-
Notifications
You must be signed in to change notification settings - Fork 138
202 lines (192 loc) · 7.62 KB
/
chart-release.yaml
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
name: "Chart - Release"
on:
# Allow to run the workflow from GitHub UI and other workflows.
workflow_dispatch:
inputs:
trigger:
description: "Trigger release manually"
required: false
default: false
type: boolean
pull_request:
types:
- labeled
concurrency:
group: ${{ github.workflow }}-${{ github.event.pull_request.number || github.ref }}
cancel-in-progress: true
permissions:
contents: read
jobs:
release:
if: ${{ (contains(github.event.*.labels.*.name, 'release') && github.event.pull_request.merged == false) || github.event.inputs.trigger }}
runs-on: ubuntu-latest
permissions:
contents: write
id-token: write
steps:
- name: Checkout
uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332 # v4
with:
fetch-depth: 0
- name: Install env dependencies
uses: asdf-vm/actions/install@05e0d2ed97b598bfce82fd30daf324ae0c4570e6 # v3
- name: Remove Dev Comments
run: |
TARGET_FILES=(
"charts/camunda-platform-*/values*.yaml"
"charts/camunda-platform-*/Chart.yaml"
)
for FILE in "${TARGET_FILES[@]}"; do
sed -i '/# START DEV COMMENT/,/# END DEV COMMENT/d' $FILE
done
echo "Dev comments removed:"
git --no-pager diff
- uses: actions/cache@0c45773b623bea8c8e75f6c82b208c3cf94ea4f9 # v4
with:
path: |
~/.cache/go-build
~/go/pkg/mod
~/.asdf/installs/golang/*/packages/pkg/mod
key: ${{ runner.os }}-go-${{ hashFiles('**/go.sum') }}
restore-keys: |
${{ runner.os }}-go-
- name: Configure Git
run: |
git config user.name "$GITHUB_ACTOR"
git config user.email "[email protected]"
- name: Install Chart Releaser
uses: helm/chart-releaser-action@a917fd15b20e8b64b94d9158ad54cd6345335584 # v1.6.0
with:
install_only: true
env:
CR_TOKEN: '${{ secrets.GITHUB_TOKEN }}'
CR_SKIP_EXISTING: 'true'
- name: Add Helm repos
run: |
make helm.repos-add
- name: Update Helm dependency
run: |
chartPath="$(ct list-changed | tr '\n' ' ')" \
make helm.dependency-update
- name: cosign-installer
uses: sigstore/cosign-installer@4959ce089c160fddf62f7b42464195ba1a56d382 # v3.6.0
- name: Tidy up
run: |
# Clean up badges from readme to avoid showing them in Artifact Hub.
sed -ri '/Badge .+/d' charts/camunda-platform-8*/README.md
mkdir release-packages
#
# We run Chart Releaser twice as a workaround because it's not possible to control the release order.
# CR by default will release "camunda-platform-10.x.x" first then "camunda-platform-8.x.x",
# however, we want the latest version to show as the latest release in GitHub releases.
#
- name: Get latest version name
run: |
latest_chart_version_dir="$(ls -d1 charts/camunda-platform-8* | tail -n1)"
echo "LATEST_CHART_VERSION_DIR=${latest_chart_version_dir}" | tee -a $GITHUB_ENV
# Release previous versions.
- name: Pre-Release - Previous versions
run: |
rm -rf ${LATEST_CHART_VERSION_DIR}
rm -rf charts/camunda-platform-alpha
- name: Run Chart Releaser - Previous versions
uses: helm/chart-releaser-action@a917fd15b20e8b64b94d9158ad54cd6345335584 # v1.6.0
with:
config: .github/config/chart-releaser.yaml
env:
CR_TOKEN: '${{ secrets.GITHUB_TOKEN }}'
CR_SKIP_EXISTING: 'true'
- name: Post-Release - Previous versions
run: |
mv .cr-release-packages/* release-packages/
git checkout :/
# Release the latest version.
- name: Pre-Release - Latest version
run: |
rm -rf $(ls -d1 charts/camunda-platform-8* | head -n -1)
rm -rf charts/camunda-platform-alpha
- name: Run Chart Releaser - Latest version
uses: helm/chart-releaser-action@a917fd15b20e8b64b94d9158ad54cd6345335584 # v1.6.0
with:
config: .github/config/chart-releaser.yaml
env:
CR_TOKEN: '${{ secrets.GITHUB_TOKEN }}'
CR_SKIP_EXISTING: 'true'
- name: Post-Release - Latest version
run: |
mv .cr-release-packages/* release-packages/
git checkout :/
# Sign and upload the signature of the chart package.
- name: Set Helm chart vars
run: |
CHART_PACKAGES=""
for chart_dir in $(ct list-changed | tr '\n' ' '); do
chart_version="$(yq '.version' ${chart_dir}/Chart.yaml)"
CHART_PACKAGES="${CHART_PACKAGES} camunda-platform-${chart_version}.tgz"
done
echo "CHART_PACKAGES=${CHART_PACKAGES}" | tee -a $GITHUB_ENV
- name: Sign Helm chart with Cosign
run: |
for chart_package in ${CHART_PACKAGES}; do
echo "Package: ${chart_package}"
cosign sign-blob -y release-packages/${chart_package} \
--bundle "${chart_package%.*}.cosign.bundle"
done
- name: Verify signed Helm chart with Cosign
run: |
for chart_package in ${CHART_PACKAGES}; do
echo "Package: ${chart_package}"
cosign verify-blob release-packages/${chart_package} \
--bundle "${chart_package%.*}.cosign.bundle" \
--certificate-identity "https://github.com/${GITHUB_WORKFLOW_REF}" \
--certificate-oidc-issuer "https://token.actions.githubusercontent.com"
done
- name: Upload Helm chart signature bundle
run: |
for chart_package in ${CHART_PACKAGES}; do
echo "Package: ${chart_package}"
gh release upload "${chart_package%.*}" \
"${chart_package%.*}.cosign.bundle" \
--repo "${GITHUB_REPOSITORY}"
done
env:
GH_TOKEN: '${{ secrets.GITHUB_TOKEN }}'
post-release:
if: ${{ (contains(github.event.*.labels.*.name, 'release') && github.event.pull_request.merged == false) || github.event.inputs.trigger }}
needs: release
runs-on: ubuntu-latest
permissions:
contents: write
pull-requests: write
issues: write
steps:
- name: Checkout
uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332 # v4
with:
# The verification step happens in the release branch before merging into the "main" branch.
fetch-depth: 0
ref: release-please--branches--main
- name: Install env dependencies
uses: asdf-vm/actions/install@05e0d2ed97b598bfce82fd30daf324ae0c4570e6 # v3
# - name: Simple smoke test
# uses: nick-fields/retry@7152eba30c6575329ac0576536151aca5a72780e # v3
# with:
# max_attempts: 3
# timeout_minutes: 5
# retry_wait_seconds: 10
# command: make release.verify-components-version
- name: Label PRs with app and chart version
env:
GH_TOKEN: "${{ secrets.GITHUB_TOKEN }}"
run: |
make release.set-prs-version-label
- name: Generate version matrix
run: |
make helm.repos-add
make release.generate-version-matrix-index
make release.generate-version-matrix-released
- uses: EndBug/add-and-commit@a94899bca583c204427a224a7af87c02f9b325d5 # v9.1.4
with:
author_name: "renovate[bot]"
author_email: "29139614+renovate[bot]@users.noreply.github.com"
message: "chore: Generate version matrix [skip ci]"