Skip to content

Release swan: patch, swan-cern: patch #143

Release swan: patch, swan-cern: patch

Release swan: patch, swan-cern: patch #143

# Main workflow to tag and publish swan/ and swan-cern/ charts in this repository automatically based on changes
# - NOTE: Runs only on the master branch
# - Runs the check-charts workflow before proceeding
# If the swan/ chart has new commits since it's last tag
# - Commits a new version, tag, github release and harbor release of swan/
# - Updates dependency of swan-cern/ on swan/
# If the swan-cern/ chart has new commits since it's last tag
# - Commits a new version, tag, github release and harbor release of swan-cern/
# - uses secrets.WORKFLOW_ACCESS_TOKEN (GitHub PAT with admin permissions on repository) to push commits and tags
# - uses secrets.HELM_REPO_USERNAME and secrets.HELM_REPO_PASSWORD for a robot account on harbor with permissions to list and create helm chart versions
name: Release Charts
run-name: "Release swan: ${{ inputs.bump_swan }}, swan-cern: ${{ inputs.bump_swan_cern }}"
concurrency: release # Only run one 'release' workflow at a time
permissions:
contents: write
on:
workflow_dispatch:
inputs:
bump_swan:
description: "Bump version for swan/"
required: true
default: patch
type: choice
options:
- major
- minor
- patch
bump_swan_cern:
description: "Bump version for swan-cern/"
required: true
default: patch
type: choice
options:
- major
- minor
- patch
bump_swan_cern_system:
description: "Bump version for swan-cern-system/"
required: false
default: patch
type: choice
options:
- major
- minor
- patch
jobs:
check_branch:
runs-on: ubuntu-latest
steps:
- name: Fail if not on master branch
if: github.ref != 'refs/heads/master'
run: exit 1
check_charts:
needs: [check_branch]
uses: ./.github/workflows/check-charts.yaml
list_changed_charts:
needs: [check_branch]
runs-on: ubuntu-latest
outputs:
swan_has_changed: ${{ steps.diff.outputs.swan_has_changed }}
swan-cern_has_changed: ${{ steps.diff.outputs.swan-cern_has_changed }}
swan-cern-system_has_changed: ${{ steps.diff.outputs.swan-cern-system_has_changed }}
steps:
- name: Checkout repository
uses: actions/checkout@v3
with:
fetch-depth: 0 # Fetch all tags and history to check for changes
- name: List charts with changes since last tag
id: diff
run: |
set -euxo pipefail
./.github/workflows/list-changed-charts.sh >> $GITHUB_OUTPUT
- name: Fail if no charts have changes
if: steps.diff.outputs.swan_has_changed != 'true' && steps.diff.outputs.swan-cern_has_changed != 'true' && steps.diff.outputs.swan-cern-system_has_changed != 'true'
run: exit 1
tag_swan:
needs: [check_charts, list_changed_charts]
if: needs.list_changed_charts.outputs.swan_has_changed == 'true'
uses: ./.github/workflows/tag-chart.yaml
with:
chart: swan
bump: ${{ inputs.bump_swan }}
secrets:
WORKFLOW_ACCESS_TOKEN: ${{ secrets.WORKFLOW_ACCESS_TOKEN }}
HELM_REPO_USERNAME: ${{ secrets.HELM_REPO_USERNAME }}
HELM_REPO_PASSWORD: ${{ secrets.HELM_REPO_PASSWORD }}
update_dependency:
# Update 'swan-cern' chart to use as dependency the new tagged version of 'swan' chart
needs: [tag_swan]
runs-on: ubuntu-latest
steps:
- name: Checkout repository
uses: actions/checkout@v3
with:
persist-credentials: false # To use WORKFLOW_ACCESS_TOKEN instead of GITHUB_TOKEN in later steps
ref: ${{ github.ref_name }} # Checkout latest commit on branch including new commits created in earlier steps
- name: Update version of swan on swan-cern/Chart.yaml
uses: mikefarah/yq@1f0881fb5faf371694bfa108753cda0b824f5037 # v4.28.2
with:
cmd: yq -i '(.dependencies[] | select(.name == "swan")).version = "${{ needs.tag_swan.outputs.new_version }}"' 'swan-cern/Chart.yaml'
- name: Commit changes
run: |
set -x
helm dependency update swan-cern
cd swan-cern
git config user.name github-actions
git config user.email [email protected]
git add .
git commit -m "Update swan-cern to use swan@${{ needs.tag_swan.outputs.new_version }} by @${{ github.actor }}"
- name: Push commit
uses: ad-m/github-push-action@4dcce6dea3e3c8187237fc86b7dfdc93e5aaae58
with:
github_token: ${{ secrets.WORKFLOW_ACCESS_TOKEN }}
branch: ${{ github.ref_name }}
tag_swan_cern:
needs: [check_charts, list_changed_charts, tag_swan, update_dependency]
if: |
always() &&
needs.check_charts.result == 'success' &&
needs.list_changed_charts.result == 'success' &&
needs.tag_swan.result != 'failure' &&
needs.update_dependency.result != 'failure' &&
(needs.list_changed_charts.outputs.swan_has_changed == 'true' || needs.list_changed_charts.outputs.swan-cern_has_changed == 'true')
uses: ./.github/workflows/tag-chart.yaml
with:
chart: swan-cern
bump: ${{ inputs.bump_swan_cern }}
secrets:
WORKFLOW_ACCESS_TOKEN: ${{ secrets.WORKFLOW_ACCESS_TOKEN }}
HELM_REPO_USERNAME: ${{ secrets.HELM_REPO_USERNAME }}
HELM_REPO_PASSWORD: ${{ secrets.HELM_REPO_PASSWORD }}
tag_swan_cern_system:
needs: [check_charts, list_changed_charts]
if: needs.list_changed_charts.outputs.swan-cern-system_has_changed == 'true'
uses: ./.github/workflows/tag-chart.yaml
with:
chart: swan-cern-system
bump: ${{ inputs.bump_swan_cern_system }}
secrets:
WORKFLOW_ACCESS_TOKEN: ${{ secrets.WORKFLOW_ACCESS_TOKEN }}
HELM_REPO_USERNAME: ${{ secrets.HELM_REPO_USERNAME }}
HELM_REPO_PASSWORD: ${{ secrets.HELM_REPO_PASSWORD }}