-
Notifications
You must be signed in to change notification settings - Fork 9
185 lines (167 loc) · 7.9 KB
/
publish-helm-chart.yml
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
name: Publish Helm Chart
on:
push:
pull_request:
branches:
- main
jobs:
build-chart-list:
runs-on: ubuntu-latest
outputs:
chartpaths: ${{ steps.helm-list.outputs.json }}
BASE: ${{steps.helm-list.outputs.basecommit}}
steps:
- uses: actions/checkout@v3
with:
fetch-depth: 0
- id: helm-list
run: |
# Get the list of files changed based on the type of event
# kicking off the GHA:
# 1. For the main branch, diff the previous state of main vs
# the current commit
# 2. For other branches (i.e., on someone's fork), diff main
# vs the current commit
# 3. For PRs, diff the base ref vs the current commit
if [[ $GITHUB_EVENT_NAME == 'pull_request' ]] ||
[[ $GITHUB_EVENT_NAME == 'push' ]]; then
if [[ $GITHUB_EVENT_NAME == 'pull_request' ]]; then
BASE=$(git merge-base origin/$GITHUB_BASE_REF HEAD)
echo "basecommit=$BASE" >> $GITHUB_OUTPUT
elif [[ $GITHUB_REF == 'refs/heads/main' ]]; then
BASE=${{github.event.before}}
echo "basecommit=$BASE" >> $GITHUB_OUTPUT
else
BASE=origin/main
echo "basecommit=$BASE" >> $GITHUB_OUTPUT
fi
# List helm-chart root dirs where files have changed and the
# root dir exists. Example value:
# "helm-charts/supported helm-charts/contrib"
chartpaths=$(git diff --name-only \
"$BASE" \
"$GITHUB_SHA" |
cut -d/ -f -3 |
sort |
uniq |
xargs -I {} find . -type d \
-wholename ./{} \
-printf "%P\n")
fi
# Ensure that the generated JSON array has a member,
# otherwise GHA will throw an error about an empty matrix
# vector in subsequent steps
chart_json=$(echo -n "${chartpaths:-dummy}" | jq -Rcs '.|split("\n")')
echo "json=${chart_json}" >> $GITHUB_OUTPUT
build-and-push:
runs-on: ubuntu-latest
if: needs.build-chart-list.outputs.chartpaths != '["dummy"]'
needs: build-chart-list
strategy:
fail-fast: false
matrix:
chartpath: ${{ fromJson(needs.build-chart-list.outputs.chartpaths) }}
steps:
- name: Checkout code
uses: actions/checkout@v3
with:
fetch-depth: 0
- name: Helm tool installer
uses: Azure/setup-helm@v3
with:
version: 'v3.12.0'
id: install
- name: Upstream Repo Sync
# if build-config.json in this chartpath specifies an external git repo,
# clone that repo and move its contents to chartpath
if: ${{ hashFiles(format('{0}/{1}', matrix.chartpath, 'build-config.json')) != '' }}
run: |
UPSTREAM=$(jq -r '.upstream' ${{matrix.chartpath}}/build-config.json)
REF=$(jq -r '.ref' ${{matrix.chartpath}}/build-config.json)
CHART_DIR=$(jq -r '.chart_dir' ${{matrix.chartpath}}/build-config.json)
git clone $UPSTREAM ${{matrix.chartpath}}/upstream
(cd ${{matrix.chartpath}}/upstream; git fetch && git reset --hard $REF)
# Re-organize the directory so that Chart.yaml sits at the top level of ${{matrix.chartpath}}
# to align directory structure with remaining GHA steps
mv ${{matrix.chartpath}}/upstream/$CHART_DIR/* ${{matrix.chartpath}}
- name: Helm Chart Linter
run: |
helm lint ${{matrix.chartpath}}
- name: SEMVER Check
# Checks Chart Version Number against SEMVER regex
run: |
version=$(helm show chart ${{matrix.chartpath}} |
awk '/version:/ {print $2}')
# Checks for semantic versioning specification, https://semver.org/
semver_regex="^(0|[1-9][0-9]*)\.(0|[1-9][0-9]*)\.(0|[1-9][0-9]*)\
(-(0|[1-9A-Za-z-][0-9A-Za-z-]*)(\.[0-9A-Za-z-]+)*)?(\+[0-9A-Za-z-]\
+(\.[0-9A-Za-z-]+)*)?$"
if [[ $version =~ $semver_regex ]]; then
echo "$version uses SEMVER, https://semver.org/"
else
echo "$version is not using SEMVER, https://semver.org/"
exit 1
fi
- name: Helm Chart Version Check
# if build-config.json in this chartpath specifies an external git repo,
# assume that an explicit upgrade was detected and don't compare semvers
if: ${{ hashFiles(format('{0}/{1}', matrix.chartpath, 'build-config.json')) == '' }}
env:
BASE: ${{needs.build-chart-list.outputs.BASE}}
run: |
# old_chart_version diffs commit that triggered workflow against previous
# commit. Pulls out version number of the existing chart or "old chart".
# The git diff gives spits out both version numbers, head -2 | tail -1
# Grabs the value on the second line.
old_chart_version=$(git diff "$BASE" ${{ github.sha }} -- ${{matrix.chartpath}} |
awk '/version:/ {print $2}' |
head -1 |
tail -1 |
tr -d '"')
# Grabs the chart version number out of the chart that needs
# to be checked.
new_chart_version=$(helm show chart ${{matrix.chartpath}} |
awk '/version:/ {print $2}')
# Checks if the new chart version number
# is > than the existing chart.
versioncheck() {
if [ "$1" == "$2" ]; then
return 1
else
[ "$1" == "`echo -e "$1\n$2" | sort -V | head -n1`" ]
fi
}
if versioncheck $old_chart_version $new_chart_version; then
echo "Helm chart version updated."
else
echo "Helm chart version needs to be updated!"
exit 1
fi
- name: Helm Template Check
run: |
helm template ${{matrix.chartpath}}
- name: Build Helm Chart
id: build-chart
run: |
# Extract tarball name from a line that looks like
# Successfully packaged chart and saved it to: /home/blin/vcs/images/osg-helm-charts/supported/osg-htc/osdf-origin/osdf-origin-0.29.tgz
helm_package_success_message=$(helm package ${{matrix.chartpath}} | grep -m1 '^Success')
chart_tarball=${helm_package_success_message#*': '} # delete up to and including ': '
if [[ ! $chart_tarball ]]; then
echo "helm package failed" >&2
exit 1
fi
echo "tarball=${chart_tarball}" >> "$GITHUB_OUTPUT"
- name: Push Helm chart
if: >-
github.ref == 'refs/heads/main' &&
github.event_name != 'pull_request' &&
github.repository_owner == 'osg-htc'
run: |
echo ${{secrets.OSG_HARBOR_PASSWORD}} \
| helm registry login -u ${{secrets.OSG_HARBOR_USER}} \
--password-stdin \
hub.opensciencegrid.org
dest_project=$(echo ${{matrix.chartpath}} | cut -d/ -f 2)
helm push ${{ steps.build-chart.outputs.tarball }} \
oci://hub.opensciencegrid.org/${dest_project}