.github/workflows/helm-build-push.yml

name: Publish Danswer Helm Chart

on:
  push:
  workflow_dispatch:

env:
  CHART_YAML_PATH: deployment/helm/charts/danswer/Chart.yaml
  VALUES_YAML_PATH: deployment/helm/charts/danswer/values.yaml

jobs:
  helm_chart_version_check:
    runs-on: ubuntu-latest
    outputs:
      version_changed: ${{ steps.version_check.outputs.chart_version_changed }}
    steps:
      - name: Checkout
        uses: actions/checkout@v4
        with:
          fetch-depth: 0

      # We mark any builds on main branch as latest GH release
      # so make sure we don't accidentally publiah a pre-release tag
      # on main or a stable tag on a dev branch.

      - name: Fail on semver pre-release chart version
        run: yq .version ${{ env.CHART_YAML_PATH }} | grep -v '[a-zA-Z-]'
        if: ${{ github.ref_name == 'main' }}

      - name: Fail on stable semver chart version
        run: yq .version ${{ env.CHART_YAML_PATH }} | grep '[a-zA-Z-]'
        if: ${{ github.ref_name != 'main' }}

      # To reduce resource usage images are built only on tag.
      # To build a new set of images after committing and pushing
      # new changes to GitHub, use:
      # git tag <tag-name>
      # git push --tags
      - name: Fail if image tags don't exist
        run: >-
          curl -H "Authorization: Bearer $(echo ${{ secrets.GITHUB_TOKEN }} | base64)"
          https://ghcr.io/v2/stackhpc/danswer/danswer-backend/tags/list
          | jq .tags
          | grep $( yq .appVersion ${{ env.CHART_YAML_PATH }} )-$( yq .tagSuffix ${{ env.VALUES_YAML_PATH }} )
          &&
          curl -H "Authorization: Bearer $(echo ${{ secrets.GITHUB_TOKEN }} | base64)"
          https://ghcr.io/v2/stackhpc/danswer/danswer-web-server/tags/list
          | jq .tags
          | grep $( yq .appVersion ${{ env.CHART_YAML_PATH }} )-$( yq .tagSuffix ${{ env.VALUES_YAML_PATH }} )

      # Check if current chart version exists in releases already
      - name: Check for Helm chart version bump
        id: version_check
        run: |
          set -xe
          chart_version=$(yq .version ${{ env.CHART_YAML_PATH }})
          if [[ $(curl https://api.github.com/repos/stackhpc/danswer/releases | jq '.[].tag_name' | grep danswer-helm-$chart_version) ]]; then
            echo chart_version_changed=false >> $GITHUB_OUTPUT
          else
            echo chart_version_changed=true >> $GITHUB_OUTPUT
          fi

  release:
    # depending on default permission settings for your org (contents being read-only or read-write for workloads), you will have to add permissions
    # see: https://docs.github.com/en/actions/security-guides/automatic-token-authentication#modifying-the-permissions-for-the-github_token
    permissions:
      contents: write
    runs-on: ubuntu-latest
    needs: helm_chart_version_check
    if: ${{ needs.helm_chart_version_check.outputs.version_changed == 'true' }}
    steps:
      - name: Checkout
        uses: actions/checkout@v4
        with:
          fetch-depth: 0

      - name: Configure Git
        run: |
          git config user.name "$GITHUB_ACTOR"
          git config user.email "$GITHUB_ACTOR@users.noreply.github.com"

      - name: Install Helm
        uses: azure/setup-helm@v4
        env:
          GITHUB_TOKEN: "${{ secrets.GITHUB_TOKEN }}"

      - name: Build Helm dependencies
        run: |
          helm repo add bitnami https://charts.bitnami.com/bitnami
          helm repo add vespa https://unoplat.github.io/vespa-helm-charts
          helm dependency build deployment/helm

      - name: Run chart-releaser
        uses: helm/chart-releaser-action@v1.6.0
        with:
          charts_dir: deployment/charts
          pages_branch: helm-publish
          mark_as_latest: ${{ github.ref_name == 'main' }}
        env:
          CR_TOKEN: "${{ secrets.GITHUB_TOKEN }}"
          CR_RELEASE_NAME_TEMPLATE: "danswer-helm-{{ .Version }}"