From a3373195dee4e364d25aa7a492be8e79afc78277 Mon Sep 17 00:00:00 2001 From: Alfredo Gutierrez Date: Thu, 1 Aug 2024 16:53:14 -0600 Subject: [PATCH 1/5] Adding a new Job to the publish WF so it also publishes the helm chart Signed-off-by: Alfredo Gutierrez --- .github/workflows/release-push-image.yaml | 46 +++++++++++++++++++++++ 1 file changed, 46 insertions(+) diff --git a/.github/workflows/release-push-image.yaml b/.github/workflows/release-push-image.yaml index a072e42b..5ec8741b 100644 --- a/.github/workflows/release-push-image.yaml +++ b/.github/workflows/release-push-image.yaml @@ -109,3 +109,49 @@ jobs: VERSION=${{ env.VERSION }} build-contexts: | distributions=./server/build/distributions + + + helm-chart-release: + runs-on: [ self-hosted, Linux, medium, ephemeral ] + + steps: + - name: Harden Runner + uses: step-security/harden-runner@0d381219ddf674d61a7572ddd19d7941e271515c # v2.9.0 + with: + egress-policy: audit + + - name: Checkout repository + uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332 # v4.1.7 + + - name: Get tag + run: | + if [[ "${{ github.event.inputs.version }}" ]]; then + echo "TAG=${{ github.event.inputs.version }}" >> $GITHUB_ENV + elif [[ "$GITHUB_REF_TYPE" == "tag" ]]; then + echo "TAG=${GITHUB_REF#refs/tags/v}" >> $GITHUB_ENV + else + echo "TAG=main" >> $GITHUB_ENV + fi + + - name: Extract version + id: extract_version + run: | + VERSION=$(grep 'version=' gradle.properties | cut -d '=' -f2) + echo "VERSION=${VERSION}" >> $GITHUB_ENV + + - name: Install Helm + uses: azure/setup-helm@fe7b79cd5ee1e45176fcad797de68ecaf3ca4814 # v4.2.0 + + - name: Use yq to update image tag + uses: mikefarah/yq-action@35f5ee3ef7d47ba98e50d8a07bc0d6d124e0517e # Reference by hash + with: + cmd: "yq eval '.image.tag = strenv(TAG)' -i charts/hedera-block-node/values.yaml" + env: + TAG: ${{ env.TAG }} + + - name: Publish helm chart + uses: stefanprodan/helm-gh-pages@0ad2bb377311d61ac04ad9eb6f252fb68e207260 # v1.7.0 + with: + target_dir: charts + token: ${{ secrets.GITHUB_TOKEN }} + branch: gh-pages From 42b1a8ef500d7bfd0c2a86c98fd0e30a142c19d5 Mon Sep 17 00:00:00 2001 From: Alfredo Gutierrez Date: Thu, 1 Aug 2024 16:58:08 -0600 Subject: [PATCH 2/5] fix action plugin name and version Signed-off-by: Alfredo Gutierrez --- .github/workflows/release-push-image.yaml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/workflows/release-push-image.yaml b/.github/workflows/release-push-image.yaml index 5ec8741b..ec8c8515 100644 --- a/.github/workflows/release-push-image.yaml +++ b/.github/workflows/release-push-image.yaml @@ -143,7 +143,7 @@ jobs: uses: azure/setup-helm@fe7b79cd5ee1e45176fcad797de68ecaf3ca4814 # v4.2.0 - name: Use yq to update image tag - uses: mikefarah/yq-action@35f5ee3ef7d47ba98e50d8a07bc0d6d124e0517e # Reference by hash + uses: mikefarah/yq@f15500b20a1c991c8729870ba60a4dc3524b6a94 # v4.44.2 with: cmd: "yq eval '.image.tag = strenv(TAG)' -i charts/hedera-block-node/values.yaml" env: From 102be985f1bbc016a3bab951ea9801da4e64c856 Mon Sep 17 00:00:00 2001 From: Alfredo Gutierrez Date: Thu, 1 Aug 2024 16:59:39 -0600 Subject: [PATCH 3/5] fix action plugin name and version Signed-off-by: Alfredo Gutierrez --- .github/workflows/release-push-image.yaml | 3 +++ 1 file changed, 3 insertions(+) diff --git a/.github/workflows/release-push-image.yaml b/.github/workflows/release-push-image.yaml index ec8c8515..fabab11d 100644 --- a/.github/workflows/release-push-image.yaml +++ b/.github/workflows/release-push-image.yaml @@ -112,7 +112,10 @@ jobs: helm-chart-release: + # depends-on: publish runs-on: [ self-hosted, Linux, medium, ephemeral ] + permissions: + contents: write steps: - name: Harden Runner From 81ea0a6d3b3466be087b767265c7f9b582f372c1 Mon Sep 17 00:00:00 2001 From: Alfredo Gutierrez Date: Thu, 1 Aug 2024 17:28:22 -0600 Subject: [PATCH 4/5] removing tag, this way