Publish Danswer Helm Chart #54
Workflow file for this run
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
name: Publish Danswer Helm Chart | |
on: | |
push: | |
workflow_dispatch: | |
jobs: | |
helm_chart_version_check: | |
runs-on: ubuntu-latest | |
outputs: | |
version_changed: ${{ steps.version_check.outputs.chart_version_changed }} | |
steps: | |
- name: Checkout | |
uses: actions/checkout@v4 | |
with: | |
fetch-depth: 0 | |
# We mark any builds on main branch as latest GH release | |
# so make sure we don't accidentally publiah a pre-release tag | |
# on main or a stable tag on a dev branch. | |
- name: Fail on semver pre-release chart version | |
run: yq .version deployment/helm/charts/danswer/Chart.yaml | grep -v '[a-zA-Z-]' | |
if: ${{ github.ref_name == 'main' }} | |
- name: Fail on stable semver chart version | |
run: yq .version deployment/helm/charts/danswer/Chart.yaml | grep '[a-zA-Z-]' | |
if: ${{ github.ref_name != 'main' }} | |
# To reduce resource usage images are built only on tag. | |
# To build a new set of images after committing and pushing | |
# new changes to GitHub, use: | |
# git tag <tag-name> | |
# git push --tags | |
- name: Fail if image tags don't exist | |
run: >- | |
curl -H "Authorization: Bearer $(echo ${{ secrets.GITHUB_TOKEN }} | base64)" | |
https://ghcr.io/v2/stackhpc/danswer/danswer-backend/tags/list | |
| jq .tags | |
| grep $( yq .appVersion deployment/helm/charts/danswer/Chart.yaml )-$( yq .tagSuffix deployment/helm/values.yaml ) | |
&& | |
curl -H "Authorization: Bearer $(echo ${{ secrets.GITHUB_TOKEN }} | base64)" | |
https://ghcr.io/v2/stackhpc/danswer/danswer-web-server/tags/list | |
| jq .tags | |
| grep $( yq .appVersion deployment/helm/charts/danswer/Chart.yaml )-$( yq .tagSuffix deployment/helm/values.yaml ) | |
# Check if current chart version exists in releases already | |
- name: Check for Helm chart version bump | |
id: version_check | |
run: | | |
set -xe | |
chart_version=$(yq .version deployment/helm/charts/danswer/Chart.yaml) | |
if [[ $(curl https://api.github.com/repos/stackhpc/danswer/releases | jq '.[].tag_name' | grep danswer-helm-$chart_version) ]]; then | |
echo chart_version_changed=false >> $GITHUB_OUTPUT | |
else | |
echo chart_version_changed=true >> $GITHUB_OUTPUT | |
fi | |
release: | |
# depending on default permission settings for your org (contents being read-only or read-write for workloads), you will have to add permissions | |
# see: https://docs.github.com/en/actions/security-guides/automatic-token-authentication#modifying-the-permissions-for-the-github_token | |
permissions: | |
contents: write | |
runs-on: ubuntu-latest | |
needs: helm_chart_version_check | |
if: ${{ needs.helm_chart_version_check.outputs.version_changed == 'true' }} | |
steps: | |
- name: Checkout | |
uses: actions/checkout@v4 | |
with: | |
fetch-depth: 0 | |
- name: Configure Git | |
run: | | |
git config user.name "$GITHUB_ACTOR" | |
git config user.email "[email protected]" | |
- name: Install Helm | |
uses: azure/setup-helm@v4 | |
env: | |
GITHUB_TOKEN: "${{ secrets.GITHUB_TOKEN }}" | |
- name: Build Helm dependencies | |
run: | | |
helm repo add bitnami https://charts.bitnami.com/bitnami | |
helm repo add vespa https://unoplat.github.io/vespa-helm-charts | |
helm dependency build deployment/helm | |
- name: Run chart-releaser | |
uses: helm/[email protected] | |
with: | |
charts_dir: deployment | |
pages_branch: helm-publish | |
mark_as_latest: ${{ github.ref_name == 'main' }} | |
env: | |
CR_TOKEN: "${{ secrets.GITHUB_TOKEN }}" | |
CR_RELEASE_NAME_TEMPLATE: "danswer-helm-{{ .Version }}" |