From dda1933c3491a8c007d3d7c76ccebd1af5fb309f Mon Sep 17 00:00:00 2001 From: Ahmed AbouZaid <6760103+aabouzaid@users.noreply.github.com> Date: Wed, 12 Jun 2024 14:26:39 +0200 Subject: [PATCH] chore: support multi version in the release workflow Signed-off-by: Ahmed AbouZaid <6760103+aabouzaid@users.noreply.github.com> --- .github/workflows/chart-release.yaml | 86 ++++++++++++++++++++++------ 1 file changed, 68 insertions(+), 18 deletions(-) diff --git a/.github/workflows/chart-release.yaml b/.github/workflows/chart-release.yaml index 3a00f05889..617c43b32e 100644 --- a/.github/workflows/chart-release.yaml +++ b/.github/workflows/chart-release.yaml @@ -57,20 +57,22 @@ jobs: run: | git config user.name "$GITHUB_ACTOR" git config user.email "$GITHUB_ACTOR@users.noreply.github.com" + - name: Install Chart Releaser + uses: helm/chart-releaser-action@a917fd15b20e8b64b94d9158ad54cd6345335584 # v1.6.0 + with: + install_only: true + env: + CR_TOKEN: '${{ secrets.GITHUB_TOKEN }}' + CR_SKIP_EXISTING: 'true' - name: Add Helm repos run: | make helm.repos-add - name: Update Helm dependency run: | - export chartPath="charts/camunda-platform*" - make helm.dependency-update + chartPath="$(ct list-changed | tr '\n' ' ')" \ + make helm.dependency-update - name: cosign-installer uses: sigstore/cosign-installer@59acb6260d9c0ba8f4a2f9d9b48431a222b68e20 # v3.5.0 - - name: Set Helm chart version var - run: | - CHART_NAME="$(yq '.name' charts/camunda-platform-latest/Chart.yaml)" - CHART_VERSION="$(yq '.version' charts/camunda-platform-latest/Chart.yaml)" - echo "CHART_NAME_WITH_VERSION=${CHART_NAME}-${CHART_VERSION}" | tee -a $GITHUB_ENV # TODO: Move this step to pre-release workflow when we have it. - name: Generate release note footer run: | @@ -79,28 +81,76 @@ jobs: run: | # Clean up badges from readme to avoid showing them in Artifact Hub. sed -ri '/Badge .+/d' charts/camunda-platform-latest/README.md - - name: Run Chart Releaser + mkdir release-packages + + # + # We run Chart Releaser twice as a workaround because it's not possible to control the release order. + # CR by default will release "camunda-platform-10.x.x" first then "camunda-platform-8.x.x", + # however, we want the latest version to show as the latest release in GitHub releases. + # + + # Release previous versions. + - name: Pre-Release - Previous versions + run: | + rm -rf charts/camunda-platform-latest + - name: Run Chart Releaser - Previous versions + uses: helm/chart-releaser-action@a917fd15b20e8b64b94d9158ad54cd6345335584 # v1.6.0 + with: + config: .github/config/chart-releaser.yaml + env: + CR_TOKEN: '${{ secrets.GITHUB_TOKEN }}' + CR_SKIP_EXISTING: 'true' + - name: Post-Release - Previous versions + run: | + mv .cr-release-packages/* release-packages/ + git checkout :/ + + # Release the latest version. + - name: Pre-Release - Latest version + run: | + rm -rf charts/camunda-platform-8* + - name: Run Chart Releaser - Latest version uses: helm/chart-releaser-action@a917fd15b20e8b64b94d9158ad54cd6345335584 # v1.6.0 with: config: .github/config/chart-releaser.yaml env: CR_TOKEN: '${{ secrets.GITHUB_TOKEN }}' CR_SKIP_EXISTING: 'true' + - name: Post-Release - Latest version + run: | + mv .cr-release-packages/* release-packages/ + git checkout :/ + + # Sign and upload the signature of the chart package. + - name: Set Helm chart vars + run: | + CHART_PACKAGES="$(find release-packages -maxdepth 1 -name "camunda-platform*.tgz" \ + -exec basename {} \; | xargs)" + echo "CHART_PACKAGES=${CHART_PACKAGES}" | tee -a $GITHUB_ENV - name: Sign Helm chart with Cosign run: | - cosign sign-blob -y .cr-release-packages/${CHART_NAME_WITH_VERSION}.tgz \ - --bundle ${CHART_NAME_WITH_VERSION}.cosign.bundle + for chart_package in ${CHART_PACKAGES}; do + echo "Package: ${chart_package}" + cosign sign-blob -y release-packages/${chart_package} \ + --bundle "${chart_package%.*}.cosign.bundle" + done - name: Verify signed Helm chart with Cosign run: | - cosign verify-blob .cr-release-packages/${CHART_NAME_WITH_VERSION}.tgz \ - --bundle ./${CHART_NAME_WITH_VERSION}.cosign.bundle \ - --certificate-identity "https://github.com/${GITHUB_WORKFLOW_REF}" \ - --certificate-oidc-issuer "https://token.actions.githubusercontent.com" + for chart_package in ${CHART_PACKAGES}; do + echo "Package: ${chart_package}" + cosign verify-blob release-packages/${chart_package} \ + --bundle "${chart_package%.*}.cosign.bundle" \ + --certificate-identity "https://github.com/${GITHUB_WORKFLOW_REF}" \ + --certificate-oidc-issuer "https://token.actions.githubusercontent.com" + done - name: Upload Helm chart signature bundle run: | - gh release upload "${CHART_NAME_WITH_VERSION}" \ - ./${CHART_NAME_WITH_VERSION}.cosign.bundle \ - --repo "${GITHUB_REPOSITORY}" + for chart_package in ${CHART_PACKAGES}; do + echo "Package: ${chart_package}" + gh release upload "${chart_package%.*}" \ + "${chart_package%.*}.cosign.bundle" \ + --repo "${GITHUB_REPOSITORY}" + done env: GH_TOKEN: '${{ secrets.GITHUB_TOKEN }}' @@ -113,7 +163,7 @@ jobs: - name: Checkout uses: actions/checkout@a5ac7e51b41094c92402da3b24376905380afc29 # v4 with: - # The verify step happens in the "release" branch before merging to the "main" branch. + # The verification step happens in the "release" branch before merging into the "main" branch. ref: release fetch-depth: 0 - name: Install env dependencies