we won't be publishing a `main` image, but a SNAPSHOT version that will be dependent on the next release version. at start will be `0.1.0-SNAPSHOT` and once we release `v0.1.0` it will be `0.2.0-SNAPSHOT` for integration release (whenever a push is commited to main) Signed-off-by: Alfredo Gutierrez --- .github/workflows/release-push-image.yaml | 37 ++--------------------- 1 file changed, 2 insertions(+), 35 deletions(-) diff --git a/.github/workflows/release-push-image.yaml b/.github/workflows/release-push-image.yaml index fabab11d..efe0f6b9 100644 --- a/.github/workflows/release-push-image.yaml +++ b/.github/workflows/release-push-image.yaml @@ -55,16 +55,6 @@ jobs: - name: Checkout repository uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332 # v4.1.7 - - name: Get tag - run: | - if [[ "${{ github.event.inputs.version }}" ]]; then - echo "TAG=${{ github.event.inputs.version }}" >> $GITHUB_ENV - elif [[ "$GITHUB_REF_TYPE" == "tag" ]]; then - echo "TAG=${GITHUB_REF#refs/tags/v}" >> $GITHUB_ENV - else - echo "TAG=main" >> $GITHUB_ENV - fi - - name: Install JDK uses: actions/setup-java@99b8673ff64fbf99d8d325f52d9a5bdedb8483e9 # v4.2.1 with: @@ -104,7 +94,7 @@ jobs: cache-to: type=gha,mode=max platforms: linux/amd64, linux/arm64 push: true - tags: ${{ env.REGISTRY }}/${{ github.repository }}:${{ env.TAG }} + tags: ${{ env.REGISTRY }}/${{ github.repository }}:${{ env.VERSION }} build-args: | VERSION=${{ env.VERSION }} build-contexts: | @@ -112,7 +102,7 @@ jobs: helm-chart-release: - # depends-on: publish + needs: publish runs-on: [ self-hosted, Linux, medium, ephemeral ] permissions: contents: write @@ -126,32 +116,9 @@ jobs: - name: Checkout repository uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332 # v4.1.7 - - name: Get tag - run: | - if [[ "${{ github.event.inputs.version }}" ]]; then - echo "TAG=${{ github.event.inputs.version }}" >> $GITHUB_ENV - elif [[ "$GITHUB_REF_TYPE" == "tag" ]]; then - echo "TAG=${GITHUB_REF#refs/tags/v}" >> $GITHUB_ENV - else - echo "TAG=main" >> $GITHUB_ENV - fi - - - name: Extract version - id: extract_version - run: | - VERSION=$(grep 'version=' gradle.properties | cut -d '=' -f2) - echo "VERSION=${VERSION}" >> $GITHUB_ENV - - name: Install Helm uses: azure/setup-helm@fe7b79cd5ee1e45176fcad797de68ecaf3ca4814 # v4.2.0 - - name: Use yq to update image tag - uses: mikefarah/yq@f15500b20a1c991c8729870ba60a4dc3524b6a94 # v4.44.2 - with: - cmd: "yq eval '.image.tag = strenv(TAG)' -i charts/hedera-block-node/values.yaml" - env: - TAG: ${{ env.TAG }} - - name: Publish helm chart uses: stefanprodan/helm-gh-pages@0ad2bb377311d61ac04ad9eb6f252fb68e207260 # v1.7.0 with: From 6d9db081f2768d5c2838779451a4edb4a153ae26 Mon Sep 17 00:00:00 2001 From: Alfredo Gutierrez Date: Thu, 1 Aug 2024 17:30:33 -0600 Subject: [PATCH 5/5] values.yaml file won't explicitly set the tag, since we want to use the appVersion. Signed-off-by: Alfredo Gutierrez --- .github/workflows/release-push-image.yaml | 1 + charts/hedera-block-node/values.yaml | 2 +- 2 files changed, 2 insertions(+), 1 deletion(-) diff --git a/.github/workflows/release-push-image.yaml b/.github/workflows/release-push-image.yaml index efe0f6b9..ef24321b 100644 --- a/.github/workflows/release-push-image.yaml +++ b/.github/workflows/release-push-image.yaml @@ -125,3 +125,4 @@ jobs: target_dir: charts token: ${{ secrets.GITHUB_TOKEN }} branch: gh-pages + app_version: ${{ env.VERSION }} diff --git a/charts/hedera-block-node/values.yaml b/charts/hedera-block-node/values.yaml index ad0bae35..f81da5b5 100644 --- a/charts/hedera-block-node/values.yaml +++ b/charts/hedera-block-node/values.yaml @@ -6,7 +6,7 @@ image: repository: ghcr.io/hashgraph/hedera-block-node pullPolicy: IfNotPresent # Overrides the image tag whose default is the chart appVersion. - tag: "main" + tag: "" imagePullSecrets: [] nameOverride: ""