Merge commit '3191aa5' into fspiers/ENT-3334/incremental-sync-batch-2

Author: Frederic Spiers

.github/workflows/pull-request.yaml

@@ -49,7 +49,7 @@ jobs:
           python-version: 3.11
 
       - name: Set up chart-testing-action
-        uses: helm/chart-testing-action@0d28d3144d3a25ea2cc349d6e59901c4ff469b3b # v2.7.0
+        uses: helm/chart-testing-action@6ec842c01de15ebb84c8627d2744a0c2f2755c9f # v2.8.0
 
       - name: Get changed charts
         id: list-changed

.github/workflows/release.yaml

@@ -11,6 +11,10 @@ on:
         required: false
         type: boolean
         default: false
+      chart:
+        description: 'Specific chart to release (optional, e.g. "charts/my-chart")'
+        required: false
+        type: string
 
 concurrency:
   group: release
@@ -48,6 +52,22 @@ jobs:
           username: ${{ github.actor }}
           password: ${{ secrets.GITHUB_TOKEN }}
 
+      - name: Update chart dependencies
+        run: |
+          set -euo pipefail
+          echo "Updating dependencies for all charts..."
+          for chart_dir in charts/*; do
+            if [ -f "$chart_dir/Chart.yaml" ]; then
+              echo "Processing $chart_dir..."
+              if grep -q "^dependencies:" "$chart_dir/Chart.yaml"; then
+                echo "  → Updating dependencies for $chart_dir"
+                helm dependency update "$chart_dir"
+              else
+                echo "  → No dependencies found, skipping"
+              fi
+            fi
+          done
+
       - name: Run chart-releaser
         id: chart-releaser
         uses: helm/chart-releaser-action@cae68fefc6b5f367a0275617c9f83181ba54714f # v1.7.0
@@ -56,9 +76,33 @@ jobs:
         env:
           CR_TOKEN: "${{ secrets.GITHUB_TOKEN }}"
 
+      - name: Package manually specified chart
+        if: ${{ github.event.inputs.chart != '' }}
+        run: |
+          set -euo pipefail
+          CHART_DIR="${{ github.event.inputs.chart }}"
+
+          if [ ! -d "$CHART_DIR" ]; then
+            echo "ERROR: Chart directory $CHART_DIR does not exist"
+            exit 1
+          fi
+
+          # Update dependencies if they exist
+          if grep -q "^dependencies:" "$CHART_DIR/Chart.yaml"; then
+            echo "Updating dependencies for $CHART_DIR..."
+            helm dependency update "$CHART_DIR"
+          fi
+
+          echo "Packaging chart from $CHART_DIR..."
+          mkdir -p .cr-release-packages
+          helm package "$CHART_DIR" --destination .cr-release-packages
+
+          echo "Packaged charts:"
+          ls -lh .cr-release-packages/
+
       - name: Install cosign
         uses: sigstore/[email protected]
-        if: ${{ steps.chart-releaser.outputs.changed_charts }}
+        if: ${{ steps.chart-releaser.outputs.changed_charts || github.event.inputs.chart != '' }}
 
       - id: github-repo-owner-name
         uses: ASzc/change-string-case-action@d0603cd0a7dd490be678164909f65c7737470a7f # v6
@@ -67,129 +111,81 @@ jobs:
 
       - name: Upload charts to OCI registries
         id: upload
-        if: ${{ steps.chart-releaser.outputs.changed_charts }}
+        if: ${{ steps.chart-releaser.outputs.changed_charts || github.event.inputs.chart != '' }}
         env:
           COSIGN_KEY: ${{ secrets.COSIGN_KEY }}
           COSIGN_PASSWORD: ${{ secrets.COSIGN_PASSWORD }}
           REGISTRY_USER: ${{ secrets.REGISTRY_USER }}
         run: |
           set -euo pipefail
 
-          CHANGED_CHARTS="${{ steps.chart-releaser.outputs.changed_charts }}"
+          # Determine which charts to release
+          if [ -n "${{ github.event.inputs.chart }}" ]; then
+            echo "Manual chart specified: ${{ github.event.inputs.chart }}"
+            CHANGED_CHARTS="${{ github.event.inputs.chart }}"
+          else
+            CHANGED_CHARTS="${{ steps.chart-releaser.outputs.changed_charts }}"
+          fi
+
+
+          if [ -z "$CHANGED_CHARTS" ]; then
+            echo "No charts to release."
+            exit 0
+          fi
 
