-
Notifications
You must be signed in to change notification settings - Fork 2
112 lines (101 loc) · 4.74 KB
/
helm_release.yml
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
---
name: Release Helm Chart
on:
push:
branches:
- main
paths:
# Run if any of the following files are changed
- 'charts/**/templates/**'
- 'charts/**/values.yaml'
- 'charts/**/Chart.yaml'
- 'charts-private/**/templates/**'
- 'charts-private/**/values.yaml'
- 'charts-private/**/Chart.yaml'
env:
HELM_VERSION: "v3.14.1"
jobs:
helm-release:
runs-on: 'ubuntu-latest'
# Add "id-token" with the intended permissions.
permissions:
contents: 'read'
id-token: 'write'
steps:
- name: "Checkout main branch"
uses: actions/checkout@v4
- name: "Install Helm"
uses: azure/setup-helm@v4
with:
version: "${{ env.HELM_VERSION }}"
- name: 'Authenticate to Google Cloud'
uses: 'google-github-actions/auth@v2'
with:
workload_identity_provider: projects/1094498259535/locations/global/workloadIdentityPools/gh-charts-main/providers/github-by-repos
service_account: '[email protected]'
# Gcloud CLI required for login to Artifact Registry
- name: 'Set up Cloud SDK'
uses: 'google-github-actions/setup-gcloud@v2'
- name: Add Helm repositories
run: |
# Install yq tool to parse Chart.yaml to identify Helm dependencies repositories
wget https://github.com/mikefarah/yq/releases/download/v4.21.1/yq_linux_386 -O /usr/bin/yq && chmod +x /usr/bin/yq
# Retrieve all helm dependencies repositories and run `helm repo add` for each of them.
# Command explanation follows:
#
# yq '.dependencies.[].repository' helm/*/Chart.yaml --> Prints repository field for all Chart dependencies.
# sed 's:/*$::' --> Trims the trailing forward slash '/' at the end of the repository URL, if any
# sort | uniq ----> Removes duplicated entries, for those cases where more than 1 dependency comes
# from the same Helm repository
yq '.dependencies.[].repository' charts/*/Chart.yaml | awk '/^http/' | sed 's:/*$::' | sort | uniq | while read helm_repo; do
# Helm repo name is generated from a random string, as it is not persisted between executions.
helm repo add $(openssl rand -hex 12) ${helm_repo}
done
# Do the same for 'charts-private' folder
yq '.dependencies.[].repository' charts-private/*/Chart.yaml | awk '/^http/' | sed 's:/*$::' | sort | uniq | while read helm_repo_private; do
# Check if dependency is already added
if helm repo list | grep ${helm_repo_private} >/dev/null; then
echo 'Skip dependency ${helm_repo_private}'
else
# Helm repo name is generated from a random string, as it is not persisted between executions.
helm repo add $(openssl rand -hex 12) ${helm_repo_private}
fi
done
- name: "Get Helm Charts changed"
uses: jitterbit/get-changed-files@v1
id: updated_files
with:
format: csv
token: ${{ secrets.GITHUB_TOKEN }}
- name: "Login to Artifact Registry"
run: |
gcloud auth application-default print-access-token | helm registry login -u oauth2accesstoken \
--password-stdin https://us-west1-docker.pkg.dev
- name: "Push public Helm Charts"
run: |
echo "${{ steps.updated_files.outputs.all }}" | tr "," "\n" | grep 'charts/' | sed 's#^charts/##' | sed 's#/.*$##' | sort | uniq > changed_charts
if [ -s changed_charts ]; then
while read chart; do
# Skip if chart is not a directory (i.e: chart deleted)
[ -d charts/${chart} ] || continue
helm dependency update --skip-refresh ./charts/${chart}
helm package -u charts/${chart}/
helm push ./${chart}-*.tgz oci://us-west1-docker.pkg.dev/devopsre/clabs-public-oci
done <<EOF
$(cat changed_charts)
EOF
fi
- name: "Push private Helm Charts"
run: |
echo "${{ steps.updated_files.outputs.all }}" | tr "," "\n" | grep 'charts-private/' | sed 's#^charts-private/##' | sed 's#/.*$##' | sort | uniq > changed_charts
if [ -s changed_charts ]; then
while read chart; do
# Skip if chart is not a directory (i.e: chart deleted)
[ -d charts-private/${chart} ] || continue
helm dependency update --skip-refresh ./charts-private/${chart}
helm package -u charts-private/${chart}/
helm push ./${chart}-*.tgz oci://us-west1-docker.pkg.dev/devopsre/clabs-private-oci
done <<EOF
$(cat changed_charts)
EOF
fi