[bitnami/nginx-ingress-controller] Release 11.3.21 (#28961) #11545
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
# Copyright Broadcom, Inc. All Rights Reserved. | |
# SPDX-License-Identifier: APACHE-2.0 | |
name: '[CI/CD] CD Pipeline' | |
on: # rebuild any PRs and main branch changes | |
push: | |
branches: | |
- main | |
paths: | |
- 'bitnami/**' | |
- '!**.md' | |
# Remove all permissions by default. | |
permissions: {} | |
jobs: | |
get-chart: | |
runs-on: ubuntu-latest | |
name: 'Get modified charts' | |
permissions: | |
contents: read | |
outputs: | |
chart: ${{ steps.get-chart.outputs.chart }} | |
result: ${{ steps.get-chart.outputs.result }} | |
steps: | |
- uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332 | |
with: | |
path: charts | |
fetch-depth: 2 # to be able to obtain files changed in the latest commit | |
- id: get-chart | |
name: 'Get modified charts' | |
run: | | |
cd charts | |
files_changed="$(git show --pretty="" --name-only)" | |
# Adding || true to avoid "Process exited with code 1" errors | |
charts_dirs_changed="$(echo "$files_changed" | xargs dirname | grep -o "bitnami/[^/]*" | sort | uniq || true)" | |
# Using grep -c as a better alternative to wc -l when dealing with empty strings." | |
num_charts_changed="$(echo "$charts_dirs_changed" | grep -c "bitnami" || true)" | |
num_version_bumps="$(echo "$files_changed" | grep Chart.yaml | xargs git show | grep -c "+version" || true)" | |
if [[ "$num_charts_changed" -ne "$num_version_bumps" ]]; then | |
# Changes done in charts but version not bumped -> ERROR | |
charts_changed_str="$(echo ${charts_dirs_changed[@]})" | |
echo "error=Detected changes in charts without version bump in Chart.yaml. Charts changed: ${num_charts_changed} ${charts_changed_str}. Version bumps detected: ${num_version_bumps}" >> $GITHUB_OUTPUT | |
echo "result=fail" >> $GITHUB_OUTPUT | |
elif [[ "$num_charts_changed" -eq "1" ]]; then | |
# Changes done in only one chart -> OK | |
chart_name=$(echo "$charts_dirs_changed" | sed "s|bitnami/||g") | |
echo "chart=${chart_name}" >> $GITHUB_OUTPUT | |
echo "result=ok" >> $GITHUB_OUTPUT | |
else | |
# Changes done in more than chart -> FAIL | |
charts_changed_str="$(echo ${charts_dirs_changed[@]})" | |
echo "error=Changes detected in more than one chart directory: ${charts_changed_str}. The publish process will be stopped. Please create different commits for each chart." >> $GITHUB_OUTPUT | |
echo "result=fail" >> $GITHUB_OUTPUT | |
fi | |
- id: show-error | |
name: 'Show error' | |
if: ${{ steps.get-chart.outputs.result == 'fail' }} | |
uses: actions/github-script@60a0d83039c74a4aee543508d2ffcb1c3799cdea | |
with: | |
script: | | |
core.setFailed('${{ steps.get-chart.outputs.error }}') | |
vib-publish: | |
runs-on: ubuntu-latest | |
needs: get-chart | |
if: ${{ needs.get-chart.outputs.result == 'ok' }} | |
name: VIB Publish | |
permissions: | |
contents: read | |
env: | |
CSP_API_URL: https://console.cloud.vmware.com | |
CSP_API_TOKEN: ${{ secrets.CSP_API_TOKEN }} | |
VIB_PUBLIC_URL: https://cp.bromelia.vmware.com | |
steps: | |
- uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332 | |
name: Checkout Repository | |
with: | |
path: charts | |
- uses: vmware-labs/vmware-image-builder-action@v0 | |
name: Publish ${{ needs.get-chart.outputs.chart }} | |
with: | |
pipeline: ${{ needs.get-chart.outputs.chart }}/vib-publish.json | |
config: charts/.vib/ | |
env: | |
VIB_ENV_S3_URL: s3://${{ secrets.AWS_S3_BUCKET }}/bitnami | |
VIB_ENV_S3_ACCESS_KEY_ID: ${{ secrets.AWS_PUBLISH_ACCESS_KEY_ID }} | |
VIB_ENV_S3_SECRET_ACCESS_KEY: ${{ secrets.AWS_PUBLISH_SECRET_ACCESS_KEY }} | |
VIB_ENV_S3_ROLE_ARN: ${{ secrets.AWS_PUBLISH_ROLE_ARN }} | |
update-index: | |
runs-on: ubuntu-latest | |
needs: | |
- vib-publish | |
name: Update charts index | |
steps: | |
- uses: actions/download-artifact@9bc31d5ccc31df68ecc42ccf4149144866c47d8a | |
with: | |
path: ~/artifacts | |
# If we perform a checkout of the main branch, we will find conflicts with the submodules | |
- uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332 | |
