docs(firezone): add dns only image (#14350) #20
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
name: "Charts: Release" | |
concurrency: helm-release | |
on: | |
workflow_dispatch: | |
push: | |
branches: | |
- master | |
paths: | |
- "charts/**" | |
jobs: | |
release-helm: | |
runs-on: ubuntu-latest | |
container: | |
image: ghcr.io/truecharts/devcontainer:3.1.10@sha256:c239addf725eb5cedf79517f8089fdafdc32b5270d1893ee87ae6e511b9bcae3 | |
steps: | |
- name: Checkout | |
uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 # v4 | |
with: | |
token: ${{ secrets.BOT_TOKEN }} | |
fetch-depth: 1 | |
- name: Checkout Helm-Staging | |
uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 # v4 | |
with: | |
fetch-depth: 1 | |
repository: truecharts/helm-staging | |
token: ${{ secrets.BOT_TOKEN }} | |
path: helm | |
- name: Fix Pre-Commit issues | |
shell: bash | |
run: | | |
echo "Running pre-commit test-and-cleanup..." | |
pre-commit run --all ||: | |
# Fix sh files to always be executable | |
find . -name '*.sh' | xargs chmod +x | |
- name: Commit Helm Changes | |
run: | | |
rm -rf helm/charts | |
mkdir helm/charts | |
cp -rf charts helm | |
- name: Commit Helm Changes | |
run: | | |
cd helm | |
git config user.name "TrueCharts-Bot" | |
git config user.email "[email protected]" | |
git add --all | |
git commit -sm "Commit released Helm Charts for TrueCharts" || exit 0 | |
git push | |
cd - | |
release-scale: | |
runs-on: ubuntu-latest | |
outputs: | |
ref: ${{ steps.save-commit-hash.outputs.commit_hash }} | |
container: | |
image: ghcr.io/truecharts/devcontainer:3.1.10@sha256:c239addf725eb5cedf79517f8089fdafdc32b5270d1893ee87ae6e511b9bcae3 | |
steps: | |
- name: Install Kubernetes tools | |
uses: yokawasa/action-setup-kube-tools@af4ebb1af1efd30c5bd84a2e9773355ad6362a33 # v0.9.3 | |
with: | |
setup-tools: | | |
helmv3 | |
helm: "3.8.0" | |
- name: Prep Helm | |
run: | | |
helm repo add truecharts https://charts.truecharts.org | |
helm repo add truecharts-library https://library-charts.truecharts.org | |
helm repo add truecharts-deps https://deps.truecharts.org | |
helm repo add jetstack https://charts.jetstack.io | |
helm repo update | |
# Optional step if GPG signing is used | |
- name: Prepare GPG key | |
shell: bash | |
run: | | |
gpg_dir=.cr-gpg | |
mkdir -p "$gpg_dir" | |
keyring="$gpg_dir/secring.gpg" | |
base64 -d <<< "$GPG_KEYRING_BASE64" > "$keyring" | |
passphrase_file="$gpg_dir/passphrase" | |
echo "$GPG_PASSPHRASE" > "$passphrase_file" | |
echo "CR_PASSPHRASE_FILE=$passphrase_file" >> "$GITHUB_ENV" | |
echo "CR_KEYRING=$keyring" >> "$GITHUB_ENV" | |
env: | |
GPG_KEYRING_BASE64: "${{ secrets.GPG_KEYRING_BASE64 }}" | |
GPG_PASSPHRASE: "${{ secrets.GPG_PASSPHRASE }}" | |
- name: Checkout | |
uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 # v4 | |
with: | |
token: ${{ secrets.BOT_TOKEN }} | |
fetch-depth: 0 | |
- name: Setting repo parent dir as safe safe.directory | |
run: git config --global --add safe.directory "$GITHUB_WORKSPACE" | |
- name: Collect changes | |
id: collect-changes | |
uses: ./.github/actions/collect-changes | |
- name: Generate Changelog | |
shell: bash | |
if: | | |
steps.collect-changes.outputs.changesDetectedAfterTag == 'true' | |
run: | | |
CHARTS=(${{ steps.collect-changes.outputs.modifiedChartsAfterTag }}) | |
parthreads=$(($(nproc) * 2)) | |
parallel -j ${parthreads} .github/scripts/changelog.sh '2>&1' ::: ${CHARTS[@]} | |
- name: Fix Pre-Commit issues | |
shell: bash | |
if: | | |
steps.collect-changes.outputs.changesDetectedAfterTag == 'true' | |
run: | | |
echo "Running pre-commit test-and-cleanup..." | |
pre-commit run --all ||: | |
# Fix sh files to always be executable | |
find . -name '*.sh' | xargs chmod +x | |
- name: Checkout | |
uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 # v4 | |
if: | | |
steps.collect-changes.outputs.changesDetectedAfterTag == 'true' | |
with: | |
fetch-depth: 1 | |
repository: truecharts/website | |
token: ${{ secrets.BOT_TOKEN }} | |
path: website | |
- name: Copy docs to website | |
if: | | |
steps.collect-changes.outputs.changesDetectedAfterTag == 'true' | |
shell: bash | |
run: | | |
#!/bin/bash | |
CHARTS=(${{ steps.collect-changes.outputs.modifiedChartsAfterTag }}) | |
echo "Removing Chart Docs prior to regeneration..." | |
mkdir -p website/static/img/hotlink-ok/chart-icons || echo "chart-icons path already exists, continuing..." | |
for i in "${CHARTS[@]}" | |
do | |
IFS='/' read -r -a chart_parts <<< "$i" | |
if [ -f "charts/${chart_parts[0]}"/"${chart_parts[1]}/Chart.yaml" ]; then | |
train=${chart_parts[0]} | |
chart=${chart_parts[1]} | |
echo "copying docs to website for ${chart}" | |
mkdir -p website/docs/charts/${train}/${chart} || echo "chart path already exists, continuing..." | |
mkdir -p tmp/website/docs/charts/${train}/${chart}/ || echo "chart path already exists, continuing..." | |
if [[ -f "website/docs/charts/${train}/${chart}/CHANGELOG.md" ]]; then | |
echo "changelog found..." | |
true | |
else | |
echo "changelog not found, starting with empty changelog..." | |
touch "website/docs/charts/${train}/${chart}/CHANGELOG.md" | |
fi | |
if [[ -f "website/docs/charts/${train}/${chart}/helm-security.md" ]]; then | |
echo "helm-security found..." | |
true | |
else | |
echo "helm-security not found, starting with empty helm-security..." | |
touch "website/docs/charts/${train}/${chart}/helm-security.md" | |
echo "# Helm Security" >> website/docs/charts/${train}/${chart}/helm-security.md | |
fi | |
if [[ -f "website/docs/charts/${train}/${chart}/container-security.md" ]]; then | |
echo "container-security found..." | |
true | |
else | |
echo "container-security not found, starting with empty container-security..." | |
touch "website/docs/charts/${train}/${chart}/container-security.md" | |
echo "# Helm Security" >> website/docs/charts/${train}/${chart}/container-security.md | |
fi | |
# keep some docs safe | |
mv -f website/docs/charts/${train}/${chart}/CHANGELOG.md tmp/website/docs/charts/${train}/${chart}/CHANGELOG.md || : | |
mv -f website/docs/charts/${train}/${chart}/helm-security.md tmp/website/docs/charts/${train}/${chart}/helm-security.md || : | |
mv -f website/docs/charts/${train}/${chart}/container-security.md tmp/website/docs/charts/${train}/${chart}/container-security.md || : | |
# remove old docs everywhere and recreate based on charts repo | |
rm -rf website/docs/charts/*/${chart} || : | |
mkdir -p website/docs/charts/${train}/${chart} || echo "chart path already exists, continuing..." | |
yes | cp -rf charts/${train}/${chart}/docs/* website/docs/charts/${train}/${chart}/ 2>/dev/null || : | |
yes | cp -rf charts/${train}/${chart}/icon.png website/static/img/hotlink-ok/chart-icons/${chart}.png 2>/dev/null || : | |
