Bitnami/charts
2
0
Fork 0
mirror of https://github.com/bitnami/charts.git synced 2026-02-19 19:47:22 +08:00
Code Issues Packages Projects Releases Wiki Activity
Files
c3fbbbcb7993be86c4900a60bf0761fbe4d9c1af
charts/.github/workflows/cd-pipeline.yml
Fran Mulero c3fbbbcb79 [charts/*] Change path conditions in CD pipeline (#18253) 
Trigger CD pipelines on any chart change. We had defined every single chart in the paths to avoid particular charts but today this condition is not needed.

Signed-off-by: Fran Mulero <fmulero@vmware.com>
2023-08-08 11:46:30 +02:00

213 lines
9.2 KiB
YAML
Raw Blame History

# Copyright VMware, Inc.
# SPDX-License-Identifier: APACHE-2.0
name: '[CI/CD] CD Pipeline'
on: # rebuild any PRs and main branch changes
push:
branches:
- main
paths:
- 'bitnami/**'
- '!**.md'
# Remove all permissions by default.
permissions: {}
env:
CSP_API_URL: https://console.cloud.vmware.com
CSP_API_TOKEN: ${{ secrets.CSP_API_TOKEN }}
VIB_PUBLIC_URL: https://cp.bromelia.vmware.com
jobs:
get-chart:
runs-on: ubuntu-latest
name: 'Get modified charts'
permissions:
contents: read
outputs:
chart: ${{ steps.get-chart.outputs.chart }}
result: ${{ steps.get-chart.outputs.result }}
steps:
- uses: actions/checkout@v3
with:
path: charts
fetch-depth: 2 # to be able to obtain files changed in the latest commit
- id: get-chart
name: 'Get modified charts'
run: |
cd charts
files_changed="$(git show --pretty="" --name-only)"
# Adding || true to avoid "Process exited with code 1" errors
charts_dirs_changed="$(echo "$files_changed" | xargs dirname | grep -o "bitnami/[^/]*" | sort | uniq || true)"
# Using grep -c as a better alternative to wc -l when dealing with empty strings."
num_charts_changed="$(echo "$charts_dirs_changed" | grep -c "bitnami" || true)"
num_version_bumps="$(echo "$files_changed" | grep Chart.yaml | xargs git show | grep -c "+version" || true)"
if [[ "$num_charts_changed" -ne "$num_version_bumps" ]]; then
# Changes done in charts but version not bumped -> ERROR
charts_changed_str="$(echo ${charts_dirs_changed[@]})"
echo "error=Detected changes in charts without version bump in Chart.yaml. Charts changed: ${num_charts_changed} ${charts_changed_str}. Version bumps detected: ${num_version_bumps}" >> $GITHUB_OUTPUT
echo "result=fail" >> $GITHUB_OUTPUT
elif [[ "$num_charts_changed" -eq "1" ]]; then
# Changes done in only one chart -> OK
chart_name=$(echo "$charts_dirs_changed" | sed "s|bitnami/||g")
echo "chart=${chart_name}" >> $GITHUB_OUTPUT
echo "result=ok" >> $GITHUB_OUTPUT
else
# Changes done in more than chart -> FAIL
charts_changed_str="$(echo ${charts_dirs_changed[@]})"
echo "error=Changes detected in more than one chart directory: ${charts_changed_str}. The publish process will be stopped. Please create different commits for each chart." >> $GITHUB_OUTPUT
echo "result=fail" >> $GITHUB_OUTPUT
fi
- id: show-error
name: 'Show error'
if: ${{ steps.get-chart.outputs.result == 'fail' }}
uses: actions/github-script@v6
with:
script: |
core.setFailed('${{ steps.get-chart.outputs.error }}')
vib-publish:
runs-on: ubuntu-latest
needs: get-chart
if: ${{ needs.get-chart.outputs.result == 'ok' }}
name: VIB Publish
permissions:
contents: read
steps:
- uses: actions/checkout@v3
name: Checkout Repository
with:
path: charts
- id: get-asset-vib-config
name: Get asset-specific configuration for VIB action
run: |
config_file="charts/.vib/${{ needs.get-chart.outputs.chart }}/vib-action.config"
# Supported configuration customizations and default values
verification_mode="PARALLEL"
if [[ -f $config_file ]]; then
verification_mode="$(cat $config_file | grep 'verification-mode' | cut -d'=' -f2)"
fi
runtime_parameters_file=""
if [[ -f "charts/.vib/${{ needs.get-chart.outputs.chart }}/runtime-parameters.yaml" ]]; then
# The path is relative to the .vib folder
runtime_parameters_file="${{ needs.get-chart.outputs.chart }}/runtime-parameters.yaml"
fi
echo "verification_mode=${verification_mode}" >> $GITHUB_OUTPUT
echo "runtime_parameters_file=${runtime_parameters_file}" >> $GITHUB_OUTPUT
- uses: vmware-labs/vmware-image-builder-action@v0