           # Retry function for network operations
           retry() {
             local max_attempts=3
             local attempt=1
             local delay=5
-
             while [ $attempt -le $max_attempts ]; do
-              if "$@"; then
-                return 0
-              else
-                echo "Attempt $attempt failed. Retrying in ${delay}s..."
-                sleep $delay
-                delay=$((delay * 2))
-                attempt=$((attempt + 1))
-              fi
+              if "$@"; then return 0; fi
+              echo "Attempt $attempt failed. Retrying in ${delay}s..."
+              sleep $delay
+              delay=$((delay * 2))
+              attempt=$((attempt + 1))
             done
-
             echo "ERROR: All $max_attempts attempts failed"
             return 1
           }
 
-          # Login to primary registry with retry
           echo "Logging into primary registry..."
           retry helm registry login --username $REGISTRY_USER --password ${{ secrets.REGISTRY_PASSWORD }} https://${{ vars.REGISTRY }}
 
-          # Login to GHCR with retry
           echo "Logging into GHCR..."
           retry helm registry login --username ${{ github.actor }} --password ${{ secrets.GITHUB_TOKEN }} https://ghcr.io
 
           RELEASED_CHARTS=""
           for chart_directory in ${CHANGED_CHARTS//,/ }; do
             CHART_NAME=${chart_directory#charts/}
-
             cd $chart_directory
 
-            # Extract version and appVersion from Chart.yaml
             CHART_VERSION=$(yq eval '.version' "Chart.yaml")
             APP_VERSION=$(yq eval '.appVersion' "Chart.yaml")
 
-            # Push to primary registry (Docker Hub) with retry
             echo "Pushing Helm chart $CHART_NAME-$CHART_VERSION.tgz to oci://${{ vars.REGISTRY }}/${{ vars.REPOSITORY }}"
             if retry helm push ${{ github.workspace }}/.cr-release-packages/${CHART_NAME}-${CHART_VERSION}.tgz oci://${{ vars.REGISTRY }}/${{ vars.REPOSITORY }} 2>&1 | tee ${CHART_NAME}-output.log; then
-
-              # Extract digest and sign chart
-              # More robust parsing: looks for "Digest: sha256:..." pattern
               DIGEST=$(grep -oP 'Digest:\s*\K(sha256:[a-f0-9]+)' ${CHART_NAME}-output.log || echo "")
-
-              if [ -z "$DIGEST" ]; then
-                echo "ERROR: Failed to extract digest from helm push output"
-                echo "Output was:"
-                cat ${CHART_NAME}-output.log
-                exit 1
-              fi
-
-              echo "Extracted digest: $DIGEST"
-              echo "Signing chart at ${{ vars.REGISTRY }}/${{ vars.REPOSITORY }}/${CHART_NAME}:${CHART_VERSION}@$DIGEST"
-
-              if ! cosign sign -y --upload=true --key env://COSIGN_KEY ${{ vars.REGISTRY }}/${{ vars.REPOSITORY }}/${CHART_NAME}:${CHART_VERSION}@$DIGEST; then
-                echo "ERROR: Failed to sign chart"
-                exit 1
-              fi
-
+              [ -z "$DIGEST" ] && echo "ERROR: Failed to extract digest" && cat ${CHART_NAME}-output.log && exit 1
+              cosign sign -y --upload=true --key env://COSIGN_KEY ${{ vars.REGISTRY }}/${{ vars.REPOSITORY }}/${CHART_NAME}:${CHART_VERSION}@$DIGEST
               RELEASED_CHARTS="$RELEASED_CHARTS ${CHART_NAME}"
-              echo "Successfully released $CHART_NAME-$CHART_VERSION to primary registry"
-            else
-              echo "ERROR: Failed to push $CHART_NAME-$CHART_VERSION to primary registry"
-              cat ${CHART_NAME}-output.log
-              exit 1
             fi
 
