Improve release process (#1559)

Improve release process automating several actions: - After the container is published, an automatic PR will be created updating the chart - After the chart is published, an automatic PR will be created updating the Carvel package Signed-off-by: Alejandro Moreno <[email protected]>
bitnami-labs · Jun 27, 2024 · d2046a1 · d2046a1
1 parent c3cd4f1
commit d2046a1
Show file tree

Hide file tree

Showing 3 changed files with 53 additions and 10 deletions.
diff --git a/.github/workflows/helm-release.yaml b/.github/workflows/helm-release.yaml
@@ -65,17 +65,20 @@ jobs:
           IMGPKG_REGISTRY_USERNAME: ${{ github.actor }}
           IMGPKG_REGISTRY_PASSWORD: ${{ secrets.GITHUB_TOKEN }}
         run: |
-          imgpkg push -b ghcr.io/${{ github.repository_owner }}/sealed-secrets-carvel:${{ env.chart_version }} -f .
+          imgpkg push -b ghcr.io/${{ github.repository_owner }}/sealed-secrets-carvel:${{ env.chart_version }} -f . --json > output
+          echo carvel_pkg=$(cat output | grep Pushed | cut -d "'" -f2 ) >> $GITHUB_ENV
 
       - name: Update package.yaml
         run: |
           yq -i '.spec.version = "${{ env.chart_version }}"' carvel/package.yaml
           yq -i '.metadata.name = "sealedsecrets.bitnami.com.${{ env.chart_version }}"' carvel/package.yaml
-          yq -i '.spec.template.spec.fetch.0.imgpkgBundle.image = "ghcr.io/${{ github.repository_owner }}/sealed-secrets-carvel:${{ env.chart_version }}"' carvel/package.yaml
+          yq -i '.spec.template.spec.fetch.0.imgpkgBundle.image = "${{ env.carvel_pkg }}"' carvel/package.yaml
+          git checkout -B 'release-carvel-${{ env.chart_version }}'
+          git add carvel/package.yaml
+          git commit -m 'Release carvel package ${{ env.chart_version }}'
+          git push origin 'release-carvel-${{ env.chart_version }}'
 
-      # Commenting the git commit action
-      #- name: Commit package.yaml
-        #run: |
-          #git add ./carvel/package.yaml
-          #git commit -s -m 'Update package to version ${{ env.chart_version }}'
-          #git push
+      - name: Create PR
+        run: gh pr create --fill --base main --repo $GITHUB_REPOSITORY
+        env:
+          GH_TOKEN: ${{ secrets.GITHUB_TOKEN }}
diff --git a/.github/workflows/publish-release.yaml b/.github/workflows/publish-release.yaml
@@ -2,9 +2,14 @@ name: Publish Release
 
 on:
   workflow_dispatch:
+    inputs:
+      chart:
+        description: 'Chart version (e.g. 2.11.3)'
+        required: true
+        type: string
 
 jobs:
-  build:
+  release:
     runs-on: ubuntu-latest
     env:
       controller_dockerhub_image_name: docker.io/bitnami/sealed-secrets-controller
@@ -153,3 +158,38 @@ jobs:
           COSIGN_PASSWORD: ${{ secrets.COSIGN_PASSWORD }}
           TAG_CURRENT: ${{ steps.meta_kubeseal.outputs.tags }}
           COSIGN_REPOSITORY: ${{ env.kubeseal_ghcr_image_name }}/signs
+
+  chart-pr:
+    needs: release
+    runs-on: ubuntu-latest
+    steps:
+      - name: Checkout
+        uses: actions/checkout@c85c95e3d7251135ab7dc9ce3241c5835cc595a9 # v3
+        with:
+          fetch-depth: 0
+
+      - name: Config Git
+        run: |
+          git config user.name "$GITHUB_ACTOR"
+          git config user.email "[email protected]"
+
+      - name: Fetch Versions
+        run: |
+          echo NEW_VERSION=$(git describe --tags --match "v[0-9]*" --abbrev=0 | tr -d v) >> "$GITHUB_ENV"
+          echo PREV_VERSION=$(grep appVersion helm/sealed-secrets/Chart.yaml | grep -o '[0-9.]*') >> "$GITHUB_ENV"
+
+      - name: Update Version
+        run: |
+          sed -i "s/version: .*/version: ${{ inputs.chart }}/" helm/sealed-secrets/Chart.yaml
+          sed -i "s/appVersion: .*/appVersion: $NEW_VERSION/" helm/sealed-secrets/Chart.yaml
+          sed -i "s/tag: .*/tag: $NEW_VERSION/" helm/sealed-secrets/values.yaml
+          sed -i "s/\`$PREV_VERSION\`/\`$NEW_VERSION\`/" helm/sealed-secrets/README.md
+          git checkout -B 'release-chart-${{ inputs.chart }}'
+          git add helm/sealed-secrets/Chart.yaml helm/sealed-secrets/values.yaml helm/sealed-secrets/README.md
+          git commit -m 'Release chart ${{ inputs.chart }}'
+          git push origin 'release-chart-${{ inputs.chart }}'
+
+      - name: Create PR
+        run: gh pr create --fill --base main --repo $GITHUB_REPOSITORY
+        env:
+          GH_TOKEN: ${{ secrets.GITHUB_TOKEN }}
diff --git a/.github/workflows/release.yaml b/.github/workflows/release.yaml
@@ -1,4 +1,4 @@
-name: Release
+name: Prepare Release
 
 # Only release when a new GH release branch is pushed
 on: