ci(helm): create a helm branch for patches from main (#8673)

2025-12-05 20:40:16 -08:00 · 2025-04-17 05:00:48 +06:00
parent 0d3efa5dc1
commit 8c9a92b28e
3 changed files with 36 additions and 33 deletions
--- a/.github/workflows/publish-chart.yaml
+++ b/.github/workflows/publish-chart.yaml
@@ -13,9 +13,6 @@ on:
      - main
    paths:
      - 'helm/trivy/**'
-  push:
-    tags:
-      - "v*"
 env:
  HELM_REP: helm-charts
  GH_OWNER: aquasecurity
@@ -25,7 +22,6 @@ env:
 jobs:
  # `test-chart` job starts if a PR with Helm Chart is created, merged etc.
  test-chart:
-    if: github.event_name != 'push'
    runs-on: ubuntu-24.04
    steps:
      - name: Checkout
@@ -56,35 +52,6 @@ jobs:
          sed -i -e '136s,false,'true',g' ./helm/trivy/values.yaml
          ct lint-and-install --validate-maintainers=false --charts helm/trivy

-  # `update-chart-version` job starts if a new tag is pushed
-  update-chart-version:
-    if: github.event_name == 'push'
-    runs-on: ubuntu-24.04
-    steps:
-      - name: Checkout
-        uses: actions/checkout@v4.1.6
-        with:
-          fetch-depth: 0
-
-      - name: Set up Git user
-        run: |
-          git config --global user.email "actions@github.com"
-          git config --global user.name "GitHub Actions"
-
-      - name: Set up Go
-        uses: actions/setup-go@v5
-        with:
-          go-version-file: go.mod
-
-      - name: Install Go tools
-        run: go install tool # GOBIN is added to the PATH by the setup-go action  
-
-      - name: Create a PR with Trivy version
-        run: mage helm:updateVersion
-        env:
-          # Use ORG_REPO_TOKEN instead of GITHUB_TOKEN
-          # This allows the created PR to trigger tests and other workflows
-          GITHUB_TOKEN: ${{ secrets.ORG_REPO_TOKEN }}

  # `publish-chart` job starts if a PR with a new Helm Chart is merged or manually
  publish-chart:
--- a/.github/workflows/release.yaml
+++ b/.github/workflows/release.yaml
@@ -55,3 +55,33 @@ jobs:

      - name: Create deb repository
        run: ci/deploy-deb.sh
+
+  # `update-chart-version` creates a new PR for updating the helm chart
+  update-chart-version:
+    needs: deploy-packages
+    runs-on: ubuntu-22.04
+    steps:
+      - name: Checkout
+        uses: actions/checkout@v4.1.6
+        with:
+          fetch-depth: 0
+
+      - name: Set up Git user
+        run: |
+          git config --global user.email "actions@github.com"
+          git config --global user.name "GitHub Actions"
+
+      - name: Set up Go
+        uses: actions/setup-go@v5
+        with:
+          go-version-file: go.mod
+
+      - name: Install Go tools
+        run: go install tool # GOBIN is added to the PATH by the setup-go action
+
+      - name: Create a PR with Trivy version
+        run: mage helm:updateVersion
+        env:
+          # Use ORG_REPO_TOKEN instead of GITHUB_TOKEN
+          # This allows the created PR to trigger tests and other workflows
+          GITHUB_TOKEN: ${{ secrets.ORG_REPO_TOKEN }}
--- a/magefiles/helm.go
+++ b/magefiles/helm.go
@@ -22,6 +22,12 @@ func main() {
 		log.Fatalf("could not determine Trivy version: %v", err)
 	}

+	// Checkout the main branch to get the latest chart version, that was changed after the previous release
+	// It needs for correctly updating the chart version of patch releases
+	if err := sh.Run("git", "checkout", "main"); err != nil {
+		log.Fatalf("failed to run `git checkout main`: %w", err)
+	}
+
 	newHelmVersion, err := bumpHelmChart(chartFile, trivyVersion)
 	if err != nil {
 		log.Fatalf("could not bump Trivy version to %q: %v", trivyVersion, err)