with: | |
ref: 'index' | |
path: index | |
# The token is persisted in the local git config and enables scripts to run authenticated git commands. | |
token: ${{ secrets.BITNAMI_BOT_TOKEN }} | |
- name: Install helm | |
run: | | |
HELM_TARBALL="helm-v3.8.1-linux-amd64.tar.gz" | |
curl -SsLfO "https://get.helm.sh/${HELM_TARBALL}" && sudo tar xf "$HELM_TARBALL" --strip-components 1 -C /usr/local/bin | |
# Install file plugin | |
helm plugin add https://github.com/zoobab/helm_file_repo | |
- id: update-index | |
name: Fetch chart and update index | |
env: | |
AWS_ACCESS_KEY_ID: ${{ secrets.AWS_PUBLISH_ACCESS_KEY_ID }} | |
AWS_SECRET_ACCESS_KEY: ${{ secrets.AWS_PUBLISH_SECRET_ACCESS_KEY }} | |
AWS_ASSUME_ROLE_ARN: ${{ secrets.AWS_PUBLISH_ROLE_ARN }} | |
AWS_MAX_ATTEMPTS: 3 | |
AWS_DEFAULT_REGION: us-east-1 | |
run: | | |
# Configure AWS account | |
export $(printf "AWS_ACCESS_KEY_ID=%s AWS_SECRET_ACCESS_KEY=%s AWS_SESSION_TOKEN=%s" $(aws sts assume-role --role-arn ${AWS_ASSUME_ROLE_ARN} --role-session-name GitHubCharts --query "Credentials.[AccessKeyId,SecretAccessKey,SessionToken]" --output text)) | |
# Extract chart release metadata from the publish report file | |
vib_publish_report_file=$(find ~/artifacts -name "report.json" -print -quit) | |
chart_name=$(jq -re '.actions|map(select(.action_id == "helm-publish"))[0] | .application.name' $vib_publish_report_file) | |
chart_version=$(jq -re '.actions|map(select(.action_id == "helm-publish"))[0] | .application.version' $vib_publish_report_file) | |
# Download published asset | |
mkdir download | |
aws s3 cp s3://${{ secrets.AWS_S3_BUCKET }}/bitnami/${chart_name}-${chart_version}.tgz download/ | |
cd index | |
git config user.name "Bitnami Containers" | |
git config user.email "[email protected]" | |
attempts=0 | |
max_attempts=5 | |
is_index_updated=0 | |
while [[ $attempts -lt $max_attempts && $is_index_updated -eq 0 ]]; do | |
attempts=$((attempts + 1)) | |
# Pull changes from remote | |
git fetch origin index | |
current_commit_id=$(git rev-parse origin/index) | |
git reset --hard $(git commit-tree origin/index^{tree} -m "Update index.yaml") | |
# Rebuild index | |
helm repo index --url https://charts.bitnami.com/bitnami --merge bitnami/index.yaml ../download | |
# Compare size of files | |
if [[ $(stat -c%s bitnami/index.yaml) -gt $(stat -c%s ../download/index.yaml) ]]; then | |
echo "New index.yaml file is shorter than the current one" | |
exit 1 | |
fi | |
# Adding tmp file as a helm repo | |
if ! helm repo add cache file://../download/ ; then | |
echo "New index.yaml file can't be indexed" | |
exit 1 | |
fi | |
cp ../download/index.yaml bitnami/index.yaml | |
# Push changes | |
git add bitnami/index.yaml && git commit --signoff --amend --no-edit | |
git push origin index --force-with-lease=index:${current_commit_id} && is_index_updated=1 || echo "Failed to push during attempt $attempts" | |
done | |
if [[ $is_index_updated -ne 1 ]]; then | |
echo "Could not update the index after $max_attempts attempts" | |
exit 1 | |
fi | |
push-tag: | |
runs-on: ubuntu-latest | |
permissions: | |
contents: write | |
needs: | |
- get-chart | |
- vib-publish | |
name: Push tag | |
if: ${{ needs.get-chart.outputs.result == 'ok' }} | |
steps: | |
- uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332 | |
with: | |
path: charts | |
fetch-depth: 2 # to be able to obtain files changed in the latest commit | |
- id: push-tag | |
name: 'Push tag' | |
env: | |
CHART: ${{ needs.get-chart.outputs.chart }} | |
run: | | |
cd charts | |
# Get chart version and list of tags | |
chart_version="$(yq e '.version' bitnami/${CHART}/Chart.yaml)" | |
git fetch --tags | |
# If the tag does not exist, create and push it (this allows re-executing the job) | |
if ! git tag | grep ${CHART}/${chart_version}; then | |
git tag ${CHART}/${chart_version} | |
git push --tags | |
fi | |
push-promotion: | |
runs-on: ubuntu-latest | |
permissions: | |
contents: write | |
needs: | |
- get-chart | |
- update-index | |
name: Push Promotion files | |
if: ${{ needs.get-chart.outputs.result == 'ok' }} | |