yes | cp -rf charts/${train}/${chart}/screenshots/* website/static/img/hotlink-ok/chart-screenshots/${chart}/ 2>/dev/null || : | |
# Copy over kept documents | |
mv -f tmp/website/docs/charts/${train}/${chart}/CHANGELOG.md website/docs/charts/${train}/${chart}/CHANGELOG.md 2>/dev/null || : | |
mv -f tmp/website/docs/charts/${train}/${chart}/helm-security.md website/docs/charts/${train}/${chart}/helm-security.md 2>/dev/null || : | |
mv -f tmp/website/docs/charts/${train}/${chart}/container-security.md website/docs/charts/${train}/${chart}/container-security.md 2>/dev/null || : | |
# Append SCALE changelog to actual changelog | |
sed -i '1d' "website/docs/charts/${train}/${chart}/CHANGELOG.md" || echo "failed to sed 1d changelog..." | |
cat "charts/${train}/${chart}/app-changelog.md" | cat - "website/docs/charts/${train}/${chart}/CHANGELOG.md" > temp && mv temp "website/docs/charts/${train}/${chart}/CHANGELOG.md" | |
sed -i '1s/^/# Changelog\n\n/' "website/docs/charts/${train}/${chart}/CHANGELOG.md" || echo "failed to add changelog header..." | |
touch website/docs/charts/${train}/${chart}/index.md | |
echo "# ${chart}" >> website/docs/charts/${train}/${chart}/index.md | |
echo "" >> website/docs/charts/${train}/${chart}/index.md | |
version=$(cat charts/${train}/${chart}/Chart.yaml | grep "^version: " | awk -F" " '{ print $2 }') | |
appversion=$(cat charts/${train}/${chart}/Chart.yaml | grep "^appVersion: " | awk -F" " '{ print $2 }') | |
echo '![Version: '"${version}"'](https://img.shields.io/badge/Version-'"${version}"'-informational?style=flat-square) ![Type: application](https://img.shields.io/badge/Type-application-informational?style=flat-square) ![AppVersion: '"${appversion}"'](https://img.shields.io/badge/AppVersion-'"${appversion}"'-informational?style=flat-square)' >> website/docs/charts/${train}/${chart}/index.md | |
echo "" >> website/docs/charts/${train}/${chart}/index.md | |
cat charts/${train}/${chart}/Chart.yaml | yq .description -r >> website/docs/charts/${train}/${chart}/index.md | |
echo "" >> website/docs/charts/${train}/${chart}/index.md | |
echo "## Chart Sources" >> website/docs/charts/${train}/${chart}/index.md | |
echo "" >> website/docs/charts/${train}/${chart}/index.md | |
cat charts/${train}/${chart}/Chart.yaml | go-yq .sources -r >> website/docs/charts/${train}/${chart}/index.md | |
echo "" >> website/docs/charts/${train}/${chart}/index.md | |
echo "## Available Documentation" >> website/docs/charts/${train}/${chart}/index.md | |
echo "" >> website/docs/charts/${train}/${chart}/index.md | |
# Iterate over all files in the docs directory | |
for file in website/docs/charts/${train}/${chart}/*.md; do | |
# Extract the file name and first line from each file | |
filename=$(basename "${file}") | |
title=$(head -n 1 "${file}" | sed 's/# //') | |
# Create a markdown link using the file name and title | |
link="[**${title}**](${filename%.md})" | |
if [ ${filename} != "index.md" ]; then | |
# Append the link to the index.md file | |
echo "- ${link}" >> website/docs/charts/${train}/${chart}/index.md | |
echo "" >> website/docs/charts/${train}/${chart}/index.md | |
fi | |
done | |
rm -rf temp || : | |
fi | |
done | |
- name: Commit Website Changes | |
if: | | |
steps.collect-changes.outputs.changesDetected == 'true' | |
run: | | |
cd website | |
git config user.name "TrueCharts-Bot" | |