name: Verify and publish ${{ needs.get-chart.outputs.chart }}
with:
pipeline: ${{ needs.get-chart.outputs.chart }}/vib-publish.json
config: charts/.vib/
verification-mode: ${{ steps.get-asset-vib-config.outputs.verification_mode }}
runtime-parameters-file: ${{ steps.get-asset-vib-config.outputs.runtime_parameters_file }}
env:
VIB_ENV_TARGET_PLATFORM: ${{ secrets.VIB_ENV_TARGET_PLATFORM }}
VIB_ENV_ALTERNATIVE_TARGET_PLATFORM: ${{ secrets.VIB_ENV_ALTERNATIVE_TARGET_PLATFORM }}
VIB_ENV_S3_URL: s3://${{ secrets.AWS_S3_BUCKET }}/bitnami
VIB_ENV_S3_ACCESS_KEY_ID: ${{ secrets.AWS_ACCESS_KEY_ID }}
VIB_ENV_S3_SECRET_ACCESS_KEY: ${{ secrets.AWS_SECRET_ACCESS_KEY }}
update-index:
runs-on: ubuntu-latest
needs:
- vib-publish
name: Update charts index
steps:
- uses: actions/download-artifact@v3
with:
path: ~/artifacts
# If we perform a checkout of the main branch, we will find conflicts with the submodules
- uses: actions/checkout@v3
with:
ref: 'index'
path: index
# The token is persisted in the local git config and enables scripts to run authenticated git commands.
token: ${{ secrets.BITNAMI_BOT_TOKEN }}
- name: Install and configure aws-cli and helm
run: |
# AWS CLI
export DEBIAN_FRONTEND=noninteractive
sudo apt-get update && sudo apt-get install -y awscli
aws configure set region us-east-1
aws configure set aws_access_key_id ${{ secrets.AWS_ACCESS_KEY_ID }}
aws configure set aws_secret_access_key ${{ secrets.AWS_SECRET_ACCESS_KEY }}
aws configure set source_profile default
# helm
HELM_TARBALL="helm-v3.8.1-linux-amd64.tar.gz"
curl -SsLfO "https://get.helm.sh/${HELM_TARBALL}" && sudo tar xf "$HELM_TARBALL" --strip-components 1 -C /usr/local/bin
- id: update-index
name: Fetch chart and update index
run: |
# Extract chart release metadata from the publish report file
vib_publish_report_file=$(find ~/artifacts -name "report.json" -print -quit)
chart_name=$(jq -re '.actions|map(select(.action_id == "helm-publish"))[0] | .application.name' $vib_publish_report_file)
chart_version=$(jq -re '.actions|map(select(.action_id == "helm-publish"))[0] | .application.version' $vib_publish_report_file)
# Download published asset
mkdir download
aws s3 cp s3://${{ secrets.AWS_S3_BUCKET }}/bitnami/${chart_name}-${chart_version}.tgz download/
cd index
git config user.name "Bitnami Containers"
git config user.email "bitnami-bot@vmware.com"
attempts=0
max_attempts=5
is_index_updated=0
while [[ $attempts -lt $max_attempts && $is_index_updated -eq 0 ]]; do
attempts=$((attempts + 1))
git fetch origin index
git reset --hard origin/index
# Rebuild index
helm repo index --url https://charts.bitnami.com/bitnami --merge bitnami/index.yaml ../download
cp ../download/index.yaml bitnami/index.yaml
# Push changes
git add bitnami/index.yaml && git commit -m "${chart_name}-${chart_version}: Update index.yaml" -s
git push && is_index_updated=1 || echo "Failed to push during attempt $attempts"
done
if [[ $is_index_updated -ne 1 ]]; then
echo "Could not update the index after $max_attempts attempts"
exit 1
fi
# If the CD Pipeline does not succeed we should notify the interested agents
slack-notif:
runs-on: ubuntu-latest
needs:
- vib-publish
- update-index
if: always()
name: Notify unsuccessful CD run
steps:
- name: Notify in Slack channel
if: ${{ needs.vib-publish.result != 'success' || needs.update-index.result != 'success' }}
uses: slackapi/slack-github-action@v1.23.0
with:
channel-id: ${{ secrets.CD_SLACK_CHANNEL_ID }}
payload: |
{
"attachments": [
{
"color": "#CC0000",
"fallback": "Unsuccessful bitnami/charts CD pipeline",
"blocks": [
{
"type": "section",
"text": {
"type": "mrkdwn",
"text": "*Unsuccessful `bitnami/charts` CD pipeline*"
}
},
{
"type": "section",
"text": {
"type": "mrkdwn",
"text": "The CD pipeline for <${{ github.event.head_commit.url }}|bitnami/charts@${{ github.event.head_commit.id }}> did not succeed. Check the related <${{ github.server_url }}/${{ github.repository }}/actions/runs/${{ github.run_id }}|action run> for more information."
}
}
]
}
]
}
env:
SLACK_BOT_TOKEN: ${{ secrets.CD_SLACK_BOT_TOKEN }}
Reference in New Issue View Git Blame Copy Permalink