From 377a67912d0ef0f66717a1d0407b0de793c2d1f4 Mon Sep 17 00:00:00 2001
From: Krisztian Litkey <krisztian.litkey@intel.com>
Date: Wed, 14 Feb 2024 14:27:40 +0200
Subject: [PATCH] .github: package and publish unstable Helm charts.

Package and push unstable Helm charts to a dedicated branch
(unstable-helm-charts) whenever the main branch is updated.
Update the Helm repo index at the same time.

Signed-off-by: Krisztian Litkey <krisztian.litkey@intel.com>
---
 .github/workflows/package-helm.yaml        | 76 +++++++++++++++++++++-
 .github/workflows/publish-helm-charts.yaml |  2 +-
 scripts/build/helm-publisher.sh            | 61 ++++++++++++-----
 3 files changed, 118 insertions(+), 21 deletions(-)

diff --git a/.github/workflows/package-helm.yaml b/.github/workflows/package-helm.yaml
index 524cfca6f..24b3d88d9 100644
--- a/.github/workflows/package-helm.yaml
+++ b/.github/workflows/package-helm.yaml
@@ -4,12 +4,17 @@ on:
   push:
     tags:
       - "v*.*.*"
+    branches:
+      - main
 
 env:
   CHARTS_DIR: deployment/helm/
+  IS_RELEASE: ${{ startsWith(github.ref, 'refs/tags/v') && 'true' || 'false' }}
+  UNSTABLE_CHARTS: unstable-helm-charts
 
 jobs:
   release:
+    if: ${{ github.env.IS_RELEASE == 'true' }}
     permissions:
       contents: write
     runs-on: ubuntu-latest
@@ -20,7 +25,7 @@ jobs:
       - name: Install Helm
         uses: azure/setup-helm@v4.0.0
 
-      - name: Package Helm charts
+      - name: Package Release Helm Charts
         run: |
           find "$CHARTS_DIR" -name values.yaml | xargs -I '{}' \
               sed -e s"/pullPolicy:.*/pullPolicy: IfNotPresent/" -i '{}'
@@ -30,10 +35,77 @@ jobs:
             mv $SRC_FILE $DEST_FILE
           done
 
-      - name: Upload Helm packages to GitHub releases
+      - name: Upload Release Helm Chart Packages to GitHub Release
         uses: softprops/action-gh-release@v1
         with:
           name: ${{ github.ref_name }}
           draft: true
           append_body: true
           files: nri-*helm-chart*.tgz
+
+  unstable:
+    concurrency:
+      group: gh-pages
+      cancel-in-progress: false
+    if: ${{ github.env.IS_RELEASE != 'true' }}
+    permissions:
+      contents: write
+    runs-on: ubuntu-latest
+    steps:
+      - name: Deep Checkout
+        uses: actions/checkout@v4
+        with:
+          fetch-depth: 0
+
+      - name: Install Helm
+        uses: azure/setup-helm@v4.0.0
+
+      - name: Package Unstable Helm Charts
+        run: |
+          # Derive unstable chart version: use latest tag +1 patch + -unstable
+          # Image tag is 'unstable'.
+          majminpatch="$(git describe | sed -E 's/(v[0-9]*\.[0-9]*\.[0-9]*).*$/\1/')"
+          majmin=${majminpatch%.*}
+          patch=${majminpatch##*.}
+          CHART_VERSION="${majmin}.$((patch+1))-unstable"
+          APP_VERSION=unstable
+          # Package charts
+          find "$CHARTS_DIR" -name values.yaml | xargs -I '{}' \
+              sed -e s"/pullPolicy:.*/pullPolicy: IfNotPresent/" -i '{}'
+          helm package --version "$CHART_VERSION" --app-version $APP_VERSION "$CHARTS_DIR"/*
+          find "$CHARTS_DIR" -name values.yaml | xargs -I '{}' \
+              git checkout '{}'
+          # Create empty worktree, and populate it with unstable charts.
+          git worktree add --orphan ../$UNSTABLE_CHARTS
+          find . -name '*.tgz' -print | while read SRC_FILE; do
+            DEST_FILE=$(echo $SRC_FILE | sed 's/v/helm-chart-v/g')
+            mv -v $SRC_FILE ../$UNSTABLE_CHARTS/$DEST_FILE
+          done
+          # Commit unstable charts to empty worktree.
+          pushd ../$UNSTABLE_CHARTS
+          git config user.name "Github Actions"
+          git config user.email "no-reply@github.com"
+          git add *helm-chart*.tgz
+          git commit -s -m "$UNSTABLE_CHARTS: package $CHART_VERSION."
+
+      - name: Push Unstable Helm Charts
+        shell: bash
+        env:
+          GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
+        run: |
+          # We only publish unstable Helm charts from main. Therefore cleaning up any
+          # old unstable chart instances happens by forcibly overwriting the dedicated
+          # branch with the new content.
+          git push --force https://${GITHUB_ACTOR}:${GITHUB_TOKEN}@github.com/${GITHUB_REPOSITORY}.git refs/heads/$UNSTABLE_CHARTS
+          git worktree remove --force ../$UNSTABLE_CHARTS
+
+      - name: Update Helm Repo Index
+        run: ./scripts/build/helm-publisher.sh --unstable
+        shell: bash
+
+      - name: Push Updated Helm Repo Index
+        run: |
+          git push https://${GITHUB_ACTOR}:${GITHUB_TOKEN}@github.com/${GITHUB_REPOSITORY}.git gh-pages
+        env:
+          GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
+        shell: bash
diff --git a/.github/workflows/publish-helm-charts.yaml b/.github/workflows/publish-helm-charts.yaml
index e2cf1334f..f78cf5c1c 100644
--- a/.github/workflows/publish-helm-charts.yaml
+++ b/.github/workflows/publish-helm-charts.yaml
@@ -1,4 +1,4 @@
-name: Publish Helm charts
+name: Publish Release Helm Charts
 