-            # Push to GHCR with retry
-            echo "Pushing Helm chart $CHART_NAME-$CHART_VERSION.tgz to oci://ghcr.io/${{ steps.github-repo-owner-name.outputs.lowercase }}/helm-charts"
+            echo "Pushing Helm chart $CHART_NAME-$CHART_VERSION.tgz to GHCR..."
             if retry helm push ${{ github.workspace }}/.cr-release-packages/${CHART_NAME}-${CHART_VERSION}.tgz oci://ghcr.io/${{ steps.github-repo-owner-name.outputs.lowercase }}/helm-charts 2>&1 | tee ${CHART_NAME}-ghcr-output.log; then
-
-              # Extract digest and sign GHCR chart
-              # More robust parsing: looks for "Digest: sha256:..." pattern
               GHCR_DIGEST=$(grep -oP 'Digest:\s*\K(sha256:[a-f0-9]+)' ${CHART_NAME}-ghcr-output.log || echo "")
-
-              if [ -z "$GHCR_DIGEST" ]; then
-                echo "ERROR: Failed to extract digest from helm push output"
-                echo "Output was:"
-                cat ${CHART_NAME}-ghcr-output.log
-                exit 1
-              fi
-
-              echo "Extracted digest: $GHCR_DIGEST"
-              echo "Signing chart at ghcr.io/${{ steps.github-repo-owner-name.outputs.lowercase }}/helm-charts/${CHART_NAME}:${CHART_VERSION}@$GHCR_DIGEST"
-
-              if ! cosign sign -y --upload=true --key env://COSIGN_KEY ghcr.io/${{ steps.github-repo-owner-name.outputs.lowercase }}/helm-charts/${CHART_NAME}:${CHART_VERSION}@$GHCR_DIGEST; then
-                echo "ERROR: Failed to sign chart"
-                exit 1
-              fi
-
-              echo "Successfully released $CHART_NAME-$CHART_VERSION to GHCR"
-            else
-              echo "ERROR: Failed to push $CHART_NAME-$CHART_VERSION to GHCR"
-              cat ${CHART_NAME}-ghcr-output.log
-              exit 1
+              [ -z "$GHCR_DIGEST" ] && echo "ERROR: Failed to extract GHCR digest" && cat ${CHART_NAME}-ghcr-output.log && exit 1
+              cosign sign -y --upload=true --key env://COSIGN_KEY ghcr.io/${{ steps.github-repo-owner-name.outputs.lowercase }}/helm-charts/${CHART_NAME}:${CHART_VERSION}@$GHCR_DIGEST
             fi
 
             cd ${{ github.workspace }}
           done
-          echo "released_charts=$RELEASED_CHARTS" >> "$GITHUB_OUTPUT"
 
-          # Generate job summary
+          echo "released_charts=$RELEASED_CHARTS" >> "$GITHUB_OUTPUT"
           echo "## 📦 Helm Charts Released" >> $GITHUB_STEP_SUMMARY
-          echo "" >> $GITHUB_STEP_SUMMARY
-          echo "Successfully released the following charts:" >> $GITHUB_STEP_SUMMARY
-          echo "" >> $GITHUB_STEP_SUMMARY
           for chart in $RELEASED_CHARTS; do
             echo "- ✅ **$chart**" >> $GITHUB_STEP_SUMMARY
           done
-          echo "" >> $GITHUB_STEP_SUMMARY
           echo "### 📍 Registries" >> $GITHUB_STEP_SUMMARY
           echo "- Primary: \`${{ vars.REGISTRY }}/${{ vars.REPOSITORY }}\`" >> $GITHUB_STEP_SUMMARY
           echo "- GHCR: \`ghcr.io/${{ steps.github-repo-owner-name.outputs.lowercase }}/helm-charts\`" >> $GITHUB_STEP_SUMMARY

charts/clusterpirate/Chart.lock

@@ -4,6 +4,6 @@ dependencies:
   version: 2.0.0
 - name: valkey
   repository: oci://registry-1.docker.io/cloudpirates
-  version: 0.9.2
-digest: sha256:f2091174754807696e0633286f5498061b7816d8084e3161bcbb19d05b455ef6
-generated: "2025-11-04T10:17:14.827792567Z"
+  version: 0.10.0
+digest: sha256:3577965d83abf44b24131494401cae4f1176284373b8a42581317602a77430dc
+generated: "2025-11-12T14:04:15.897660697Z"

charts/clusterpirate/Chart.yaml

@@ -22,7 +22,7 @@ dependencies:
     version: "2.x.x"
     repository: oci://registry-1.docker.io/cloudpirates
   - name: valkey
-    version: "0.9.2"
+    version: "0.10.0"
     repository: oci://registry-1.docker.io/cloudpirates
     condition: valkey.enabled
 icon: https://a.storyblok.com/f/143071/512x512/88dc07809a/cluster-pirate-logo.svg

