From 4d8a90d24169255846ef3ce0930e42e491e320ae Mon Sep 17 00:00:00 2001 From: Michael Henderson Date: Wed, 3 Jan 2024 14:03:16 -0800 Subject: [PATCH 1/8] Initial helm chart build workflow for ab#52817 --- .../helm-chart-build-and-release.yml | 70 +++++++++++++++++++ .github/workflows/starter.yml | 11 ++- 2 files changed, 80 insertions(+), 1 deletion(-) create mode 100644 .github/workflows/helm-chart-build-and-release.yml diff --git a/.github/workflows/helm-chart-build-and-release.yml b/.github/workflows/helm-chart-build-and-release.yml new file mode 100644 index 0000000..6f2fce4 --- /dev/null +++ b/.github/workflows/helm-chart-build-and-release.yml @@ -0,0 +1,70 @@ +name: Go build + +on: + workflow_call: + inputs: + release_version: + description: Condition based on release branch build + required: false + type: string + + secrets: + token: + description: 'Secret token from caller workflow to access private packages' + required: true + +jobs: + helm: + runs-on: ubuntu-latest + if: github.event.pull_request.merged == true + steps: + - name: Set IMAGE_NAME + run: | + echo "IMAGE_NAME=${GITHUB_REPOSITORY,,}" >>${GITHUB_ENV} + + # Checkout code + # https://github.com/actions/checkout + - name: Checkout code + uses: actions/checkout@8ade135a41bc03ea155e62e844d188df1ea18608 # v4.1.0 + + # Extract metadata (tags, labels) to use in Helm chart + # https://github.com/docker/metadata-action + - name: Extract Docker metadata + id: meta + uses: docker/metadata-action@96383f45573cb7f253c731d3b3ab81c87ef81934 # v5.0.0 + with: + images: ${{ env.REGISTRY }}/${{ env.IMAGE_NAME }} + + # Set version from DOCKER_METADATA_OUTPUT_VERSION as environment variable + - name: Set Version + run: | + echo "VERSION=${DOCKER_METADATA_OUTPUT_VERSION:1}" >> $GITHUB_ENV + + # Change version and appVersion in Chart.yaml to the tag in the closed PR + - name: Update Helm App/Chart Version + shell: bash + run: | + sed -i "s/^version: .*/version: ${{ env.VERSION }}/g" deploy/charts/command-cert-manager-issuer/Chart.yaml + sed -i "s/^appVersion: .*/appVersion: \"${{ env.DOCKER_METADATA_OUTPUT_VERSION }}\"/g" deploy/charts/command-cert-manager-issuer/Chart.yaml + + # Setup Helm + # https://github.com/Azure/setup-helm + - name: Install Helm + uses: azure/setup-helm@5119fcb9089d432beecbf79bb2c7915207344b78 # v3.5 + with: + token: ${{ secrets.GITHUB_TOKEN }} + + # Helm requires an ident name to be set for chart-releaser to work + - name: Configure Git + run: | + git config user.name "$GITHUB_ACTOR" + git config user.email "$GITHUB_ACTOR@users.noreply.github.com" + + # Build and release Helm chart to GitHub Pages + # https://github.com/helm/chart-releaser-action + - name: Run chart-releaser + uses: helm/chart-releaser-action@be16258da8010256c6e82849661221415f031968 # v1.5.0 + env: + CR_TOKEN: "${{ secrets.GITHUB_TOKEN }}" + with: + charts_dir: deploy/charts \ No newline at end of file diff --git a/.github/workflows/starter.yml b/.github/workflows/starter.yml index 7a3f61d..03eb63b 100644 --- a/.github/workflows/starter.yml +++ b/.github/workflows/starter.yml @@ -57,7 +57,7 @@ jobs: call-go-build-and-release-workflow: needs: [call-get-primary-language, call-assign-from-json-workflow, call-create-github-release-workflow] - if: needs.call-get-primary-language.outputs.primary_language == 'Go' + if: needs.call-get-primary-language.outputs.primary_language == 'Go' && fileExists('.goreleaser.yaml') uses: keyfactor/actions/.github/workflows/go-build-and-release.yml@v2 with: release_version: ${{ needs.call-create-github-release-workflow.outputs.release_version }} @@ -66,6 +66,15 @@ jobs: gpg_key: ${{ secrets.gpg_key }} gpg_pass: ${{ secrets.gpg_pass }} + call-helm-chart-build-and-release-workflow: + needs: [call-get-primary-language, call-assign-from-json-workflow, call-create-github-release-workflow] + if: needs.call-get-primary-language.outputs.primary_language == 'Go' && !fileExists('.goreleaser.yaml') + uses: keyfactor/actions/.github/workflows/helm-chart-build-and-release.yml@ab#52817-add-helm-container-builds + with: + release_version: ${{ needs.call-create-github-release-workflow.outputs.release_version }} + secrets: + token: ${{ secrets.GITHUB_TOKEN }} + call-generate-readme-workflow: if: github.event_name == 'push' || github.event_name == 'workflow_dispatch' uses: Keyfactor/actions/.github/workflows/generate-readme.yml@v2 From 6e61cdbef0a4a61604947c077f34a955fff54892 Mon Sep 17 00:00:00 2001 From: Michael Henderson Date: Thu, 4 Jan 2024 09:24:00 -0800 Subject: [PATCH 2/8] Add SKIP_CHARTS_UPLOAD to set skip_upload in chart-release-action --- .github/workflows/helm-chart-build-and-release.yml | 12 +++++++++++- 1 file changed, 11 insertions(+), 1 deletion(-) diff --git a/.github/workflows/helm-chart-build-and-release.yml b/.github/workflows/helm-chart-build-and-release.yml index 6f2fce4..e002d21 100644 --- a/.github/workflows/helm-chart-build-and-release.yml +++ b/.github/workflows/helm-chart-build-and-release.yml @@ -16,8 +16,17 @@ on: jobs: helm: runs-on: ubuntu-latest + # This job conditional should be moved to a step condition for the actual upload. if: github.event.pull_request.merged == true steps: + - name: get-is-release + run: | + if [[ ("${{ github.event_name }}" == "pull_request") && "${{ inputs.release_version }}" != "" ]]; then + echo "SKIP_CHARTS_UPLOAD=false" | tee -a "$GITHUB_ENV" | tee -a "$GITHUB_STEP_SUMMARY" + else + echo "SKIP_CHARTS_UPLOAD=true" | tee -a "$GITHUB_ENV" | tee -a "$GITHUB_STEP_SUMMARY" + fi + - name: Set IMAGE_NAME run: | echo "IMAGE_NAME=${GITHUB_REPOSITORY,,}" >>${GITHUB_ENV} @@ -67,4 +76,5 @@ jobs: env: CR_TOKEN: "${{ secrets.GITHUB_TOKEN }}" with: - charts_dir: deploy/charts \ No newline at end of file + charts_dir: deploy/charts + skip_upload: ${{ env.SKIP_CHARTS_UPLOAD}} \ No newline at end of file From aa87c70b99b7c2dc26c5946463353315a1ba64eb Mon Sep 17 00:00:00 2001 From: Michael Henderson Date: Thu, 4 Jan 2024 10:29:27 -0800 Subject: [PATCH 3/8] Add step to write the release_version property to pkg/version/version.go AB#53302 --- .github/workflows/go-build-and-release.yml | 4 ++++ .github/workflows/starter.yml | 4 ++-- 2 files changed, 6 insertions(+), 2 deletions(-) diff --git a/.github/workflows/go-build-and-release.yml b/.github/workflows/go-build-and-release.yml index 84041a6..d750055 100644 --- a/.github/workflows/go-build-and-release.yml +++ b/.github/workflows/go-build-and-release.yml @@ -40,6 +40,10 @@ jobs: echo "GO_ARGS=build --snapshot" | tee -a "$GITHUB_ENV" echo "VERSION=0.0.0" | tee -a "$GITHUB_ENV" | tee -a "$GITHUB_STEP_SUMMARY" fi + - name: Update version.go + if: github.event_name == 'pull_request' && fileExists('pkg/version/version.go') # Make this file a property in the manifest + run: | + sed -i "s/const VERSION = .