build(deps): bump oras-project/setup-oras from 1.2.4 to 2.0.0 #418
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| # Copyright Broadcom, Inc. All Rights Reserved. | |
| # SPDX-License-Identifier: APACHE-2.0 | |
| name: '[CI/CD] CI Update' | |
| on: # rebuild any PRs and main branch changes | |
| pull_request_target: | |
| types: | |
| - opened | |
| - reopened | |
| - synchronize | |
| - labeled | |
| branches: | |
| - main | |
| - bitnami:main | |
| # Remove all permissions by default | |
| permissions: {} | |
| # Avoid concurrency over the same PR | |
| concurrency: | |
| group: ${{ github.workflow }}-${{ github.event.pull_request.number }} | |
| jobs: | |
| get-chart: | |
| runs-on: ubuntu-latest | |
| name: Get modified charts | |
| permissions: | |
| pull-requests: read | |
| outputs: | |
| chart: ${{ steps.get-chart.outputs.chart }} | |
| result: ${{ steps.get-chart.outputs.result }} | |
| values-updated: ${{ steps.get-chart.outputs.values-updated }} | |
| steps: | |
| - id: get-chart | |
| uses: bitnami/charts/.github/actions/get-chart@main | |
| with: | |
| pr-url: "${{ github.event.pull_request.url }}" | |
| pr-number: "${{ github.event.pull_request.number }}" | |
| update-pr: | |
| runs-on: ubuntu-latest | |
| needs: [get-chart] | |
| name: Automatically update README, CRDs and CHANGELOG | |
| permissions: | |
| contents: read | |
| if: | | |
| needs.get-chart.outputs.result == 'ok' && | |
| ( | |
| contains(github.event.pull_request.labels.*.name, 'verify') || (github.event.action == 'labeled' && github.event.label.name == 'verify') | |
| ) | |
| steps: | |
| - name: Checkout bitnami/charts | |
| uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd | |
| with: | |
| ref: ${{github.event.pull_request.head.ref}} | |
| repository: ${{github.event.pull_request.head.repo.full_name}} | |
| token: ${{ secrets.BITNAMI_BOT_TOKEN }} | |
| path: charts | |
| - name: Clone upstream bitnami/charts repository | |
| uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd | |
| with: | |
| path: upstream-charts | |
| - name: Setup git configuration | |
| run: | | |
| cd $GITHUB_WORKSPACE/charts | |
| git config user.name "Bitnami Bot" | |
| git config user.email "bitnami.bot@broadcom.com" | |
| # In order to avoid doing a full clone (which would fetch the index branch), we | |
| # unshallow the clone only using the main branch. We need to get the tags to | |
| # regenerate the changelog too | |
| - name: Unshallow main branch and get tags | |
| run: | | |
| cd $GITHUB_WORKSPACE/upstream-charts | |
| git fetch origin main --unshallow | |
| git fetch --tags | |
| - name: Install conventional-changelog-cli | |
| run: npm install -g conventional-changelog-cli | |
| - id: generate-changelog | |
| name: Generate changelog | |
| env: | |
| PULL_REQUEST_NUMBER: "${{ github.event.pull_request.number }}" | |
| PULL_REQUEST_URL: "${{ github.server_url }}/${{ github.repository }}/pull/${{ github.event.number }}" | |
| GITHUB_TOKEN: "${{ github.token }}" | |
| CHART: ${{ needs.get-chart.outputs.chart }} | |
| run: | | |
| cd "${GITHUB_WORKSPACE}/upstream-charts" || exit 1 | |
| # Get PR title using the API to avoid malicious string substitutions | |
| pr_title="$(gh api "/repos/${GITHUB_REPOSITORY}/pulls/${PULL_REQUEST_NUMBER}" | jq -r '.title')" | |
