feat(ci): using separate workflows for gitguardian #1
Workflow file for this run
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| name: "Pull Request" | |
| on: | |
| pull_request: | |
| types: | |
| - opened | |
| - reopened | |
| - synchronize | |
| branches: | |
| - main | |
| jobs: | |
| lint-test: | |
| runs-on: ubuntu-latest | |
| outputs: | |
| changed: ${{ steps.list-changed.outputs.changed }} | |
| changedCharts: ${{ steps.list-changed.outputs.changedCharts }} | |
| steps: | |
| - name: Setup Helm | |
| uses: Azure/[email protected] | |
| with: | |
| version: 'v3.19.2' | |
| - name: Checkout pull request branch | |
| uses: actions/[email protected] | |
| with: | |
| ref: ${{ github.head_ref }} | |
| repository: ${{github.event.pull_request.head.repo.full_name}} | |
| fetch-depth: 0 | |
| # Python is required because `ct lint` runs Yamale (https://github.com/23andMe/Yamale) and | |
| # yamllint (https://github.com/adrienverge/yamllint) which require Python | |
| - name: Set up Python | |
| uses: actions/setup-python@65d7f2d534ac1bc67fcd62888c5f4f3d2cb2b236 # v4.7.1 | |
| with: | |
| python-version: 3.13 | |
| - name: Set up chart-testing-action | |
| uses: helm/[email protected] | |
| - name: Get changed charts | |
| id: list-changed | |
| run: | | |
| changed=$(ct list-changed --target-branch ${{ github.event.repository.default_branch }}) | |
| if [[ -n "$changed" ]]; then | |
| echo "Changed charts:" | |
| echo "$changed" | |
| echo "changed=true" >> $GITHUB_OUTPUT | |
| echo 'changedCharts<<EOF' >> $GITHUB_OUTPUT | |
| echo $changed >> $GITHUB_OUTPUT | |
| echo 'EOF' >> $GITHUB_OUTPUT | |
| else | |
| echo "No chart changes detected" | |
| fi | |
| - name: Installing plugin helm-unittest | |
| if: steps.list-changed.outputs.changed == 'true' | |
| run: helm plugin install https://github.com/helm-unittest/helm-unittest >/dev/null | |
| - name: Run chart testing (lint & unittest) | |
| if: steps.list-changed.outputs.changed == 'true' | |
| run: ct lint --target-branch ${{ github.event.repository.default_branch }} --validate-maintainers=false --additional-commands "helm unittest {{ .Path }}" | |
| update-changelog: | |
| runs-on: ubuntu-latest | |
| needs: [lint-test] | |
| name: Automatically update CHANGELOG | |
| permissions: | |
| contents: write | |
| if: needs.lint-test.outputs.changed == 'true' | |
| steps: | |
| - name: Checkout pull request branch | |
| uses: actions/[email protected] | |
| with: | |
| ref: ${{ github.head_ref }} | |
| repository: ${{github.event.pull_request.head.repo.full_name}} | |
| fetch-depth: 0 | |
| - name: Configure Git | |
| run: | | |
| git config user.name 'github-actions[bot]' | |
| git config user.email 'github-actions[bot]@users.noreply.github.com' | |
| - name: Fetch tags | |
| run: | | |
| git fetch --tags | |
| - name: Install conventional-changelog-cli | |
| run: npm install -g conventional-changelog-cli | |
| - name: Generate changelog | |
| id: generate-changelog | |
| env: | |
| PULL_REQUEST_NUMBER: "${{ github.event.pull_request.number }}" | |
| PULL_REQUEST_URL: "${{ github.server_url }}/${{ github.repository }}/pull/${{ github.event.number }}" | |
| GITHUB_TOKEN: "${{ github.token }}" | |
| CHANGED_CHARTS: ${{ needs.lint-test.outputs.changedCharts }} | |
| run: | | |
| PR_TITLE="$(gh api "/repos/${GITHUB_REPOSITORY}/pulls/${PULL_REQUEST_NUMBER}" | jq -r '.title')" | |
| for chart_directory in ${CHANGED_CHARTS}; do | |
| CHART_NAME=${chart_directory#charts/} | |
| echo "Updating CHANGELOG for chart $CHART_NAME" | |
| # Extract version from Chart.yaml | |
| CHART_VERSION=$(yq eval '.version' "${GITHUB_WORKSPACE}/charts/${CHART_NAME}/Chart.yaml") | |
| CHANGELOG_FILE="${GITHUB_WORKSPACE}/charts/${CHART_NAME}/CHANGELOG.md" | |
| CHANGELOG_TMP_FILE="${GITHUB_WORKSPACE}/charts/${CHART_NAME}/CHANGELOG.md.tmp" | |
| touch "$CHANGELOG_FILE" | |
| # Generate new CHANGELOG.md | |
| npx conventional-changelog-cli -i "$CHANGELOG_FILE" -s -t "${CHART_NAME}-" -r 0 --commit-path "charts/${CHART_NAME}" | |
