forked from cloudnative-pg/charts
-
-
Notifications
You must be signed in to change notification settings - Fork 2
109 lines (95 loc) · 4.42 KB
/
paradedb-publish-chart.yml
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
# workflows/paradedb-publish-chart.yml
#
# ParadeDB Publish Chart
# Publish the ParadeDB Helm chart to paradedb.github.io via GitHub Pages. This workflow also
# triggers the creation of a GitHub Release. It only runs on pushes to `main` or when we trigger
# a workflow_dispatch event, either manually or via creating a release in `paradedb/paradedb`.
name: ParadeDB Publish Chart
on:
push:
branches:
- main
workflow_dispatch:
inputs:
appVersion:
description: "The ParadeDB version to publish in the Helm Chart (e.g. 0.1.0)"
required: true
default: ""
concurrency:
group: paradedb-publish-chart-${{ github.head_ref || github.ref }}
cancel-in-progress: true
jobs:
paradedb-publish-chart:
name: Publish ParadeDB Helm Charts to GitHub Pages
runs-on: ubuntu-latest
permissions:
contents: write
steps:
- name: Checkout
uses: actions/checkout@v4
- name: Configure Git
run: |
git config user.name "$GITHUB_ACTOR"
git config user.email "[email protected]"
- name: Set Helm Chart Release Versions
id: set_versions
working-directory: charts/paradedb-cluster/
env:
GH_TOKEN: ${{ secrets.GHA_CREATE_RELEASE_PAT }}
run: |
# If no appVersion is provided, we use the latest ParadeDB version
if [ -z "${{ github.event.inputs.appVersion }}" ]; then
LATEST_TAG=$(curl -s https://api.github.com/repos/paradedb/paradedb/tags | jq -r '.[0].name')
APP_VERSION=${LATEST_TAG#v}
else
APP_VERSION=${{ github.event.inputs.appVersion }}
fi
# Update appVersion to the GitHub Release version and version to the Helm Chart version
sed -i "s/^[[:space:]]*paradedb: .*/ paradedb: \"$APP_VERSION\"/" values.yaml
sed -i "s/^version: .*/version: ${{ vars.CHART_VERSION_MAJOR }}.${{ vars.CHART_VERSION_MINOR }}.${{ vars.CHART_VERSION_PATCH }}/" Chart.yaml
echo "values.yaml:"
cat values.yaml
echo "----------------------------------------"
echo "Chart.yaml:"
cat Chart.yaml
# Set output to update post-release, increasing the Helm Chart version patch number by one to update in GitHub Actions Variables
echo "new_chart_version_patch=$(( ${{ vars.CHART_VERSION_PATCH }} + 1 ))" >> $GITHUB_OUTPUT
# The GitHub repository secret `PARADEDB_PGP_PRIVATE_KEY` contains the private key
# in ASCII-armored format. To export a (new) key, run this command:
# `gpg --armor --export-secret-key <my key>`
- name: Prepare ParadeDB PGP Key
env:
PGP_PRIVATE_KEY: "${{ secrets.PARADEDB_PGP_PRIVATE_KEY }}"
PGP_PASSPHRASE: "${{ secrets.PARADEDB_PGP_PASSPHRASE }}"
run: |
IFS=""
echo "$PGP_PRIVATE_KEY" | gpg --dearmor --verbose > /tmp/secring.gpg
echo "$PGP_PASSPHRASE" > /tmp/passphrase.txt
# Tell chart-releaser-action where to find the key and its passphrase
echo "CR_KEYRING=/tmp/secring.gpg" >> "$GITHUB_ENV"
echo "CR_PASSPHRASE_FILE=/tmp/passphrase.txt" >> "$GITHUB_ENV"
- name: Add Grafana Chart Dependencies
run: helm repo add cnpg-grafana-dashboard https://cloudnative-pg.github.io/grafana-dashboards
- name: Run chart-releaser
uses: helm/[email protected]
with:
config: "./.github/config/cr.yaml"
env:
CR_TOKEN: "${{ secrets.GHA_CREATE_RELEASE_PAT }}"
# We have a separate version for our Helm Chart, since it needs to always increment by
# one for every production release, independently of the ParadeDB version. Any non-patch
# version increment should be done manually in GitHub Actions Variables.
- name: Increment Helm Chart Version Number in GitHub Actions Variables
env:
GH_TOKEN: ${{ secrets.GHA_CREATE_RELEASE_PAT }}
run: |
gh api \
--method PATCH \
-H "Accept: application/vnd.github+json" \
-H "X-GitHub-Api-Version: 2022-11-28" \
/repos/paradedb/charts/actions/variables/CHART_VERSION_PATCH \
-f name='CHART_VERSION_PATCH' \
-f value='${{ steps.set_versions.outputs.new_chart_version_patch }}'
- name: Securely Delete the PGP Key and Passphrase
if: always()
run: shred --remove=wipesync /tmp/secring.gpg /tmp/passphrase.txt