git config user.email "[email protected]" | |
git add --all | |
git commit -sm "Commit released docs for TrueCharts" || exit 0 | |
git push | |
- name: Checkout Catalog | |
uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 # v4 | |
if: | | |
steps.collect-changes.outputs.changesDetectedAfterTag == 'true' | |
with: | |
fetch-depth: 1 | |
repository: truecharts/catalog | |
token: ${{ secrets.BOT_TOKEN }} | |
ref: staging | |
path: catalog | |
- name: build catalog | |
shell: bash | |
if: | | |
steps.collect-changes.outputs.changesDetectedAfterTag == 'true' | |
run: | | |
CHARTS=(${{ steps.collect-changes.outputs.modifiedChartsAfterTag }}) | |
charts_path="charts" | |
for changed in ${CHARTS[@]}; do | |
.github/scripts/fetch_helm_deps.sh "${changed}" | |
done | |
pip install yq | |
parthreads=$(($(nproc) * 2)) | |
parallel -j ${parthreads} .github/scripts/build-catalog.sh '2>&1' ::: ${CHARTS[@]} | |
rm -rf website | |
- name: Commit Catalog | |
if: | | |
steps.collect-changes.outputs.changesDetected == 'true' | |
run: | | |
cd catalog | |
git config user.name "TrueCharts-Bot" | |
git config user.email "[email protected]" | |
git add --all | |
git commit -sm "Commit new Chart releases for TrueCharts" || exit 0 | |
git push | |
cd - | |
rm -rf catalog | |
- name: set git author | |
if: | | |
steps.collect-changes.outputs.changesDetectedAfterTag == 'true' | |
shell: bash | |
run: | | |
git config user.name "TrueCharts-Bot" | |
git config user.email "[email protected]" | |
# Optional step if GPG signing is used | |
- name: Prepare GPG key | |
shell: bash | |
run: | | |
gpg_dir=.cr-gpg | |
mkdir -p "$gpg_dir" | |
keyring="$gpg_dir/secring.gpg" | |
base64 -d <<< "$GPG_KEYRING_BASE64" > "$keyring" | |
passphrase_file="$gpg_dir/passphrase" | |
echo "$GPG_PASSPHRASE" > "$passphrase_file" | |
echo "CR_PASSPHRASE_FILE=$passphrase_file" >> "$GITHUB_ENV" | |
echo "CR_KEYRING=$keyring" >> "$GITHUB_ENV" | |
env: | |
GPG_KEYRING_BASE64: "${{ secrets.GPG_KEYRING_BASE64 }}" | |
GPG_PASSPHRASE: "${{ secrets.GPG_PASSPHRASE }}" | |
- name: Run chart-releaser for dependency apps | |
uses: helm/chart-releaser-action@a917fd15b20e8b64b94d9158ad54cd6345335584 # v1.6.0 | |
if: | | |
steps.collect-changes.outputs.changesDetectedAfterTag == 'true' | |
with: | |
charts_dir: charts/dependency | |
charts_repo_url: https://deps.truecharts.org | |
config: cr.yaml | |
env: | |
CR_TOKEN: "${{ secrets.BOT_TOKEN }}" | |
CR_SKIP_EXISTING: "true" | |
- name: Tag App Releases | |
if: | | |
steps.collect-changes.outputs.changesDetectedAfterTag == 'true' | |
shell: bash | |
run: | | |
#!/bin/bash | |
CHARTS=(${{ steps.collect-changes.outputs.modifiedChartsAfterTag }}) | |
echo "Removing Chart Docs prior to regeneration..." | |
mkdir -p website/static/img/hotlink-ok/chart-icons || echo "chart-icons path already exists, continuing..." | |
for i in "${CHARTS[@]}" | |
do | |
IFS='/' read -r -a chart_parts <<< "$i" | |
if [ -f "charts/${chart_parts[0]}"/"${chart_parts[1]}/Chart.yaml" ]; then | |
train=${chart_parts[0]} | |
chart=${chart_parts[1]} | |
if [ "${train}" != "dependency" ]; then | |
echo "creating tag for ${chart}" | |
version=$(cat charts/${train}/${chart}/Chart.yaml | grep '^version: ' | awk -F" " '{ print $2 }' | head -1) | |
git tag ${chart}-${version} || echo "tag failed for ${chart}-${version}" | |
fi | |
fi | |
done | |
git push --tags |