Merge pull request #130 from wallarm/DEVOPS-2329 #61
Workflow file for this run
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
name: Publish Helm | |
on: | |
push: | |
tags: | |
- 'helm-chart-[0-9]+.[0-9]+.[0-9]+' | |
permissions: | |
contents: read | |
jobs: | |
release: | |
name: Release Helm chart | |
runs-on: self-hosted-amd64-1cpu | |
outputs: | |
chart_version: ${{ steps.get_versions.outputs.chart_version }} | |
steps: | |
- name: Import secrets | |
uses: hashicorp/vault-action@130d1f5f4fe645bb6c83e4225c04d64cfb62de6e # v2.5.0 | |
id: secrets | |
with: | |
exportEnv: false | |
url: ${{ secrets.VAULT_URL }} | |
role: ${{ secrets.VAULT_ROLE }} | |
method: kubernetes | |
path: kubernetes-ci | |
secrets: | | |
kv-gitlab-ci/data/github/shared/github_token token | GITHUB_TOKEN ; | |
- name: Checkout | |
uses: actions/checkout@ac593985615ec2ede58e132d2e21d2b1cbd6127c | |
- name: Get versions | |
id: get_versions | |
run: | | |
echo "chart_version=$(echo ${GITHUB_REF_NAME} | cut -d '-' -f 3)" >> $GITHUB_OUTPUT | |
echo "app_version=$(yq -r '.appVersion' helm/Chart.yaml)" >> $GITHUB_OUTPUT | |
- name: Publish | |
uses: stefanprodan/helm-gh-pages@master | |
with: | |
token: ${{ steps.secrets.outputs.GITHUB_TOKEN }} | |
charts_dir: . | |
charts_url: https://charts.wallarm.com | |
linting: off | |
repository: helm-charts | |
branch: main | |
target_dir: wallarm-sidecar | |
index_dir: . | |
app_version: ${{ steps.get_versions.outputs.app_version }} | |
chart_version: ${{ steps.get_versions.outputs.chart_version }} | |
update_version: | |
name: Update package version | |
runs-on: self-hosted-amd64-1cpu | |
needs: release | |
steps: | |
- name: Import secrets | |
uses: hashicorp/vault-action@130d1f5f4fe645bb6c83e4225c04d64cfb62de6e # v2.5.0 | |
id: secrets | |
with: | |
exportEnv: true | |
url: ${{ secrets.VAULT_URL }} | |
role: ${{ secrets.VAULT_ROLE }} | |
method: kubernetes | |
path: kubernetes-ci | |
secrets: | | |
kv-gitlab-ci/data/github/shared/versions-repo-creds token_secret | GITLAB_TOKEN ; | |
kv-gitlab-ci/data/github/shared/versions-repo-creds token_secret | GITLAB_TOKEN_NAME ; | |
kv-gitlab-ci/data/github/shared/versions-repo-creds host | GITLAB_HOST ; | |
kv-gitlab-ci/data/github/shared/versions-repo-creds repo | GITLAB_REPO ; | |
- name: Update package version | |
env: | |
COMPONENT_NAME: wallarm-sidecar-proxy | |
COMPONENT_VERSION: ${{ needs.release.outputs.chart_version}} | |
run: | | |
PR_BRANCH="update/${COMPONENT_NAME}/${COMPONENT_VERSION}" | |
COMMIT_MESSAGE="Bump ${COMPONENT_NAME} version to ${COMPONENT_VERSION}" | |
GITLAB_REPO_URL="https://${GITLAB_TOKEN_NAME}:${GITLAB_TOKEN}@${GITLAB_HOST}/${GITLAB_REPO}" | |
git clone ${GITLAB_REPO_URL} | |
cd packages_versions | |
git checkout -b ${PR_BRANCH} | |
git config --local user.name 'project_808_bot' | |
git config --local user.email 'project808_bot@noreply.${GITLAB_HOST}' | |
cd packages_versions | |
cat latest.json | jq -r '.body."'"$COMPONENT_NAME"'" += ["'"$COMPONENT_VERSION"'"]' > latest.new.json | |
mv latest.new.json latest.json | |
git add latest.json | |
git commit -m "${COMMIT_MESSAGE}" | |
git push ${GITLAB_REPO_URL} ${PR_BRANCH} | |
glab auth login --hostname ${GITLAB_HOST} --token ${GITLAB_TOKEN} | |
echo "Creating merge request ..." | |
glab mr create \ | |
--fill \ | |
--yes \ | |
--label ${COMPONENT_NAME} \ | |
--source-branch ${PR_BRANCH} \ | |
--repo https://${GITLAB_HOST}/${GITLAB_REPO} | |
echo "Approving merge request ..." | |
glab mr approve \ | |
${PR_BRANCH} \ | |
--repo https://${GITLAB_HOST}/${GITLAB_REPO} | |
# Sometimes merging is failed without delay | |
echo "Sleep ..." | |
sleep 20 | |
echo "Merging ..." | |
glab mr merge \ | |
${PR_BRANCH} \ | |
--yes \ | |
--remove-source-branch \ | |
--when-pipeline-succeeds=false \ | |
--repo https://${GITLAB_HOST}/${GITLAB_REPO} |