name: Publish Helm Chart on: push: branches: - master paths: - 'charts/**' - '.github/workflows/publish-chart.yaml' - '!charts/actions-runner-controller/docs/**' - '!**.md' workflow_dispatch: env: KUBE_SCORE_VERSION: 1.10.0 HELM_VERSION: v3.8.0 permissions: contents: read jobs: lint-chart: name: Lint Chart runs-on: ubuntu-latest outputs: publish-chart: ${{ steps.publish-chart-step.outputs.publish }} steps: - name: Checkout uses: actions/checkout@v3 with: fetch-depth: 0 - name: Set up Helm uses: azure/setup-helm@v3.0 with: version: ${{ env.HELM_VERSION }} - name: Set up kube-score run: | wget https://github.com/zegl/kube-score/releases/download/v${{ env.KUBE_SCORE_VERSION }}/kube-score_${{ env.KUBE_SCORE_VERSION }}_linux_amd64 -O kube-score chmod 755 kube-score - name: Kube-score generated manifests run: helm template --values charts/.ci/values-kube-score.yaml charts/* | ./kube-score score - --ignore-test pod-networkpolicy --ignore-test deployment-has-poddisruptionbudget --ignore-test deployment-has-host-podantiaffinity --ignore-test container-security-context --ignore-test pod-probes --ignore-test container-image-tag --enable-optional-test container-security-context-privileged --enable-optional-test container-security-context-readonlyrootfilesystem # python is a requirement for the chart-testing action below (supports yamllint among other tests) - uses: actions/setup-python@v4 with: python-version: '3.7' - name: Set up chart-testing uses: helm/chart-testing-action@v2.2.1 - name: Run chart-testing (list-changed) id: list-changed run: | changed=$(ct list-changed --config charts/.ci/ct-config.yaml) if [[ -n "$changed" ]]; then echo "::set-output name=changed::true" fi - name: Run chart-testing (lint) run: | ct lint --config charts/.ci/ct-config.yaml - name: Create kind cluster if: steps.list-changed.outputs.changed == 'true' uses: helm/kind-action@v1.3.0 # We need cert-manager already installed in the cluster because we assume the CRDs exist - name: Install cert-manager if: steps.list-changed.outputs.changed == 'true' run: | helm repo add jetstack https://charts.jetstack.io --force-update helm install cert-manager jetstack/cert-manager --set installCRDs=true --wait - name: Run chart-testing (install) if: steps.list-changed.outputs.changed == 'true' run: ct install --config charts/.ci/ct-config.yaml # WARNING: This relies on the latest release being inat the top of the JSON from GitHub and a clean chart.yaml - name: Check if Chart Publish is Needed id: publish-chart-step run: | CHART_TEXT=$(curl -fs https://raw.githubusercontent.com/actions-runner-controller/actions-runner-controller/master/charts/actions-runner-controller/Chart.yaml) NEW_CHART_VERSION=$(echo "$CHART_TEXT" | grep version: | cut -d ' ' -f 2) RELEASE_LIST=$(curl -fs https://api.github.com/repos/actions-runner-controller/actions-runner-controller/releases | jq .[].tag_name | grep actions-runner-controller | cut -d '"' -f 2 | cut -d '-' -f 4) LATEST_RELEASED_CHART_VERSION=$(echo $RELEASE_LIST | cut -d ' ' -f 1) echo "Chart version in master : $NEW_CHART_VERSION" echo "Latest release chart version : $LATEST_RELEASED_CHART_VERSION" if [[ $NEW_CHART_VERSION != $LATEST_RELEASED_CHART_VERSION ]]; then echo "::set-output name=publish::true" fi publish-chart: if: needs.lint-chart.outputs.publish-chart == 'true' needs: lint-chart name: Publish Chart runs-on: ubuntu-latest permissions: contents: write # for helm/chart-releaser-action to push chart release and create a release steps: - name: Checkout uses: actions/checkout@v3 with: fetch-depth: 0 - name: Configure Git run: | git config user.name "$GITHUB_ACTOR" git config user.email "$GITHUB_ACTOR@users.noreply.github.com" - name: Run chart-releaser uses: helm/chart-releaser-action@v1.4.0 env: CR_TOKEN: "${{ secrets.GITHUB_TOKEN }}"