chore: enhance chart multi version release process (#1985)

- support multi-version in the release workflow
- customize generate-chart-matrix action
- set ci snapshot version based on the chart dir name
- rename chart dir camunda-platform to camunda-platform-latest
- update generate-release-notes.sh to work with multi-version

---------

Signed-off-by: Ahmed AbouZaid <[email protected]>

.github/actions/generate-chart-matrix/action.yml

@@ -1,5 +1,9 @@
 name: Generate chart matrix
 description: Find changed charts and generate matrix for changed ones only.
+inputs:
+  charts-path:
+    description: Charts path to match.
+    default: "charts/camunda-platform*"
 outputs:
   matrix:
     description: JSON matrix of changed charts which will be used as and input for GHA workflow matrix.
@@ -19,10 +23,11 @@ runs:
         ALL_CHANGED_FILES: ${{ steps.changed-files.outputs.all_changed_files }}
       run: |
         echo "Setting matrix based on changed files"
-        echo "Changed files: ${ALL_CHANGED_FILES}"
+        echo "Changed files:"
+        printf "%s\n" ${ALL_CHANGED_FILES}
         touch matrix_versions.txt
 
-        ls -d charts/camunda-platform-8* | while read chart_dir; do
+        ls -d ${{ inputs.charts-path }} | while read chart_dir; do
           if [[ $(echo ${ALL_CHANGED_FILES} | grep "${chart_dir}") ]]; then
             camunda_version="$(echo ${chart_dir} | cut -d '-' -f 3)";
             echo "Camunda version: ${camunda_version}"

.github/actions/workflow-vars/action.yml

@@ -107,7 +107,6 @@ runs:
     # as the "version" field in "Chart.yaml" file doesn't reflect the changes since the latest release.
   - name: Set chart version
     shell: bash
-    # TODO: Use the branch name dynamically as part of the version when it's supported in GitHub:
-    # https://github.com/orgs/community/discussions/70343
     run: |
-      yq -i '.version = "0.0.0-ci-snapshot"' charts/${{ inputs.chart-dir }}/Chart.yaml
+      chart_version="$(echo ${{ inputs.chart-dir }} | sed 's/camunda-platform/0.0.0-ci-snapshot/g')" \
+        yq -i '.version = env(chart_version)' charts/${{ inputs.chart-dir }}/Chart.yaml

.github/renovate.json5

@@ -24,19 +24,19 @@
       "matchFileNames": [
         ".github/workflows/*.ya?ml",
         ".github/actions/action.ya?ml",
-        "charts/camunda-platform/Chart.yaml",
-        "charts/camunda-platform/values*.yaml",
-        "charts/camunda-platform/go.*"
+        "charts/camunda-platform-latest/Chart.yaml",
+        "charts/camunda-platform-latest/values*.yaml",
+        "charts/camunda-platform-latest/go.*"
       ],
       "matchUpdateTypes": ["minor", "patch", "pin", "digest"],
       // "addLabels": ["automerge"],
       // "automerge": true
     },
     {
       "matchFileNames": [
-        "charts/camunda-platform*/Chart.yaml",
-        "charts/camunda-platform*/values*.yaml",
-        "charts/camunda-platform*/go.*",
+        "charts/camunda-platform-8*/Chart.yaml",
+        "charts/camunda-platform-8*/values*.yaml",
+        "charts/camunda-platform-8*/go.*",
       ],
       "matchUpdateTypes": ["patch"],
     },
@@ -51,14 +51,14 @@
       "enabled": false,
       "matchManagers": ["helm-values", "regex"],
       "matchPaths": [
-        "charts/camunda-platform*/values*.yaml",
+        "charts/camunda-platform-8*/values*.yaml",
       ],
       "matchUpdateTypes": ["minor"]
     },
     {
       // Enable non-major version update for current Camunda version.
       "matchDatasources": ["github-releases", "docker", "regex"],
-      "matchPaths": ["charts/camunda-platform/values.yaml", "charts/camunda-platform/values-latest.yaml"],
+      "matchPaths": ["charts/camunda-platform-latest/values.yaml", "charts/camunda-platform-latest/values-latest.yaml"],
       "matchUpdateTypes": ["minor", "patch"]
     },
     {
@@ -71,14 +71,14 @@
       // Limit Elasticsearch version to latest supported version in Camunda v8.5.
       // https://docs.camunda.io/docs/reference/supported-environments/#camunda-8-self-managed
       "matchDatasources": ["docker"],
-      "matchPaths": ["charts/camunda-platform/values.yaml", "charts/camunda-platform/values-latest.yaml"],
+      "matchPaths": ["charts/camunda-platform-latest/values.yaml", "charts/camunda-platform-latest/values-latest.yaml"],
       "matchDepNames": ["bitnami/elasticsearch"],
       "allowedVersions": "~8.12.0"
     },
     {
       // Disable Helm chart upgrades from bitnami/elasticsearch
       "matchDepNames": ["elasticsearch"],
-      "matchPaths": ["charts/camunda-platform*/Chart.yaml"],
+      "matchPaths": ["charts/camunda-platform-8*/Chart.yaml"],
       "enabled": false
     },
     // Limit tools and libs versions to the actual Distro CI Kubernetes cluster.