 on:
   release:
diff --git a/scripts/build/helm-publisher.sh b/scripts/build/helm-publisher.sh
index a3bc3f5e9..ea7ccb6bb 100755
--- a/scripts/build/helm-publisher.sh
+++ b/scripts/build/helm-publisher.sh
@@ -3,31 +3,56 @@ set -e
 
 index_file="index.yaml"
 browser_download_url="$@"
+updates=false
 
 git checkout gh-pages
 
-# Verify if the release assets include Helm chart packages. If they do,
-# we can proceed with updating the index.yaml file, otherwise throw an error.
-charts_urls=$(echo "$browser_download_url" | grep '.*helm-chart-.*.tgz')
-
 # Check if Helm release assets were found
-if [ -n "$charts_urls" ]; then
-    # Loop through the URLs
-    for chart in $charts_urls; do
-        # Check if the URL path exists in index.yaml
-        # and if not, update the index.yaml accordingly
-        if ! grep -q "$chart" "$index_file"; then
-            wget "$chart"
-            base_url=$(dirname "$chart")
-            if ! helm repo index . --url "$base_url" --merge "$index_file"; then
-                echo "Failed to update "$index_file" for: $base_url"
+if [ "$@" != "--unstable" ]; then
+    # Verify if the release assets include Helm chart packages. If they do,
+    # we can proceed with updating the index.yaml file, otherwise throw an error.
+    charts_urls=$(echo "$browser_download_url" | grep '.*helm-chart-.*.tgz')
+
+    if [ -n "$charts_urls" ]; then
+        # Loop through the URLs
+        for chart in $charts_urls; do
+            # Check if the URL path exists in index.yaml
+            # and if not, update the index.yaml accordingly
+            if ! grep -q "$chart" "$index_file"; then
+                wget "$chart"
+                base_url=$(dirname "$chart")
+                if ! helm repo index . --url "$base_url" --merge "$index_file"; then
+                    echo "Failed to update "$index_file" for: $base_url"
+                fi
+                rm *chart*.tgz
+                updates=true
             fi
-            rm *chart*.tgz
+        done
+    else
+       echo "Neither Helm packages were found, nor unstable release was specified."
+       exit 1
+    fi
+else
+    UNSTABLE_CHARTS=unstable-helm-charts
+    git worktree add ../$UNSTABLE_CHARTS origin/$UNSTABLE_CHARTS
+    for chart in ../$UNSTABLE_CHARTS/*-unstable.tgz; do
+        if [ ! -e "$chart" ]; then
+            continue
+        fi
+        chart="${chart##*/}"
+        cp ../$UNSTABLE_CHARTS/$chart .
+        base_url=https://github.com/${GITHUB_REPOSITORY}/raw/unstable-helm-charts/
+        if ! helm repo index . --url "$base_url" --merge "$index_file"; then
+            echo "Failed to update "$index_file" for: $base_url"
         fi
+        rm $chart
+        updates=true
     done
-else
-    echo "No Helm packages were found on this release"
-    exit 1
+fi
+
+if [ "$updates" != "true" ]; then
+    echo "No changes to commit to gh-pages..."
+    exit 0
 fi
 
 # Create a new commit