| # The generator needs the file to exist | |
| chart_version="$(yq e '.version' "${GITHUB_WORKSPACE}/charts/bitnami/${CHART}/Chart.yaml")" | |
| changelog_file="${GITHUB_WORKSPACE}/charts/bitnami/${CHART}/CHANGELOG.md" | |
| changelog_tmp="${GITHUB_WORKSPACE}/charts/bitnami/${CHART}/CHANGELOG.md.tmp" | |
| touch "$changelog_file" | |
| npx conventional-changelog-cli -i "$changelog_file" -s -t "${CHART}/" -r 0 --commit-path "bitnami/${CHART}" | |
| # The tool uses short sha to generate commit links. Sometimes, Github does not offer links with the short sha, so we change all commit links to use the full sha instead | |
| for short_sha in $(grep -Eo "/commit/[a-z0-9]+" "$changelog_file" | awk -F/ '{print $3}'); do | |
| long_sha="$(git rev-list @ | grep "^$short_sha" | head -n 1)"; | |
| sed -i "s%/commit/$short_sha%/commit/$long_sha%g" "$changelog_file"; | |
| done | |
| cd "${GITHUB_WORKSPACE}/charts" || exit 1 | |
| # Remove unreleased section (includes all intermediate commits in the branch) and create future entry based on PR title | |
| # The unreleased section looks like this "## (YYYY-MM-DD)" whereas a released section looks like this "## 0.0.1 (YYYY-MM-DD)" | |
| # So we only need to find a released section to start printing in the awk script below | |
| awk '/^##[^(]*[0-9]/ {flag=1} flag {print}' "$changelog_file" > "$changelog_tmp" | |
| # Remove extra newlines so the changelog file passes the markdown linter | |
| sed -i -E -e '/^$/d' "$changelog_tmp" && sed -i -E -e 's/(##.*)/\n\1\n/g' "$changelog_tmp" | |
| # Include h1 heading and add entry for the current version. There is no tag for the current version (this will be created once merged), so we need to manually add it. | |
| # We know the final squashed commit title, which will be the PR title. We cannot add a link to the commit in the main branch because it has not been | |
| # merged yet (this will be corrected once a new version regenerates the changelog). Instead, we add the PR url which contains the exact same information. | |
| # Use printf with %s so chart_version / pr_title from untrusted Chart.yaml and API cannot trigger command substitution (unlike echo "...$chart_version..."). | |
| printf '# Changelog\n\n## %s (%s)\n\n* %s ([#%s](%s))\n' \ | |
| "$chart_version" "$(date +'%Y-%m-%d')" "$pr_title" "$PULL_REQUEST_NUMBER" "$PULL_REQUEST_URL" \ | |
| > "$changelog_file" | |
| cat "$changelog_tmp" >> "$changelog_file" | |
| rm "$changelog_tmp" | |
| # Commit all changes, if any | |
| if git status -s | grep "bitnami/${CHART}/CHANGELOG.md"; then | |
| git add "bitnami/${CHART}/CHANGELOG.md" | |
| git commit -m "Update CHANGELOG.md" --signoff | |
| fi | |
| - name: 'Clone readme-generator-for-helm' | |
| if: needs.get-chart.outputs.values-updated == 'true' && github.event.action != 'edited' | |
| uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd | |
| with: | |
| repository: bitnami/readme-generator-for-helm | |
| path: readme-generator-for-helm | |
| ref: '4d29f59abac6aeed6fbc2467e24fc17560057bcb' # 3.0.1 commit ID | |
| - name: 'Setup Node.js' | |
| if: needs.get-chart.outputs.values-updated == 'true' && github.event.action != 'edited' | |
| uses: actions/setup-node@53b83947a5a98c8d113130e565377fae1a50d02f | |
| with: | |
| node-version: '24.x' | |
| - name: 'Get npm cache directory' | |