.github/workflows/chart-public-files.yaml

@@ -36,7 +36,7 @@ jobs:
           mkdir -p camunda-platform/values
 
           # Latest version.
-          cp -a main/charts/camunda-platform/values-latest.yaml camunda-platform/values/values-latest.yaml
+          cp -a main/charts/camunda-platform-latest/values-latest.yaml camunda-platform/values/values-latest.yaml
 
           # Previous versions.
           find main/charts -name "camunda-platform-*" | while read chart_id; do

.github/workflows/chart-release.yaml

@@ -57,50 +57,100 @@ jobs:
         run: |
           git config user.name "$GITHUB_ACTOR"
           git config user.email "[email protected]"
+      - name: Install Chart Releaser
+        uses: helm/chart-releaser-action@a917fd15b20e8b64b94d9158ad54cd6345335584 # v1.6.0
+        with:
+          install_only: true
+        env:
+          CR_TOKEN: '${{ secrets.GITHUB_TOKEN }}'
+          CR_SKIP_EXISTING: 'true'
       - name: Add Helm repos
         run: |
           make helm.repos-add
       - name: Update Helm dependency
         run: |
-          export chartPath="charts/camunda-platform*"
-          make helm.dependency-update
+          chartPath="$(ct list-changed | tr '\n' ' ')" \
+            make helm.dependency-update
       - name: cosign-installer
         uses: sigstore/cosign-installer@59acb6260d9c0ba8f4a2f9d9b48431a222b68e20 # v3.5.0
-      - name: Set Helm chart version var
-        run: |
-          CHART_NAME="$(yq '.name' charts/camunda-platform/Chart.yaml)"
-          CHART_VERSION="$(yq '.version' charts/camunda-platform/Chart.yaml)"
-          echo "CHART_NAME_WITH_VERSION=${CHART_NAME}-${CHART_VERSION}" | tee -a $GITHUB_ENV
       # TODO: Move this step to pre-release workflow when we have it.
       - name: Generate release note footer
         run: |
           make release.generate-notes-footer
       - name: Tidy up
         run: |
           # Clean up badges from readme to avoid showing them in Artifact Hub.
-          sed -ri '/Badge .+/d' charts/camunda-platform/README.md
-      - name: Run Chart Releaser
+          sed -ri '/Badge .+/d' charts/camunda-platform-latest/README.md
+          mkdir release-packages
+
+      #
+      # We run Chart Releaser twice as a workaround because it's not possible to control the release order.
+      # CR by default will release "camunda-platform-10.x.x" first then "camunda-platform-8.x.x",
+      # however, we want the latest version to show as the latest release in GitHub releases.
+      #
+
+      # Release previous versions.
+      - name: Pre-Release - Previous versions
+        run: |
+          rm -rf charts/camunda-platform-latest
+      - name: Run Chart Releaser - Previous versions
+        uses: helm/chart-releaser-action@a917fd15b20e8b64b94d9158ad54cd6345335584 # v1.6.0
+        with:
+          config: .github/config/chart-releaser.yaml
+        env:
+          CR_TOKEN: '${{ secrets.GITHUB_TOKEN }}'
+          CR_SKIP_EXISTING: 'true'
+      - name: Post-Release - Previous versions
+        run: |
+          mv .cr-release-packages/* release-packages/
+          git checkout :/
+
+      # Release the latest version.
+      - name: Pre-Release - Latest version
+        run: |
+          rm -rf charts/camunda-platform-8*
+      - name: Run Chart Releaser - Latest version
         uses: helm/chart-releaser-action@a917fd15b20e8b64b94d9158ad54cd6345335584 # v1.6.0
         with:
           config: .github/config/chart-releaser.yaml
         env:
           CR_TOKEN: '${{ secrets.GITHUB_TOKEN }}'
           CR_SKIP_EXISTING: 'true'
+      - name: Post-Release - Latest version
+        run: |
