github_actions_ci: Update CHANGELOG and RELEASE-NOTES for shield-0.6.4 #2271
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
name: Release Charts | |
on: | |
push: | |
branches: | |
- main | |
env: | |
GITHUB_USERNAME: draios-jenkins | |
GITHUB_USER_EMAIL: [email protected] | |
jobs: | |
charts-to-release: | |
runs-on: ubuntu-latest | |
outputs: | |
modified-charts-files: ${{ steps.updated-charts.outputs.all_modified_files }} | |
steps: | |
- name: Checkout | |
uses: actions/checkout@v4 | |
with: | |
fetch-depth: 0 | |
- name: Retrieve a list of updated charts | |
id: updated-charts | |
uses: tj-actions/changed-files@v45 | |
with: | |
files: charts/*/Chart.yaml | |
generate-changelog: | |
needs: charts-to-release | |
if: needs.charts-to-release.outputs.modified-charts-files | |
runs-on: ubuntu-latest | |
container: quay.io/sysdig/git-chglog:0.15.1-3-g6e4e27d | |
steps: | |
- name: Checkout | |
uses: actions/checkout@v4 | |
with: | |
fetch-depth: 0 | |
- name: Generate changelog for every updated chart | |
shell: bash | |
run: | | |
set -x | |
git config --global --add safe.directory '*' | |
for chart_file in ${{ needs.charts-to-release.outputs.modified-charts-files }}; do | |
chart_name=$(grep -Po "(?<=^name: ).+" ${chart_file}) | |
chart_version=$(grep -Po "(?<=^version: ).+" ${chart_file}) | |
chart_tag="${chart_name}-${chart_version}" | |
chart_path="charts/${chart_name}" | |
# check if a changelog entry already present | |
if grep -q "^# v$chart_version" "charts/${chart_name}/CHANGELOG.md" | |
then | |
echo "Changelog entry already present, skipping" | |
else | |
# generate the new changelog entry | |
git-chglog \ | |
--config .chglog/config-changelog.yml \ | |
--output "/tmp/CHANGELOG_${chart_name}_new.md" \ | |
--tag-filter-pattern "${chart_name}" \ | |
--next-tag "${chart_tag}" \ | |
--path "${chart_path}" "${chart_tag}" | |
# insert the new changelog entry to the changelog | |
# file after the '## Change Log' header | |
cat "/tmp/CHANGELOG_${chart_name}_new.md" \ | |
| sed -i '/^##\ Change Log$/ r /dev/stdin' \ | |
"charts/${chart_name}/CHANGELOG.md" | |
fi | |
# generate the release notes for github release | |
git-chglog \ | |
--config .chglog/config-release.yml \ | |
--output "${chart_path}/RELEASE-NOTES.md" \ | |
--tag-filter-pattern "${chart_name}" \ | |
--next-tag "${chart_tag}" \ | |
--path "${chart_path}" "${chart_tag}" | |
done | |
- name: Stash changelog files | |
uses: actions/upload-artifact@v4 | |
with: | |
name: generated-changelogs | |
path: | | |
charts/*/RELEASE-NOTES.md | |
charts/*/CHANGELOG.md | |
release-charts: | |
needs: | |
- generate-changelog | |
runs-on: ubuntu-latest | |
steps: | |
- name: Checkout | |
uses: actions/checkout@v4 | |
with: | |
fetch-depth: 0 | |
- name: Unstash generated changelogs | |
uses: actions/download-artifact@v4 | |
with: | |
name: generated-changelogs | |
path: charts | |
- name: Configure Git | |
run: | | |
git config user.name "$GITHUB_USERNAME" | |
