ParadeDB Publish Chart #78
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
# workflows/paradedb-publish-chart.yml | |
# | |
# ParadeDB Publish Chart | |
# Publish the ParadeDB Helm chart to paradedb.github.io via GitHub Pages. This workflow also | |
# triggers the creation of a GitHub Release. It only runs on pushes to `main` or when we trigger | |
# a workflow_dispatch event, either manually or via creating a release in `paradedb/paradedb`. | |
name: ParadeDB Publish Chart | |
on: | |
push: | |
branches: | |
- main | |
workflow_dispatch: | |
inputs: | |
appVersion: | |
description: "The ParadeDB version to publish in the Helm Chart (e.g. 0.1.0)" | |
required: true | |
default: "" | |
concurrency: | |
group: paradedb-publish-chart-${{ github.head_ref || github.ref }} | |
cancel-in-progress: true | |
jobs: | |
paradedb-publish-chart: | |
name: Publish ParadeDB Helm Charts to GitHub Pages | |
runs-on: ubuntu-latest | |
permissions: | |
contents: write | |
steps: | |
- name: Checkout | |
uses: actions/checkout@v4 | |
- name: Configure Git | |
run: | | |
git config user.name "$GITHUB_ACTOR" | |
git config user.email "[email protected]" | |
- name: Set Helm Chart Release Versions | |
id: set_versions | |
working-directory: charts/paradedb/ | |
env: | |
GH_TOKEN: ${{ secrets.GHA_CREATE_RELEASE_PAT }} | |
run: | | |
# If no appVersion is provided, we use the latest ParadeDB version | |
if [ -z "${{ github.event.inputs.appVersion }}" ]; then | |
LATEST_TAG=$(curl -s https://api.github.com/repos/paradedb/paradedb/tags | jq -r '.[0].name') | |
APP_VERSION=${LATEST_TAG#v} | |
else | |
APP_VERSION=${{ github.event.inputs.appVersion }} | |
fi | |
# Update appVersion to the GitHub Release version and version to the Helm Chart version | |
sed -i "s/^[[:space:]]*paradedb: .*/ paradedb: \"$APP_VERSION\"/" values.yaml | |
sed -i "s/^version: .*/version: ${{ vars.CHART_VERSION_MAJOR }}.${{ vars.CHART_VERSION_MINOR }}.${{ vars.CHART_VERSION_PATCH }}/" Chart.yaml | |
echo "values.yaml:" | |
cat values.yaml | |
echo "----------------------------------------" | |
echo "Chart.yaml:" | |
cat Chart.yaml | |
# Set output to update post-release, increasing the Helm Chart version patch number by one to update in GitHub Actions Variables | |
echo "new_chart_version_patch=$(( ${{ vars.CHART_VERSION_PATCH }} + 1 ))" >> $GITHUB_OUTPUT | |
# The GitHub repository secret `PARADEDB_PGP_PRIVATE_KEY` contains the private key | |
# in ASCII-armored format. To export a (new) key, run this command: | |
# `gpg --armor --export-secret-key <my key>` | |
- name: Prepare ParadeDB PGP Key | |
env: | |
PGP_PRIVATE_KEY: "${{ secrets.PARADEDB_PGP_PRIVATE_KEY }}" | |
PGP_PASSPHRASE: "${{ secrets.PARADEDB_PGP_PASSPHRASE }}" | |
run: | | |
IFS="" | |
echo "$PGP_PRIVATE_KEY" | gpg --dearmor --verbose > /tmp/secring.gpg | |
echo "$PGP_PASSPHRASE" > /tmp/passphrase.txt | |
# Tell chart-releaser-action where to find the key and its passphrase | |
echo "CR_KEYRING=/tmp/secring.gpg" >> "$GITHUB_ENV" | |
echo "CR_PASSPHRASE_FILE=/tmp/passphrase.txt" >> "$GITHUB_ENV" | |
- name: Add Grafana Chart Dependencies | |
run: helm repo add cnpg-grafana-dashboard https://cloudnative-pg.github.io/grafana-dashboards | |
- name: Run chart-releaser | |
uses: helm/[email protected] | |
with: | |
config: "./.github/config/cr.yaml" | |
env: | |
CR_TOKEN: "${{ secrets.GHA_CREATE_RELEASE_PAT }}" | |
# We have a separate version for our Helm Chart, since it needs to always increment by | |
# one for every production release, independently of the ParadeDB version. Any non-patch | |
# version increment should be done manually in GitHub Actions Variables. | |
- name: Increment Helm Chart Version Number in GitHub Actions Variables | |
env: | |
GH_TOKEN: ${{ secrets.GHA_CREATE_RELEASE_PAT }} | |
run: | | |
gh api \ | |
--method PATCH \ | |
-H "Accept: application/vnd.github+json" \ | |
-H "X-GitHub-Api-Version: 2022-11-28" \ | |
/repos/paradedb/charts/actions/variables/CHART_VERSION_PATCH \ | |
-f name='CHART_VERSION_PATCH' \ | |
-f value='${{ steps.set_versions.outputs.new_chart_version_patch }}' | |
- name: Securely Delete the PGP Key and Passphrase | |
if: always() | |
run: shred --remove=wipesync /tmp/secring.gpg /tmp/passphrase.txt |