Merge pull request #39 from brianhlin/SOFTWARE-5951.add-idtoken-pvc #103
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| name: Publish Helm Chart | |
| on: | |
| push: | |
| pull_request: | |
| branches: | |
| - main | |
| jobs: | |
| build-chart-list: | |
| runs-on: ubuntu-latest | |
| outputs: | |
| chartpaths: ${{ steps.helm-list.outputs.json }} | |
| BASE: ${{steps.helm-list.outputs.basecommit}} | |
| steps: | |
| - uses: actions/checkout@v3 | |
| with: | |
| fetch-depth: 0 | |
| - id: helm-list | |
| run: | | |
| # Get the list of files changed based on the type of event | |
| # kicking off the GHA: | |
| # 1. For the main branch, diff the previous state of main vs | |
| # the current commit | |
| # 2. For other branches (i.e., on someone's fork), diff main | |
| # vs the current commit | |
| # 3. For PRs, diff the base ref vs the current commit | |
| if [[ $GITHUB_EVENT_NAME == 'pull_request' ]] || | |
| [[ $GITHUB_EVENT_NAME == 'push' ]]; then | |
| if [[ $GITHUB_EVENT_NAME == 'pull_request' ]]; then | |
| BASE=$(git merge-base origin/$GITHUB_BASE_REF HEAD) | |
| echo "basecommit=$BASE" >> $GITHUB_OUTPUT | |
| elif [[ $GITHUB_REF == 'refs/heads/main' ]]; then | |
| BASE=${{github.event.before}} | |
| echo "basecommit=$BASE" >> $GITHUB_OUTPUT | |
| else | |
| BASE=origin/main | |
| echo "basecommit=$BASE" >> $GITHUB_OUTPUT | |
| fi | |
| # List helm-chart root dirs where files have changed and the | |
| # root dir exists. Example value: | |
| # "helm-charts/supported helm-charts/contrib" | |
| chartpaths=$(git diff --name-only \ | |
| "$BASE" \ | |
| "$GITHUB_SHA" | | |
| cut -d/ -f -3 | | |
| sort | | |
| uniq | | |
| xargs -I {} find . -type d \ | |
| -wholename ./{} \ | |
| -printf "%P\n") | |
| fi | |
| # Ensure that the generated JSON array has a member, | |
| # otherwise GHA will throw an error about an empty matrix | |
| # vector in subsequent steps | |
| chart_json=$(echo -n "${chartpaths:-dummy}" | jq -Rcs '.|split("\n")') | |
| echo "json=${chart_json}" >> $GITHUB_OUTPUT | |
| build-and-push: | |
| runs-on: ubuntu-latest | |
| if: needs.build-chart-list.outputs.chartpaths != '["dummy"]' | |
| needs: build-chart-list | |
| strategy: | |
| fail-fast: false | |
| matrix: | |
| chartpath: ${{ fromJson(needs.build-chart-list.outputs.chartpaths) }} | |
| steps: | |
| - name: Checkout code | |
| uses: actions/checkout@v3 | |
| with: | |
| fetch-depth: 0 | |
| - name: Helm tool installer | |
| uses: Azure/setup-helm@v3 | |
| with: | |
| version: 'v3.12.0' | |
| id: install | |
| - name: Helm Chart Linter | |
| run: | | |
| helm lint ${{matrix.chartpath}} | |
| - name: SEMVER Check | |
| # Checks Chart Version Number against SEMVER regex | |
| run: | | |
| version=$(helm show chart ${{matrix.chartpath}} | | |
| awk '/version:/ {print $2}') | |
| # Checks for semantic versioning specification, https://semver.org/ | |
| semver_regex="^(0|[1-9][0-9]*)\.(0|[1-9][0-9]*)\.(0|[1-9][0-9]*)\ | |
| (-(0|[1-9A-Za-z-][0-9A-Za-z-]*)(\.[0-9A-Za-z-]+)*)?(\+[0-9A-Za-z-]\ | |
| +(\.[0-9A-Za-z-]+)*)?$" | |
| if [[ $version =~ $semver_regex ]]; then | |
| echo "$version uses SEMVER, https://semver.org/" | |
| else | |
| echo "$version is not using SEMVER, https://semver.org/" | |
| exit 1 | |
| fi | |
| - name: Helm Chart Version Check | |
| env: | |
| BASE: ${{needs.build-chart-list.outputs.BASE}} | |
| run: | | |
| # old_chart_version diffs commit that triggered workflow against previous | |
| # commit. Pulls out version number of the existing chart or "old chart". | |
| # The git diff gives spits out both version numbers, head -2 | tail -1 | |
| # Grabs the value on the second line. | |
| old_chart_version=$(git diff "$BASE" ${{ github.sha }} -- ${{matrix.chartpath}} | | |
| awk '/version:/ {print $2}' | | |
| head -1 | | |
| tail -1 | | |
| tr -d '"') | |
| # Grabs the chart version number out of the chart that needs | |
| # to be checked. | |
| new_chart_version=$(helm show chart ${{matrix.chartpath}} | | |
| awk '/version:/ {print $2}') | |
| # Checks if the new chart version number | |
| # is > than the existing chart. | |
| versioncheck() { | |
| if [ "$1" == "$2" ]; then | |
| return 1 | |
| else | |
| [ "$1" == "`echo -e "$1\n$2" | sort -V | head -n1`" ] | |
| fi | |
| } | |
| if versioncheck $old_chart_version $new_chart_version; then | |
| echo "Helm chart version updated." | |
| else | |
| echo "Helm chart version needs to be updated!" | |
| exit 1 | |
| fi | |
| - name: Helm Template Check | |
| run: | | |
| helm template ${{matrix.chartpath}} | |
| - name: Build Helm Chart | |
| id: build-chart | |
| run: | | |
| # Extract tarball name from a line that looks like | |
| # Successfully packaged chart and saved it to: /home/blin/vcs/images/osg-helm-charts/supported/osg-htc/osdf-origin/osdf-origin-0.29.tgz | |
| helm_package_success_message=$(helm package ${{matrix.chartpath}} | grep -m1 '^Success') | |
| chart_tarball=${helm_package_success_message#*': '} # delete up to and including ': ' | |
| if [[ ! $chart_tarball ]]; then | |
| echo "helm package failed" >&2 | |
| exit 1 | |
| fi | |
| echo "tarball=${chart_tarball}" >> "$GITHUB_OUTPUT" | |
| - name: Push Helm chart | |
| if: >- | |
| github.ref == 'refs/heads/main' && | |
| github.event_name != 'pull_request' && | |
| github.repository_owner == 'osg-htc' | |
| run: | | |
| echo ${{secrets.OSG_HARBOR_PASSWORD}} \ | |
| | helm registry login -u ${{secrets.OSG_HARBOR_USER}} \ | |
| --password-stdin \ | |
| hub.opensciencegrid.org | |
| dest_project=$(echo ${{matrix.chartpath}} | cut -d/ -f 2) | |
| helm push ${{ steps.build-chart.outputs.tarball }} \ | |
| oci://hub.opensciencegrid.org/${dest_project} |