charts/common/Chart.yaml

@@ -2,8 +2,8 @@ apiVersion: v2
 name: common
 description: A library chart for common templates and helper functions
 type: library
-version: 2.0.0
-appVersion: "2.0.0"
+version: 2.1.0
+appVersion: "2.1.0"
 home: https://www.cloudpirates.io
 sources:
   - https://github.com/CloudPirates-io/helm-charts/tree/main/charts/common
@@ -12,4 +12,10 @@ maintainers:
     email: [email protected]
     url: https://www.cloudpirates.io
 annotations:
-  license: Apache-2.0
+  license: Apache-2.0
+  artifacthub.io/changes: |2
+        - kind: changed
+          description: "rename templates from common.* to cloudpirates.* to prevent collisions (#377)"
+          links:
+            - name: "Commit 07c6560"
+              url: "https://github.com/CloudPirates-io/helm-charts/commit/07c6560"

charts/common/templates/_helpers.tpl

@@ -32,6 +32,13 @@ Useful for multi-namespace deployments in combined charts.
 {{- default .Release.Namespace .Values.namespaceOverride | trunc 63 | trimSuffix "-" }}
 {{- end }}
 
+{{/*
+Create a fully qualified app name adding the installation's namespace.
+*/}}
+{{- define "cloudpirates.fullname.namespace" -}}
+{{- printf "%s-%s" (include "cloudpirates.fullname" .) (include "cloudpirates.namespace" .) | trunc 63 | trimSuffix "-" -}}
+{{- end -}}
+
 {{/*
 Create chart name and version as used by the chart label.
 */}}
@@ -224,6 +231,20 @@ Render a value that contains template perhaps
   {{- end }}
 {{- end -}}
 
+{{/*
+Merge a list of values that contains template after rendering them.
+Merge precedence is consistent with http://masterminds.github.io/sprig/dicts.html#merge-mustmerge
+Usage:
+{{ include "cloudpirates.tplvalues.merge" ( dict "values" (list .Values.path.to.the.Value1 .Values.path.to.the.Value2) "context" $ ) }}
+*/}}
+{{- define "cloudpirates.tplvalues.merge" -}}
+{{- $dst := dict -}}
+{{- range .values -}}
+{{- $dst = include "cloudpirates.tplvalues.render" (dict "value" . "context" $.context "scope" $.scope) | fromYaml | merge $dst -}}
+{{- end -}}
+{{ $dst | toYaml }}
+{{- end -}}
+
 {{/*
 Return the proper Docker Image Registry Secret Names evaluating values as templates
 {{ include "cloudpirates.images.renderPullSecrets" ( dict "images" (list .Values.path.to.the.image1, .Values.path.to.the.image2) "context" $) }}

charts/common/templates/_secrets.tpl

@@ -0,0 +1,25 @@
+{{/*
+Reuses the value from an existing secret, otherwise sets its value to a default value.
+
+Usage:
+{{ include "cloudpirates.secrets.lookup" (dict "secret" "secret-name" "key" "keyName" "defaultValue" .Values.myValue "context" $) }}
+
+Params:
+  - secret - String - Required - Name of the 'Secret' resource where the password is stored.
+  - key - String - Required - Name of the key in the secret.
+  - defaultValue - String - Required - The path to the validating value in the values.yaml, e.g: "mysql.password". Will pick first parameter with a defined value.
+  - context - Context - Required - Parent context.
+
+*/}}
+{{- define "cloudpirates.secrets.lookup" -}}
+{{- $value := "" -}}
+{{- $secretData := (lookup "v1" "Secret" (include "cloudpirates.namespace" .context) .secret).data -}}
+{{- if and $secretData (hasKey $secretData .key) -}}
+  {{- $value = index $secretData .key -}}
+{{- else if .defaultValue -}}
+  {{- $value = .defaultValue | toString | b64enc -}}
+{{- end -}}
+{{- if $value -}}
+{{- printf "%s" $value -}}
+{{- end -}}
+{{- end -}}

charts/etcd/Chart.yaml

@@ -2,7 +2,7 @@ apiVersion: v2
 name: etcd
 description: etcd is a distributed reliable key-value store for the most critical data of a distributed system
 type: application
-version: 0.3.1
+version: 0.3.3
 appVersion: "3.6.5"
 keywords:
   - etcd
@@ -41,7 +41,7 @@ annotations:
       url: https://www.cloudpirates.io
   artifacthub.io/changes: |2
         - kind: changed
-          description: "[etcd, rabbitmq, redis, zookeeper] add signature verification documentation to readme (#476)"
+          description: " [etcd] Use http for probes (#622)"
           links:
-            - name: "Commit 91c7310"
-              url: "https://github.com/CloudPirates-io/helm-charts/commit/91c7310"
+            - name: "Commit c9d2054"
+              url: "https://github.com/CloudPirates-io/helm-charts/commit/c9d2054"