From 8c9a92b28e0ba0447013cfc2cb1f13f550be032e Mon Sep 17 00:00:00 2001 From: afdesk Date: Thu, 17 Apr 2025 05:00:48 +0600 Subject: [PATCH] ci(helm): create a helm branch for patches from main (#8673) --- .github/workflows/publish-chart.yaml | 33 ---------------------------- .github/workflows/release.yaml | 30 +++++++++++++++++++++++++ magefiles/helm.go | 6 +++++ 3 files changed, 36 insertions(+), 33 deletions(-) diff --git a/.github/workflows/publish-chart.yaml b/.github/workflows/publish-chart.yaml index ba36eed683..1f3bfd63fe 100644 --- a/.github/workflows/publish-chart.yaml +++ b/.github/workflows/publish-chart.yaml @@ -13,9 +13,6 @@ on: - main paths: - 'helm/trivy/**' - push: - tags: - - "v*" env: HELM_REP: helm-charts GH_OWNER: aquasecurity @@ -25,7 +22,6 @@ env: jobs: # `test-chart` job starts if a PR with Helm Chart is created, merged etc. test-chart: - if: github.event_name != 'push' runs-on: ubuntu-24.04 steps: - name: Checkout @@ -56,35 +52,6 @@ jobs: sed -i -e '136s,false,'true',g' ./helm/trivy/values.yaml ct lint-and-install --validate-maintainers=false --charts helm/trivy - # `update-chart-version` job starts if a new tag is pushed - update-chart-version: - if: github.event_name == 'push' - runs-on: ubuntu-24.04 - steps: - - name: Checkout - uses: actions/checkout@v4.1.6 - with: - fetch-depth: 0 - - - name: Set up Git user - run: | - git config --global user.email "actions@github.com" - git config --global user.name "GitHub Actions" - - - name: Set up Go - uses: actions/setup-go@v5 - with: - go-version-file: go.mod - - - name: Install Go tools - run: go install tool # GOBIN is added to the PATH by the setup-go action - - - name: Create a PR with Trivy version - run: mage helm:updateVersion - env: - # Use ORG_REPO_TOKEN instead of GITHUB_TOKEN - # This allows the created PR to trigger tests and other workflows - GITHUB_TOKEN: ${{ secrets.ORG_REPO_TOKEN }} # `publish-chart` job starts if a PR with a new Helm Chart is merged or manually publish-chart: diff --git a/.github/workflows/release.yaml b/.github/workflows/release.yaml index d7fb59bc29..02f5943144 100644 --- a/.github/workflows/release.yaml +++ b/.github/workflows/release.yaml @@ -55,3 +55,33 @@ jobs: - name: Create deb repository run: ci/deploy-deb.sh + + # `update-chart-version` creates a new PR for updating the helm chart + update-chart-version: + needs: deploy-packages + runs-on: ubuntu-22.04 + steps: + - name: Checkout + uses: actions/checkout@v4.1.6 + with: + fetch-depth: 0 + + - name: Set up Git user + run: | + git config --global user.email "actions@github.com" + git config --global user.name "GitHub Actions" + + - name: Set up Go + uses: actions/setup-go@v5 + with: + go-version-file: go.mod + + - name: Install Go tools + run: go install tool # GOBIN is added to the PATH by the setup-go action + + - name: Create a PR with Trivy version + run: mage helm:updateVersion + env: + # Use ORG_REPO_TOKEN instead of GITHUB_TOKEN + # This allows the created PR to trigger tests and other workflows + GITHUB_TOKEN: ${{ secrets.ORG_REPO_TOKEN }} diff --git a/magefiles/helm.go b/magefiles/helm.go index 443c57eed0..1d904fccd9 100644 --- a/magefiles/helm.go +++ b/magefiles/helm.go @@ -22,6 +22,12 @@ func main() { log.Fatalf("could not determine Trivy version: %v", err) } + // Checkout the main branch to get the latest chart version, that was changed after the previous release + // It needs for correctly updating the chart version of patch releases + if err := sh.Run("git", "checkout", "main"); err != nil { + log.Fatalf("failed to run `git checkout main`: %w", err) + } + newHelmVersion, err := bumpHelmChart(chartFile, trivyVersion) if err != nil { log.Fatalf("could not bump Trivy version to %q: %v", trivyVersion, err)