*/const VERSION = \"${{ inputs.release_version }}\"/" pkg/version/version.go - name: Import GPG key uses: crazy-max/ghaction-import-gpg@v6 id: import_gpg diff --git a/.github/workflows/starter.yml b/.github/workflows/starter.yml index 7a3f61d..8b7524c 100644 --- a/.github/workflows/starter.yml +++ b/.github/workflows/starter.yml @@ -57,8 +57,8 @@ jobs: call-go-build-and-release-workflow: needs: [call-get-primary-language, call-assign-from-json-workflow, call-create-github-release-workflow] - if: needs.call-get-primary-language.outputs.primary_language == 'Go' - uses: keyfactor/actions/.github/workflows/go-build-and-release.yml@v2 + if: needs.call-get-primary-language.outputs.primary_language == 'Go' && fileExists('.goreleaser.yaml') + uses: keyfactor/actions/.github/workflows/go-build-and-release.yml@ab#53262-check-pkg-ver with: release_version: ${{ needs.call-create-github-release-workflow.outputs.release_version }} secrets: From d1755135e63619a1a7fc1d8c7d3a3ff9494a90b7 Mon Sep 17 00:00:00 2001 From: Michael Henderson Date: Fri, 5 Jan 2024 15:16:24 -0800 Subject: [PATCH 4/8] Add check for .goreleaser.yaml file using andstor/file-existence-action --- .github/workflows/starter.yml | 21 +++++++++++++++++++-- 1 file changed, 19 insertions(+), 2 deletions(-) diff --git a/.github/workflows/starter.yml b/.github/workflows/starter.yml index 8b7524c..ccdf152 100644 --- a/.github/workflows/starter.yml +++ b/.github/workflows/starter.yml @@ -40,6 +40,23 @@ jobs: run: | echo "primary_language=${{ steps.read.outputs.primary_language}}" | tee -a "$GITHUB_OUTPUT" | tee -a $GITHUB_STEP_SUMMARY + + call-goreleaser-exists: + outputs: + goreleaser-exists: ${{ steps.check_files.outputs.files_exists }} + runs-on: ubuntu-latest + name: Check for .goreleaser file + steps: + - name: Checkout + uses: actions/checkout@v3 + with: + token: ${{ secrets.GITHUB_TOKEN }} + - name: Check file existence + id: check_files + uses: andstor/file-existence-action@v2 + with: + files: ".goreleaser.yaml" + call-create-github-release-workflow: uses: Keyfactor/actions/.github/workflows/github-release.yml@v2 @@ -56,8 +73,8 @@ jobs: token: ${{ secrets.token }} call-go-build-and-release-workflow: - needs: [call-get-primary-language, call-assign-from-json-workflow, call-create-github-release-workflow] - if: needs.call-get-primary-language.outputs.primary_language == 'Go' && fileExists('.goreleaser.yaml') + needs: [call-get-primary-language, call-assign-from-json-workflow, call-create-github-release-workflow,call-goreleaser-exists] + if: needs.call-get-primary-language.outputs.primary_language == 'Go' && needs.call-goreleaser-exists.outputs.goreleaser-exists == 'true' uses: keyfactor/actions/.github/workflows/go-build-and-release.yml@ab#53262-check-pkg-ver with: release_version: ${{ needs.call-create-github-release-workflow.outputs.release_version }} From 3e0c2b506640570122a05747632790f2b757b072 Mon Sep 17 00:00:00 2001 From: Michael Henderson Date: Fri, 5 Jan 2024 15:35:21 -0800 Subject: [PATCH 5/8] Check for version.go file using andstor/file-existence-action --- .github/workflows/go-build-and-release.yml | 19 ++++++++++++++++++- 1 file changed, 18 insertions(+), 1 deletion(-) diff --git a/.github/workflows/go-build-and-release.yml b/.github/workflows/go-build-and-release.yml index d750055..6008f9f 100644 --- a/.github/workflows/go-build-and-release.yml +++ b/.github/workflows/go-build-and-release.yml @@ -20,7 +20,24 @@ on: required: true jobs: + call-version-file-exists: + outputs: + version-file-exists: ${{ steps.check_files.outputs.files_exists }} + runs-on: ubuntu-latest + name: Check for version.go file + steps: + - name: Checkout + uses: actions/checkout@v3 + with: + token: ${{ secrets.GITHUB_TOKEN }} + - name: Check file existence + id: check_files + uses: andstor/file-existence-action@v2 + with: + files: "pkg/version/version.go" # Make this file a property in the manifest and input to the workflow + run-goreleaser: + needs: call-version-file-exists runs-on: ubuntu-latest steps: - uses: actions/checkout@v3 @@ -41,7 +58,7 @@ jobs: echo "VERSION=0.0.0" | tee -a "$GITHUB_ENV" | tee -a "$GITHUB_STEP_SUMMARY" fi - name: Update version.go - if: github.event_name == 'pull_request' && fileExists('pkg/version/version.go') # Make this file a property in the manifest + if: github.event_name == 'pull_request' && needs.call-goreleaser-exists.outputs.version-file-exists == 'true' run: | sed -i "s/const VERSION = .