| if: needs.get-chart.outputs.values-updated == 'true' && github.event.action != 'edited' | |
| id: npm-cache-dir | |
| shell: bash | |
| run: echo "dir=$(npm config get cache)" >> ${GITHUB_OUTPUT} | |
| - name: 'Cache dependencies' | |
| if: needs.get-chart.outputs.values-updated == 'true' && github.event.action != 'edited' | |
| uses: actions/cache@668228422ae6a00e4ad889ee87cd7109ec5666a7 | |
| with: | |
| path: ${{ steps.npm-cache-dir.outputs.dir }} | |
| key: npm-${{ hashFiles('./readme-generator-for-helm/package-lock.json') }} | |
| restore-keys: npm- | |
| - name: "Install readme-generator-for-helm" | |
| if: needs.get-chart.outputs.values-updated == 'true' && github.event.action != 'edited' | |
| run: | | |
| cd "${GITHUB_WORKSPACE}/readme-generator-for-helm" || exit 1 | |
| npm ci | |
| npm install -g | |
| - id: update-readme | |
| name: 'Update README' | |
| if: needs.get-chart.outputs.values-updated == 'true' | |
| env: | |
| CHART: ${{ needs.get-chart.outputs.chart }} | |
| run: | | |
| exit_code=0 | |
| cd "${GITHUB_WORKSPACE}/charts" || exit 1 | |
| echo "Validating README.md for bitnami/${CHART}" | |
| # Validating *.registry parameters | |
| while read -r line; do | |
| echo "$line" | grep --quiet "\[default: \(REGISTRY_NAME\|\"\"\)\]" || exit_code=$? | |
| done < <(grep "@param\s\+[A-Za-z\.]\+\.registry\s\+" "bitnami/${CHART}/values.yaml") | |
| if [[ $exit_code -ne 0 ]]; then | |
| echo "error=Please ensure all *.registry params include the [default: REGISTRY_NAME] modifier in the chart bitnami/${CHART}/values.yaml file" | |
| exit "$exit_code" | |
| fi | |
| # Validating *.repository parameters | |
| while read -r line; do | |
| param=$(echo "$line" | awk '{print $3}') | |
| # Checking if it's a image's registry-related param | |
| registry_param="${param//.repository/.registry}" | |
| grep --quiet "@param\s\+${registry_param}" "bitnami/${CHART}/values.yaml" && ( echo "$line" | grep --quiet "\[default: \(REPOSITORY_NAME/.*\|\"\"\)\]" || exit_code=$? ) | |
| done < <(grep "@param\s\+[A-Za-z\.]\+\.repository\s\+" "bitnami/${CHART}/values.yaml") | |
| if [[ $exit_code -ne 0 ]]; then | |
| echo "error=Please ensure all *.repository params include the [default: REPOSITORY_NAME] modifier the in the chart bitnami/${CHART}/values.yaml file" | |
| exit "$exit_code" | |
| fi | |
| # Validating *.tag parameters | |
| grep -v --quiet "@param\s\+[A-Za-z\.]\+\.tag\s\+" "bitnami/${CHART}/values.yaml" || exit_code=$? | |
| if [[ $exit_code -ne 0 ]]; then | |
| echo "error=Please ensure all *.tag params are skipped (@skip) in the bitnami/${CHART}/values.yaml file" | |
| exit "$exit_code" | |
| fi | |
| echo "Updating README.md for bitnami/${CHART}" | |
| readme-generator --values "bitnami/${CHART}/values.yaml" --readme "bitnami/${CHART}/README.md" --schema "/tmp/schema.json" | |
| # Commit all changes, if any | |
| if git status -s | grep "bitnami/${CHART}"; then | |
| git add "bitnami/${CHART}" | |
| git commit -m "Update README.md with readme-generator-for-helm" --signoff | |
| fi | |
| - id: update-pr | |
| name: Push changes | |
| run: | | |
| cd $GITHUB_WORKSPACE/charts | |
| # Push all the new commits, if any | |
| if [[ $(git cherry -v) ]]; then | |
| git push | |
| echo "result=ok" >> $GITHUB_OUTPUT | |
| else | |
| echo "result=skip" >> $GITHUB_OUTPUT | |
| fi |