+          mv .cr-release-packages/* release-packages/
+          git checkout :/
+
+      # Sign and upload the signature of the chart package.
+      - name: Set Helm chart vars
+        run: |
+          CHART_PACKAGES="$(find release-packages -maxdepth 1 -name "camunda-platform*.tgz" \
+            -exec basename {} \; | xargs)"
+          echo "CHART_PACKAGES=${CHART_PACKAGES}" | tee -a $GITHUB_ENV
       - name: Sign Helm chart with Cosign
         run: |
-          cosign sign-blob -y .cr-release-packages/${CHART_NAME_WITH_VERSION}.tgz \
-            --bundle ${CHART_NAME_WITH_VERSION}.cosign.bundle
+          for chart_package in ${CHART_PACKAGES}; do
+            echo "Package: ${chart_package}"
+            cosign sign-blob -y release-packages/${chart_package} \
+              --bundle "${chart_package%.*}.cosign.bundle"
+          done
       - name: Verify signed Helm chart with Cosign
         run: |
-          cosign verify-blob .cr-release-packages/${CHART_NAME_WITH_VERSION}.tgz \
-            --bundle ./${CHART_NAME_WITH_VERSION}.cosign.bundle \
-            --certificate-identity "https://github.com/${GITHUB_WORKFLOW_REF}" \
-            --certificate-oidc-issuer "https://token.actions.githubusercontent.com"
+          for chart_package in ${CHART_PACKAGES}; do
+            echo "Package: ${chart_package}"
+            cosign verify-blob release-packages/${chart_package} \
+              --bundle "${chart_package%.*}.cosign.bundle" \
+              --certificate-identity "https://github.com/${GITHUB_WORKFLOW_REF}" \
+              --certificate-oidc-issuer "https://token.actions.githubusercontent.com"
+          done
       - name: Upload Helm chart signature bundle
         run: |
-          gh release upload "${CHART_NAME_WITH_VERSION}" \
-            ./${CHART_NAME_WITH_VERSION}.cosign.bundle \
-            --repo "${GITHUB_REPOSITORY}"
+          for chart_package in ${CHART_PACKAGES}; do
+            echo "Package: ${chart_package}"
+            gh release upload "${chart_package%.*}" \
+              "${chart_package%.*}.cosign.bundle" \
+              --repo "${GITHUB_REPOSITORY}"
+          done
         env:
           GH_TOKEN: '${{ secrets.GITHUB_TOKEN }}'
 
@@ -113,7 +163,7 @@ jobs:
       - name: Checkout
         uses: actions/checkout@a5ac7e51b41094c92402da3b24376905380afc29 # v4
         with:
-          # The verify step happens in the "release" branch before merging to the "main" branch.
+          # The verification step happens in the "release" branch before merging into the "main" branch.
           ref: release
           fetch-depth: 0
       - name: Install env dependencies

.github/workflows/chart-update-readme.yaml

@@ -5,6 +5,7 @@ on:
     branches:
       - main
     paths:
+      - 'charts/camunda-platform*/README.md'
       - 'charts/camunda-platform*/values.yaml'
       - '.github/workflows/chart-update-readme.yaml'
 

.github/workflows/chart-validate-template.yaml

@@ -13,7 +13,7 @@ on:
         type: string
       camunda-helm-dir:
         required: false
-        default: camunda-platform
+        default: camunda-platform-latest
         type: string
 
 permissions:

.github/workflows/renovate-post-upgrade.yaml

@@ -33,7 +33,7 @@ jobs:
         token: '${{ steps.generate-github-token.outputs.token }}'
     - uses: actions/setup-go@cdcb36043654635271a94b9a6d1392de5bb323a7 # v5
       with:
-        go-version-file: charts/camunda-platform/go.mod
+        go-version-file: charts/camunda-platform-latest/go.mod
         cache: false
     - uses: asdf-vm/actions/setup@05e0d2ed97b598bfce82fd30daf324ae0c4570e6 # v3
     - uses: actions/cache@0c45773b623bea8c8e75f6c82b208c3cf94ea4f9 # v4