| # Remove unreleased section (includes all intermediate commits in the branch) and create future entry based on PR title | |
| # The unreleased section looks like this "## (YYYY-MM-DD)" whereas a released section looks like this "## 0.0.1 (YYYY-MM-DD)" | |
| # So we only need to find a released section to start printing in the awk script below | |
| awk '/^##[^(]*[0-9]/ {flag=1} flag {print}' "$CHANGELOG_FILE" > "$CHANGELOG_TMP_FILE" | |
| # Remove chart name prefixes from commit messages | |
| sed -i -E "s/\* \[${CHART_NAME}\] /\* /gi" "$CHANGELOG_TMP_FILE" | |
| sed -i -E "s/\* \[$(echo ${CHART_NAME} | tr '[:lower:]' '[:upper:]')\] /\* /g" "$CHANGELOG_TMP_FILE" | |
| # Remove extra newlines so the changelog file passes the markdown linter | |
| sed -i -E -e '/^$/d' "$CHANGELOG_TMP_FILE" && sed -i -E -e 's/(##.*)/\n\1\n/g' "$CHANGELOG_TMP_FILE" | |
| # Include h1 heading and add entry for the current version. There is no tag for the current version (this will be created once merged), so we need to manually add it. | |
| # We know the final squashed commit title, which will be the PR title. We cannot add a link to the commit in the main branch because it has not been | |
| # merged yet (this will be corrected once a new version regenerates the changelog). Instead, we add the PR url which contains the exact same information. | |
| echo -e -n "# Changelog\n\n## $CHART_VERSION ($(date +'%Y-%m-%d'))\n\n* ${PR_TITLE} ([#${PULL_REQUEST_NUMBER}](${PULL_REQUEST_URL}))\n" > "$CHANGELOG_FILE" | |
| cat "$CHANGELOG_TMP_FILE" >> "$CHANGELOG_FILE" | |
| rm "$CHANGELOG_TMP_FILE" | |
| # Commit all changes, if any | |
| if git status -s | grep "charts/${CHART_NAME}/CHANGELOG.md"; then | |
| git add "charts/${CHART_NAME}/CHANGELOG.md" | |
| git commit -m "Update CHANGELOG.md" --signoff | |
| fi | |
| done | |
| - name: Push all changes | |
| run: | | |
| cd $GITHUB_WORKSPACE/charts | |
| # Push all the new commits, if any | |
| if [[ $(git cherry -v) ]]; then | |
| git push | |
| else | |
| echo "No changed CHANGELOGS, skip push" | |
| fi | |
| publish-chart: | |
| name: Publish Helm Chart | |
| needs: [lint-test] | |
| runs-on: ubuntu-latest | |
| steps: | |
| - uses: azure/[email protected] | |
| with: | |
| version: 'v3.19.2' | |
| - name: Checkout pull request branch | |
| uses: actions/[email protected] | |
| with: | |
| ref: ${{ github.head_ref }} | |
| repository: ${{github.event.pull_request.head.repo.full_name}} | |
| fetch-depth: 0 | |
| - name: Set up chart-testing-action | |
| uses: helm/[email protected] | |
| - name: Get changed charts | |
| id: list-changed | |
| run: | | |
| changed=$(ct list-changed --target-branch ${{ github.event.repository.default_branch }}) | |
| if [[ -n "$changed" ]]; then | |
| echo "Changed charts:" | |
| echo "$changed" | |
| changed_list=$(echo "$changed" | tr '\n' ',' | sed 's/,$//') | |
| echo "changed=$changed_list" >> $GITHUB_OUTPUT | |
| else | |
| echo "No chart changes detected" | |
| fi | |
| - name: Publish Helm chart to ttl | |
| id: upload | |
| if: ${{ steps.list-changed.outputs.changed }} | |
| run: | | |
| CHANGED_CHARTS="${{ steps.list-changed.outputs.changed }}" | |
| RELEASED_CHARTS="" | |
| for chart_directory in ${CHANGED_CHARTS//,/ }; do | |
| CHART_NAME=${chart_directory#charts/} | |
| cd $chart_directory | |
| SHORT_SHA=$(echo "${{ github.sha }}" | cut -c1-7) | |
| CHART_VERSION="0.1.0-${{ github.run_number }}" | |
| APP_VERSION="unstable-${SHORT_SHA}" | |
| helm dep update . | |
| helm lint --strict . | |
| helm package . --app-version=${APP_VERSION} --version=${CHART_VERSION} | |
| # Push to GHCR | |
| echo "Pushing Helm chart $CHART_NAME-$CHART_VERSION.tgz to oci://ttl.sh/${{ github.event.repository.name }}" | |
| if helm push ./$CHART_NAME-$CHART_VERSION.tgz oci://ttl.sh/${{ github.event.repository.name }}; then | |
| echo "Successfully released $CHART_NAME-$CHART_VERSION to ttl.sh" | |
| else | |
| echo "Failed to push $CHART_NAME-$CHART_VERSION to ttl.sh" | |
| exit 1 | |
| fi | |
| cd ${{ github.workspace }} | |
| done | |
| echo "released_charts=$RELEASED_CHARTS" >> "$GITHUB_OUTPUT" |