion=$(cat charts/${train}/${chart}/Chart.yaml | grep "^appVersion: " | awk -F" " '{ print $2 }')
|
|
echo '![Version: '"${version}"'](https://img.shields.io/badge/Version-'"${version}"'-informational?style=flat-square)  ![AppVersion: '"${appversion}"'](https://img.shields.io/badge/AppVersion-'"${appversion}"'-informational?style=flat-square)' >> website/docs/charts/${train}/${chart}/index.md
|
|
echo "" >> website/docs/charts/${train}/${chart}/index.md
|
|
cat charts/${train}/${chart}/Chart.yaml | yq .description -r >> website/docs/charts/${train}/${chart}/index.md
|
|
echo "" >> website/docs/charts/${train}/${chart}/index.md
|
|
echo "## Chart Sources" >> website/docs/charts/${train}/${chart}/index.md
|
|
echo "" >> website/docs/charts/${train}/${chart}/index.md
|
|
cat charts/${train}/${chart}/Chart.yaml | go-yq .sources -r >> website/docs/charts/${train}/${chart}/index.md
|
|
echo "" >> website/docs/charts/${train}/${chart}/index.md
|
|
echo "## Available Documentation" >> website/docs/charts/${train}/${chart}/index.md
|
|
echo "" >> website/docs/charts/${train}/${chart}/index.md
|
|
|
|
# Iterate over all files in the docs directory
|
|
for file in website/docs/charts/${train}/${chart}/*.md; do
|
|
# Extract the file name and first line from each file
|
|
filename=$(basename "${file}")
|
|
title=$(head -n 1 "${file}" | sed 's/# //')
|
|
|
|
# Create a markdown link using the file name and title
|
|
link="[**${title}**](${filename%.md})"
|
|
if [ ${filename} != "index.md" ]; then
|
|
# Append the link to the index.md file
|
|
echo "- ${link}" >> website/docs/charts/${train}/${chart}/index.md
|
|
echo "" >> website/docs/charts/${train}/${chart}/index.md
|
|
fi
|
|
done
|
|
|
|
rm -rf temp || :
|
|
fi
|
|
done
|
|
|
|
- name: Commit Website Changes
|
|
if: |
|
|
steps.collect-changes.outputs.changesDetected == 'true'
|
|
run: |
|
|
cd website
|
|
git config user.name "TrueCharts-Bot"
|
|
git config user.email "bot@truecharts.org"
|
|
git add --all
|
|
git commit -sm "Commit released docs for TrueCharts" || exit 0
|
|
git push
|
|
|
|
- name: Checkout Catalog
|
|
uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 # v4
|
|
if: |
|
|
steps.collect-changes.outputs.changesDetectedAfterTag == 'true'
|
|
with:
|
|
fetch-depth: 1
|
|
repository: truecharts/catalog
|
|
token: ${{ secrets.BOT_TOKEN }}
|
|
ref: staging
|
|
path: catalog
|
|
|
|
- name: build catalog
|
|
shell: bash
|
|
if: |
|
|
steps.collect-changes.outputs.changesDetectedAfterTag == 'true'
|
|
run: |
|
|
CHARTS=(${{ steps.collect-changes.outputs.modifiedChartsAfterTag }})
|
|
charts_path="charts"
|
|
for changed in ${CHARTS[@]}; do
|
|
.github/scripts/fetch_helm_deps.sh "${changed}"
|
|
done
|
|
pip install yq
|
|
parthreads=$(($(nproc) * 2))
|
|
parallel -j ${parthreads} .github/scripts/build-catalog.sh '2>&1' ::: ${CHARTS[@]}
|
|
rm -rf website
|
|
|
|
- name: Commit Catalog
|
|
if: |
|
|
steps.collect-changes.outputs.changesDetected == 'true'
|
|
run: |
|
|
cd catalog
|
|
git config user.name "TrueCharts-Bot"
|
|
git config user.email "bot@truecharts.org"
|
|
git add --all
|
|
git commit -sm "Commit new Chart releases for TrueCharts" || exit 0
|
|
git push
|
|
cd -
|
|
rm -rf catalog
|
|
|
|
- name: set git author
|
|
if: |
|
|
steps.collect-changes.outputs.changesDetectedAfterTag == 'true'
|
|
shell: bash
|
|
run: |
|
|
git config user.name "TrueCharts-Bot"
|
|
git config user.email "bot@truecharts.org"
|
|
|
|
# Optional step if GPG signing is used
|
|
- name: Prepare GPG key
|
|
shell: bash
|
|
run: |
|
|
gpg_dir=.cr-gpg
|
|
mkdir -p "$gpg_dir"
|
|
keyring="$gpg_dir/secring.gpg"
|
|
base64 -d <<< "$GPG_KEYRING_BASE64" > "$keyring"
|
|
passphrase_file="$gpg_dir/passphrase"
|
|
echo "$GPG_PASSPHRASE" > "$passphrase_file"
|
|
echo "CR_PASSPHRASE_FILE=$passphrase_file" >> "$GITHUB_ENV"
|
|
echo "CR_KEYRING=$keyring" >> "$GITHUB_ENV"
|
|
env:
|
|
GPG_KEYRING_BASE64: "${{ secrets.GPG_KEYRING_BASE64 }}"
|
|
GPG_PASSPHRASE: "${{ secrets.GPG_PASSPHRASE }}"
|
|
|
|
- name: Run chart-releaser for dependency apps
|
|
uses: helm/chart-releaser-action@a917fd15b20e8b64b94d9158ad54cd6345335584 # v1.6.0
|
|
if: |
|
|
steps.collect-changes.outputs.changesDetectedAfterTag == 'true'
|
|
with:
|
|
charts_dir: charts/dependency
|
|
charts_repo_url: https://deps.truecharts.org
|
|
config: cr.yaml
|
|
env:
|
|
CR_TOKEN: "${{ secrets.BOT_TOKEN }}"
|
|
CR_SKIP_EXISTING: "true"
|
|
|
|
- name: Tag App Releases
|
|
if: |
|
|
steps.collect-changes.outputs.changesDetectedAfterTag == 'true'
|
|
shell: bash
|
|
run: |
|
|
#!/bin/bash
|
|
CHARTS=(${{ steps.collect-changes.outputs.modifiedChartsAfterTag }})
|
|
echo "Removing Chart Docs prior to regeneration..."
|
|
mkdir -p website/static/img/hotlink-ok/chart-icons || echo "chart-icons path already exists, continuing..."
|
|
for i in "${CHARTS[@]}"
|
|
do
|
|
IFS='/' read -r -a chart_parts <<< "$i"
|
|
if [ -f "charts/${chart_parts[0]}"/"${chart_parts[1]}/Chart.yaml" ]; then
|
|
train=${chart_parts[0]}
|
|
chart=${chart_parts[1]}
|
|
if [ "${train}" != "dependency" ]; then
|
|
echo "creating tag for ${chart}"
|
|
version=$(cat charts/${train}/${chart}/Chart.yaml | grep '^version: ' | awk -F" " '{ print $2 }' | head -1)
|
|
git tag ${chart}-${version} || echo "tag failed for ${chart}-${version}"
|
|
fi
|
|
fi
|
|
done
|
|
git push --tags
|