-
Notifications
You must be signed in to change notification settings - Fork 0
133 lines (117 loc) · 4.61 KB
/
helm_publish.yaml
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
name: Publish Helm
on:
push:
tags:
- 'helm-chart-[0-9]+.[0-9]+.[0-9]+'
- 'helm-chart-[0-9]+.[0-9]+.[0-9]+-rc*'
permissions:
contents: read
jobs:
release:
name: Release Helm chart
runs-on: self-hosted-amd64-1cpu
outputs:
chart_version: ${{ steps.get_versions.outputs.chart_version }}
release_type: ${{ steps.check_release.outputs.type }}
steps:
- name: Import secrets
uses: hashicorp/vault-action@130d1f5f4fe645bb6c83e4225c04d64cfb62de6e # v2.5.0
id: secrets
with:
exportEnv: false
url: ${{ secrets.VAULT_URL }}
role: ${{ secrets.VAULT_ROLE }}
method: kubernetes
path: kubernetes-ci
secrets: |
kv-gitlab-ci/data/github/shared/github_token token | GITHUB_TOKEN ;
- name: Checkout
uses: actions/checkout@ac593985615ec2ede58e132d2e21d2b1cbd6127c
- name: Check release type
id: check_release
run: |
TYPE="production"
if [[ ${GITHUB_REF#refs/*/} =~ "rc" ]]; then
TYPE="release-candidate"
fi
echo -e "Type: ${TYPE}"
echo "type=${TYPE}" >> $GITHUB_OUTPUT
- name: Get versions
id: get_versions
run: |
echo "chart_version=$(echo ${GITHUB_REF_NAME} | cut -d '-' -f 3,4)" >> $GITHUB_OUTPUT
echo "app_version=$(yq -r '.appVersion' helm/Chart.yaml)" >> $GITHUB_OUTPUT
- name: Publish
uses: stefanprodan/helm-gh-pages@master
with:
token: ${{ steps.secrets.outputs.GITHUB_TOKEN }}
charts_dir: .
charts_url: https://charts.wallarm.com
linting: off
repository: helm-charts
branch: main
target_dir: wallarm-sidecar
index_dir: .
app_version: ${{ steps.get_versions.outputs.app_version }}
chart_version: ${{ steps.get_versions.outputs.chart_version }}
update_version:
name: Update package version
if: needs.release.outputs.release_type == 'production'
runs-on: self-hosted-amd64-1cpu
needs: release
steps:
- name: Import secrets
uses: hashicorp/vault-action@130d1f5f4fe645bb6c83e4225c04d64cfb62de6e # v2.5.0
id: secrets
with:
exportEnv: true
url: ${{ secrets.VAULT_URL }}
role: ${{ secrets.VAULT_ROLE }}
method: kubernetes
path: kubernetes-ci
secrets: |
kv-gitlab-ci/data/github/shared/versions-repo-creds token_secret | GITLAB_TOKEN ;
kv-gitlab-ci/data/github/shared/versions-repo-creds token_secret | GITLAB_TOKEN_NAME ;
kv-gitlab-ci/data/github/shared/versions-repo-creds host | GITLAB_HOST ;
kv-gitlab-ci/data/github/shared/versions-repo-creds repo | GITLAB_REPO ;
- name: Update package version
env:
COMPONENT_NAME: wallarm-sidecar-proxy
COMPONENT_VERSION: ${{ needs.release.outputs.chart_version}}
run: |
PR_BRANCH="update/${COMPONENT_NAME}/${COMPONENT_VERSION}"
COMMIT_MESSAGE="Bump ${COMPONENT_NAME} version to ${COMPONENT_VERSION}"
GITLAB_REPO_URL="https://${GITLAB_TOKEN_NAME}:${GITLAB_TOKEN}@${GITLAB_HOST}/${GITLAB_REPO}"
git clone ${GITLAB_REPO_URL}
cd packages_versions
git checkout -b ${PR_BRANCH}
git config --local user.name 'project_808_bot'
git config --local user.email 'project808_bot@noreply.${GITLAB_HOST}'
cd packages_versions
cat latest.json | jq -r '.body."'"$COMPONENT_NAME"'" += ["'"$COMPONENT_VERSION"'"]' > latest.new.json
mv latest.new.json latest.json
git add latest.json
git commit -m "${COMMIT_MESSAGE}"
git push ${GITLAB_REPO_URL} ${PR_BRANCH}
glab auth login --hostname ${GITLAB_HOST} --token ${GITLAB_TOKEN}
echo "Creating merge request ..."
glab mr create \
--fill \
--yes \
--label ${COMPONENT_NAME} \
--source-branch ${PR_BRANCH} \
--repo https://${GITLAB_HOST}/${GITLAB_REPO}
echo "Approving merge request ..."
glab mr approve \
${PR_BRANCH} \
--repo https://${GITLAB_HOST}/${GITLAB_REPO}
# Sometimes merging is failed without delay
echo "Sleep ..."
sleep 20
echo "Merging ..."
glab mr merge \
${PR_BRANCH} \
--yes \
--remove-source-branch \
--when-pipeline-succeeds=false \
--repo https://${GITLAB_HOST}/${GITLAB_REPO}