*/const VERSION = \"${{ inputs.release_version }}\"/" pkg/version/version.go - name: Import GPG key From c9579707b4c1412ad07e33c35a1cffed966604fe Mon Sep 17 00:00:00 2001 From: Michael Henderson Date: Fri, 5 Jan 2024 16:18:32 -0800 Subject: [PATCH 6/8] use wildcard match for y*ml --- .github/workflows/starter.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/workflows/starter.yml b/.github/workflows/starter.yml index ccdf152..028b904 100644 --- a/.github/workflows/starter.yml +++ b/.github/workflows/starter.yml @@ -55,7 +55,7 @@ jobs: id: check_files uses: andstor/file-existence-action@v2 with: - files: ".goreleaser.yaml" + files: ".goreleaser.y*ml" call-create-github-release-workflow: uses: Keyfactor/actions/.github/workflows/github-release.yml@v2 From 4b5ea22fcdadee5ab8aed4a9119348c983dae851 Mon Sep 17 00:00:00 2001 From: Michael Henderson Date: Fri, 5 Jan 2024 16:31:18 -0800 Subject: [PATCH 7/8] move check_files step to existing run-goreleaser job --- .github/workflows/go-build-and-release.yml | 23 ++++++---------------- 1 file changed, 6 insertions(+), 17 deletions(-) diff --git a/.github/workflows/go-build-and-release.yml b/.github/workflows/go-build-and-release.yml index 6008f9f..14b0d77 100644 --- a/.github/workflows/go-build-and-release.yml +++ b/.github/workflows/go-build-and-release.yml @@ -20,22 +20,6 @@ on: required: true jobs: - call-version-file-exists: - outputs: - version-file-exists: ${{ steps.check_files.outputs.files_exists }} - runs-on: ubuntu-latest - name: Check for version.go file - steps: - - name: Checkout - uses: actions/checkout@v3 - with: - token: ${{ secrets.GITHUB_TOKEN }} - - name: Check file existence - id: check_files - uses: andstor/file-existence-action@v2 - with: - files: "pkg/version/version.go" # Make this file a property in the manifest and input to the workflow - run-goreleaser: needs: call-version-file-exists runs-on: ubuntu-latest @@ -44,6 +28,11 @@ jobs: with: # Allow goreleaser to access older tag information. fetch-depth: 0 + - name: Check file existence + id: check_files + uses: andstor/file-existence-action@v2 + with: + files: "pkg/version/version.go" # Make this file a property in the manifest and input to the workflow - uses: actions/setup-go@v4 with: go-version-file: 'go.mod' @@ -58,7 +47,7 @@ jobs: echo "VERSION=0.0.0" | tee -a "$GITHUB_ENV" | tee -a "$GITHUB_STEP_SUMMARY" fi - name: Update version.go - if: github.event_name == 'pull_request' && needs.call-goreleaser-exists.outputs.version-file-exists == 'true' + if: github.event_name == 'pull_request' && steps.check_files.outputs.files_exists == 'true' run: | sed -i "s/const VERSION = .*/const VERSION = \"${{ inputs.release_version }}\"/" pkg/version/version.go - name: Import GPG key From 2e85781d4ef62ff215476880d1213d0464b4fea0 Mon Sep 17 00:00:00 2001 From: Michael Henderson Date: Fri, 5 Jan 2024 16:33:54 -0800 Subject: [PATCH 8/8] remove needs --- .github/workflows/go-build-and-release.yml | 1 - 1 file changed, 1 deletion(-) diff --git a/.github/workflows/go-build-and-release.yml b/.github/workflows/go-build-and-release.yml index 14b0d77..adb297e 100644 --- a/.github/workflows/go-build-and-release.yml +++ b/.github/workflows/go-build-and-release.yml @@ -21,7 +21,6 @@ on: jobs: run-goreleaser: - needs: call-version-file-exists runs-on: ubuntu-latest steps: - uses: actions/checkout@v3