git config user.email "$GITHUB_USER_EMAIL" | |
- name: Import GPG key | |
run: | | |
GPG_DIR=".helm-gpg" | |
mkdir "$GPG_DIR" | |
KEYRING_FILE="$GPG_DIR/keyring.gpg" | |
echo "${GPG_PRIVATE_KEY}" | gpg --dearmor --output "${KEYRING_FILE}" | |
PASSPHRASE_FILE="$GPG_DIR/passphrase" | |
echo "${GPG_PASSPHRASE}" > "${PASSPHRASE_FILE}" | |
echo "CR_PASSPHRASE_FILE=$PASSPHRASE_FILE" >> "$GITHUB_ENV" | |
echo "CR_KEYRING=$KEYRING_FILE" >> "$GITHUB_ENV" | |
env: | |
GPG_PASSPHRASE: "${{ secrets.GPG_PASSPHRASE }}" | |
GPG_PRIVATE_KEY: "${{ secrets.GPG_PRIVATE_KEY }}" | |
- name: Set up Helm | |
uses: azure/setup-helm@v4 | |
with: | |
version: v3.10.3 | |
- name: Bundle chart dependencies | |
run: make deps | |
- name: Run Chart Releaser | |
uses: helm/[email protected] | |
with: | |
config: cr.yaml | |
env: | |
CR_TOKEN: "${{ secrets.TOOLS_JENKINS_ADMIN_ACCESS_GITHUB_TOKEN }}" | |
CR_KEY: "${{ secrets.GPG_KEY_NAME }}" | |
- name: Copy README.md files and GPG public key to gh-pages | |
run: | | |
existing_worktree=$(git worktree list --porcelain | grep -B 2 "branch refs/heads/gh-pages" | head -n 1 | cut -d ' ' -f 2) | |
if [[ $existing_worktree != "" ]]; then git worktree remove -f $existing_worktree; fi | |
tmp_folder=$(mktemp -d) | |
git worktree add ${tmp_folder} gh-pages | |
rm -f -r ${tmp_folder}/charts | |
cp -r charts ${tmp_folder}/ | |
pushd ${tmp_folder} | |
git add -A "charts/**/README.md" | |
git add -A "charts/**/values.yaml" | |
echo "${GPG_PUBLIC_KEY}" > public.gpg | |
git add public.gpg | |
if ! git diff-index --quiet HEAD; then | |
git pull && git commit -m "github_actions_ci: Update public key" && git push | |
fi | |
popd | |
env: | |
GPG_PUBLIC_KEY: "${{ secrets.GPG_PUBLIC_KEY }}" | |
commit-changelogs: | |
needs: | |
- charts-to-release | |
- release-charts | |
runs-on: ubuntu-latest | |
steps: | |
- name: Checkout | |
uses: actions/checkout@v4 | |
with: | |
fetch-depth: 0 | |
token: ${{ secrets.TOOLS_JENKINS_ADMIN_ACCESS_GITHUB_TOKEN }} | |
- name: Unstash generated changelogs | |
uses: actions/download-artifact@v4 | |
with: | |
name: generated-changelogs | |
path: charts | |
- name: Configure Git | |
run: | | |
git config user.name "$GITHUB_USERNAME" | |
git config user.email "$GITHUB_USER_EMAIL" | |
- name: Commit CHANGELOG.md and RELEASE-NOTES.md | |
run: | | |
released_charts_files="${{ needs.charts-to-release.outputs.modified-charts-files }}" | |
echo "released_charts_files: ${released_charts_files}" | |
# Commit changes locally. | |
for chart_file in ${released_charts_files}; do | |
chart_name=$(grep -Po "(?<=^name: ).+" ${chart_file}) | |
chart_version=$(grep -Po "(?<=^version: ).+" ${chart_file}) | |
chart_path="charts/${chart_name}" | |
git add ${chart_path}/CHANGELOG.md | |
git add ${chart_path}/RELEASE-NOTES.md | |
git commit -m "github_actions_ci: Update CHANGELOG and RELEASE-NOTES for ${chart_name}-${chart_version}" | |
done | |
# Push changes to the main branch. | |
git push origin "${GITHUB_REF##*/}":main -f |