-
Notifications
You must be signed in to change notification settings - Fork 210
122 lines (110 loc) · 5.62 KB
/
release.yml
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
name: Release Charts
on:
push:
branches:
- master
# Weekly nri-bundle release
schedule:
- cron: "0 12 * * 2" # Tuesday at 12pm UTC or 5am PT
# Prevent two release workflows from running concurrently, which might cause WAR race conditions in the repository
# Ref: https://docs.github.com/en/actions/reference/workflow-syntax-for-github-actions#concurrency
concurrency: helm-release
env:
ORIGINAL_REPO_NAME: ${{ github.event.repository.full_name }}
jobs:
# Sometimes chart-releaser might fetch an outdated index.yaml from gh-pages, causing a WAW hazard on the repo
# This job checks the remote file is up to date with the local one on release
validate-gh-pages-index:
runs-on: ubuntu-latest
steps:
- name: Checkout
uses: actions/checkout@v4
with:
ref: gh-pages
- name: Download remote index file and check equality
run: |
curl -vsSL https://${{ github.repository_owner }}.github.io/${{ github.event.repository.name }}/index.yaml > index.yaml.remote
LOCAL="$(md5sum < index.yaml)"
REMOTE="$(md5sum < index.yaml.remote)"
echo "$LOCAL" = "$REMOTE"
test "$LOCAL" = "$REMOTE"
release:
runs-on: ubuntu-latest
needs: [ validate-gh-pages-index ]
steps:
- name: Checkout
uses: actions/checkout@v4
# chart-releaser need all the history of the repo to see what changed in the file tree and evaluate which charts need to be released
with:
fetch-depth: 0
- name: Add helm repositories
run: |
helm repo add newrelic-helm-charts https://newrelic.github.io/helm-charts
helm repo add newrelic-cdn-helm-charts https://helm-charts.newrelic.com
helm repo add newrelic-infrastructure https://newrelic.github.io/nri-kubernetes
helm repo add nri-prometheus https://newrelic.github.io/nri-prometheus
helm repo add newrelic-prometheus-configurator https://newrelic.github.io/newrelic-prometheus-configurator
helm repo add nri-metadata-injection https://newrelic.github.io/k8s-metadata-injection
helm repo add newrelic-k8s-metrics-adapter https://newrelic.github.io/newrelic-k8s-metrics-adapter
helm repo add kube-state-metrics https://kubernetes.github.io/kube-state-metrics
helm repo add nri-kube-events https://newrelic.github.io/nri-kube-events
helm repo add pixie-operator-chart https://pixie-operator-charts.storage.googleapis.com
helm repo add newrelic-infra-operator https://newrelic.github.io/newrelic-infra-operator
helm repo add prometheus-community https://prometheus-community.github.io/helm-charts
helm repo add flux2 https://fluxcd-community.github.io/helm-charts
helm repo add k8s-agents-operator https://newrelic.github.io/k8s-agents-operator
- name: Configure Git
run: |
git config user.name "$GITHUB_ACTOR"
git config user.email "$GITHUB_ACTOR@users.noreply.github.com"
- name: Merge Renovate PR updating bundle dependencies
if: github.event_name == 'schedule'
# GITHUB_TOKEN does not allow to merge PRs with admin
# privilege, so use alternative token
# Source: https://stackoverflow.com/questions/74274130/allow-github-actions-to-merge-prs-on-protected-branch
env:
GITHUB_TOKEN: "${{ secrets.K8S_AGENTS_BOT_TOKEN }}"
run: |
PR_NUMBER=$(gh pr list --search "is:pr is:open author:app/renovate 'Update bundle dependencies' in:title" --json="number" --jq '.[0].number')
if [[ -n "${PR_NUMBER}" ]]; then
echo "Proceeding to merge PR #${PR_NUMBER}"
gh pr merge ${PR_NUMBER} \
--admin \
--body "Automatically merged by github-actions" \
--delete-branch \
--squash
else
echo "No PR found. Nothing to merge"
fi
# As of today, there is no way to filter/exclude charts to be released. Config does not support it:
# https://github.com/helm/chart-releaser/blob/4eb598f96aa53d1c0b8234af2087834e1f2275e1/pkg/config/config.go#L40-L61
# So we delete the Chart.yaml to filter the chart: https://github.com/helm/chart-releaser-action/pull/18
- name: remove the chart template as it should not be deployed
run: |
rm ./library/CHART-TEMPLATE/Chart.yaml
- name: Release library charts
uses: helm/chart-releaser-action@v1.6.0
with:
charts_dir: library
env:
CR_TOKEN: "${{ secrets.GITHUB_TOKEN }}"
CR_SKIP_EXISTING: true
- name: Release workload charts
uses: helm/chart-releaser-action@v1.6.0
env:
# GITHUB_TOKEN does not allow to create a new workflow run,
# so use alternative token to allow post-release workflow to run
# Source: https://docs.github.com/en/actions/security-guides/automatic-token-authentication#using-the-github_token-in-a-workflow
CR_TOKEN: "${{ secrets.K8S_AGENTS_BOT_TOKEN }}"
CR_SKIP_EXISTING: true
notify-failure:
if: ${{ always() && failure() && (github.event_name == 'schedule') }}
needs: [validate-gh-pages-index, release]
runs-on: ubuntu-latest
steps:
- name: Notify failure via Slack
uses: archive/github-actions-slack@v2.9.0
with:
slack-bot-user-oauth-access-token: ${{ secrets.K8S_AGENTS_SLACK_TOKEN }}
slack-channel: ${{ secrets.K8S_AGENTS_SLACK_CHANNEL }}
slack-text: "❌ `${{ env.ORIGINAL_REPO_NAME }}`: <${{ github.server_url }}/${{ env.ORIGINAL_REPO_NAME }}/actions/runs/${{ github.run_id }}|'Release Charts' failed>."