.github/workflows/test-integration-template.yaml

@@ -10,7 +10,7 @@ on:
         type: string
       camunda-helm-dir:
         required: false
-        default: camunda-platform
+        default: camunda-platform-latest
         type: string
       camunda-helm-git-ref:
         required: false

.github/workflows/test-integration.yaml

@@ -8,7 +8,7 @@ on:
     - '.github/actions/gke-login/**'
     - '.github/actions/workflow-vars/**'
     - '.tool-versions'
-    - 'charts/camunda-platform/**'
+    - 'charts/camunda-platform-latest/**'
     types: [opened, closed, reopened, synchronize]
 
 permissions:

.github/workflows/test-regression.yaml

@@ -4,7 +4,7 @@ name: "Test - Regression"
 on:
   pull_request:
     paths:
-    - 'charts/camunda-platform-*/**'
+    - 'charts/camunda-platform-8*/**'
   workflow_dispatch: { }
 
 concurrency:
@@ -32,9 +32,11 @@ jobs:
     - name: Generate chart versions
       id: generate-chart-versions
       uses: ./.github/actions/generate-chart-matrix
+      with:
+        charts-path: "charts/camunda-platform-8*"
 
   validation:
-    if: ${{ needs.init.outputs.matrix != '' }}
+    if: ${{ needs.init.outputs.matrix != '[]' }}
     name: Validation - Camunda ${{ matrix.version }}
     needs: init
     strategy:
@@ -48,7 +50,7 @@ jobs:
       camunda-helm-git-ref: "${{ github.event.pull_request.head.sha }}"
 
   unit:
-    if: ${{ needs.init.outputs.matrix != '' }}
+    if: ${{ needs.init.outputs.matrix != '[]' }}
     name: Unit Test - Camunda ${{ matrix.version }}
     needs: [init]
     strategy:
@@ -62,7 +64,7 @@ jobs:
       camunda-helm-git-ref: "${{ github.event.pull_request.head.sha }}"
 
   integration:
-    if: ${{ needs.init.outputs.matrix != '' }}
+    if: ${{ needs.init.outputs.matrix != '[]' }}
     name: Integration Test - Camunda ${{ matrix.version }}
     needs: [init, validation, unit]
     strategy:

.github/workflows/test-unit-template.yml

@@ -13,7 +13,7 @@ on:
         type: string
       camunda-helm-dir:
         required: false
-        default: camunda-platform
+        default: camunda-platform-latest
         type: string
 
 concurrency:

.github/workflows/test-unit.yml

@@ -5,13 +5,13 @@ on:
     branches:
     - main
     paths:
-    - '.github/**'
+    - '.github/*unit*'
     - '.tool-versions'
     - 'charts/camunda-platform*/**'
     - 'go.*'
   pull_request:
     paths:
-    - '.github/**'
+    - '.github/*unit*'
     - '.tool-versions'
     - 'charts/camunda-platform*/**'
     - 'go.*'
@@ -62,5 +62,5 @@ jobs:
       run: make helm.dependency-update
     - name: ⭐️ Test ⭐️
       run: |
-        cd charts/camunda-platform/test/unit
+        cd charts/camunda-platform-latest/test/unit
         go test $(printf "./%s " ${{ matrix.test.packages }})

.tool-versions

@@ -1,11 +1,9 @@
-helm 3.15.1
-# The kubectl version depends on the K8s CI cluster version
-kubectl 1.27.14
-kustomize 5.4.2
+git-chglog 0.15.4
 golang 1.22.4
-# Task is mainly used to run tests locally or in the CI pipeline.
-task 3.30.1
 gomplate v3.11.8
-git-chglog 0.15.4
-yq 4.44.1
+helm 3.15.1
+kubectl 1.27.14 # The kubectl version depends on the K8s CI cluster version
+kustomize 5.4.2
+task 3.30.1 # Task is mainly used to run tests locally or in the CI pipeline.
 yamllint 1.35.1
+yq 4.44.1