Release Helm Chart #395
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
--- | |
name: Release Helm Chart | |
on: | |
push: | |
branches: | |
- main | |
paths: | |
# Run if any of the following files are changed | |
- 'charts/**/templates/**' | |
- 'charts/**/values.yaml' | |
- 'charts/**/Chart.yaml' | |
- 'charts-private/**/templates/**' | |
- 'charts-private/**/values.yaml' | |
- 'charts-private/**/Chart.yaml' | |
env: | |
HELM_VERSION: "v3.14.1" | |
jobs: | |
helm-release: | |
runs-on: 'ubuntu-latest' | |
# Add "id-token" with the intended permissions. | |
permissions: | |
contents: 'read' | |
id-token: 'write' | |
steps: | |
- name: "Checkout main branch" | |
uses: actions/checkout@v4 | |
- name: "Install Helm" | |
uses: azure/setup-helm@v4 | |
with: | |
version: "${{ env.HELM_VERSION }}" | |
- name: 'Authenticate to Google Cloud' | |
uses: 'google-github-actions/auth@v2' | |
with: | |
workload_identity_provider: projects/1094498259535/locations/global/workloadIdentityPools/gh-charts-main/providers/github-by-repos | |
service_account: '[email protected]' | |
# Gcloud CLI required for login to Artifact Registry | |
- name: 'Set up Cloud SDK' | |
uses: 'google-github-actions/setup-gcloud@v2' | |
- name: Add Helm repositories | |
run: | | |
# Install yq tool to parse Chart.yaml to identify Helm dependencies repositories | |
wget https://github.com/mikefarah/yq/releases/download/v4.21.1/yq_linux_386 -O /usr/bin/yq && chmod +x /usr/bin/yq | |
# Retrieve all helm dependencies repositories and run `helm repo add` for each of them. | |
# Command explanation follows: | |
# | |
# yq '.dependencies.[].repository' helm/*/Chart.yaml --> Prints repository field for all Chart dependencies. | |
# sed 's:/*$::' --> Trims the trailing forward slash '/' at the end of the repository URL, if any | |
# sort | uniq ----> Removes duplicated entries, for those cases where more than 1 dependency comes | |
# from the same Helm repository | |
yq '.dependencies.[].repository' charts/*/Chart.yaml | awk '/^http/' | sed 's:/*$::' | sort | uniq | while read helm_repo; do | |
# Helm repo name is generated from a random string, as it is not persisted between executions. | |
helm repo add $(openssl rand -hex 12) ${helm_repo} | |
done | |
# Do the same for 'charts-private' folder | |
yq '.dependencies.[].repository' charts-private/*/Chart.yaml | awk '/^http/' | sed 's:/*$::' | sort | uniq | while read helm_repo_private; do | |
# Check if dependency is already added | |
if helm repo list | grep ${helm_repo_private} >/dev/null; then | |
echo 'Skip dependency ${helm_repo_private}' | |
else | |
# Helm repo name is generated from a random string, as it is not persisted between executions. | |
helm repo add $(openssl rand -hex 12) ${helm_repo_private} | |
fi | |
done | |
- name: "Get Helm Charts changed" | |
uses: jitterbit/get-changed-files@v1 | |
id: updated_files | |
with: | |
format: csv | |
token: ${{ secrets.GITHUB_TOKEN }} | |
- name: "Login to Artifact Registry" | |
run: | | |
gcloud auth application-default print-access-token | helm registry login -u oauth2accesstoken \ | |
--password-stdin https://us-west1-docker.pkg.dev | |
- name: "Push public Helm Charts" | |
run: | | |
echo "${{ steps.updated_files.outputs.all }}" | tr "," "\n" | grep 'charts/' | sed 's#^charts/##' | sed 's#/.*$##' | sort | uniq > changed_charts | |
if [ -s changed_charts ]; then | |
while read chart; do | |
# Skip if chart is not a directory (i.e: chart deleted) | |
[ -d charts/${chart} ] || continue | |
helm dependency update --skip-refresh ./charts/${chart} | |
helm package -u charts/${chart}/ | |
helm push ./${chart}-*.tgz oci://us-west1-docker.pkg.dev/devopsre/clabs-public-oci | |
done <<EOF | |
$(cat changed_charts) | |
EOF | |
fi | |
- name: "Push private Helm Charts" | |
run: | | |
echo "${{ steps.updated_files.outputs.all }}" | tr "," "\n" | grep 'charts-private/' | sed 's#^charts-private/##' | sed 's#/.*$##' | sort | uniq > changed_charts | |
if [ -s changed_charts ]; then | |
while read chart; do | |
# Skip if chart is not a directory (i.e: chart deleted) | |
[ -d charts-private/${chart} ] || continue | |
helm dependency update --skip-refresh ./charts-private/${chart} | |
helm package -u charts-private/${chart}/ | |
helm push ./${chart}-*.tgz oci://us-west1-docker.pkg.dev/devopsre/clabs-private-oci | |
done <<EOF | |
$(cat changed_charts) | |
EOF | |
fi |