steps: | |
- uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332 | |
with: | |
path: charts | |
- name: Install helm | |
run: | | |
HELM_TARBALL="helm-v3.8.1-linux-amd64.tar.gz" | |
curl -SsLfO "https://get.helm.sh/${HELM_TARBALL}" && sudo tar xf "$HELM_TARBALL" --strip-components 1 -C /usr/local/bin | |
- env: | |
CHART_NAME: ${{ needs.get-chart.outputs.chart }} | |
AWS_ACCESS_KEY_ID: ${{ secrets.AWS_PROMOTION_ACCESS_KEY_ID }} | |
AWS_SECRET_ACCESS_KEY: ${{ secrets.AWS_PROMOTION_SECRET_ACCESS_KEY }} | |
AWS_PROMOTION_BUCKET: ${{ secrets.AWS_PROMOTION_BUCKET }} | |
AWS_MAX_ATTEMPTS: 3 | |
AWS_DEFAULT_REGION: us-east-1 | |
run: | | |
#!/bin/bash | |
chart="bitnami/${CHART_NAME}" | |
cd charts | |
# Get chart and app version | |
chart_version="$(yq e '.version' "${chart}/Chart.yaml")" | |
app_version="$(yq e '.appVersion' "${chart}/Chart.yaml")" | |
# Get image list (removing the registry) | |
helm dep build ${chart} | |
image_list="$(yq '.annotations.images' "${chart}/Chart.yaml" | yq '[ .[] | .image | sub("^[^/]+/", "") ] | tojson')" | |
for dependency in "${chart}/charts/"*.tgz; do | |
if [[ -s "$dependency" ]]; then | |
# Analyse all 'Chart.yaml' files in dependencies | |
while read -r chart_yaml_file; do | |
if [[ -n "${chart_yaml_file}" ]]; then | |
dependency_image_list="$(tar -xzO -f "$dependency" "$chart_yaml_file" | yq '.annotations.images' | yq '[ .[] | .image | sub("^[^/]+/", "") ] | tojson')" | |
image_list="$(jq -c --null-input --argjson arr1 "$image_list" --argjson arr2 "$dependency_image_list" '$arr1 + $arr2 | unique')" | |
fi | |
done < <(tar -tzf "$dependency" | grep -E "Chart.yaml$") | |
fi | |
done | |
# Build JSON files | |
release_date="$(date -u +"%Y/%m/%d")" | |
file_prefix="$(date -u +"%s%3N-${CHART_NAME}-${app_version}")" | |
json_template=$(cat << "EOF" | |
{ | |
"platform_id": $platform_id, | |
"application": $app, | |
"external_id": "\($app):\($chart_version)", | |
"version": $app_version, | |
"bundled_os_version": $bundled_os_version, | |
"properties": { | |
"chart_url": "https://charts.bitnami.com/bitnami/\($app)-\($chart_version).tgz", | |
"containers": $image_list, | |
"github_repository": "bitnami/charts/tree/main/bitnami/\($app)", | |
} | |
} | |
EOF | |
) | |
jq --null-input \ | |
--arg platform_id "bitnami-chart-debian-x64" \ | |
--arg app "${CHART_NAME}" \ | |
--arg app_version "${app_version}" \ | |
--arg chart_version "${chart_version}" \ | |
--arg bundled_os_version "12" \ | |
--argjson image_list "${image_list}" "${json_template}" > "${file_prefix}-bitnami-chart-debian-x64.json" | |
jq --null-input \ | |
--arg platform_id "vmware-chart-debian-x64" \ | |
--arg app "${CHART_NAME}" \ | |
--arg app_version "${app_version}" \ | |
--arg chart_version "${chart_version}" \ | |
--arg bundled_os_version "12" \ | |
--argjson image_list "${image_list}" "${json_template}" | jq '.properties += {"alias_platform_from": "bitnami-chart-debian-x64"}' > "${file_prefix}-vmware-chart-debian-x64.json" | |
# Upload files to the release bucket. | |
aws s3 cp "${file_prefix}-bitnami-chart-debian-x64.json" "s3://${AWS_PROMOTION_BUCKET}/releases/${release_date}/${file_prefix}-bitnami-chart-debian-x64.json" | |
aws s3 cp "${file_prefix}-vmware-chart-debian-x64.json" "s3://${AWS_PROMOTION_BUCKET}/releases/${release_date}/${file_prefix}-vmware-chart-debian-x64.json" | |
# If the CD Pipeline does not succeed we should notify the interested agents | |
slack-notif: | |
runs-on: ubuntu-latest | |
needs: | |
- vib-publish | |
- update-index | |
- push-promotion | |
if: always() | |
name: Notify unsuccessful CD run | |
steps: | |
- name: Notify in Slack channel | |
if: ${{ needs.push-promotion.result != 'success' }} | |
uses: slackapi/slack-github-action@70cd7be8e40a46e8b0eced40b0de447bdb42f68e | |
with: | |
channel-id: ${{ secrets.CD_SLACK_CHANNEL_ID }} | |
payload: | | |
{ | |
"attachments": [ | |
{ | |
"color": "#CC0000", | |
"fallback": "Unsuccessful bitnami/charts CD pipeline", | |
"blocks": [ | |
{ | |
"type": "section", | |
"text": { | |
"type": "mrkdwn", | |
"text": "*Unsuccessful `bitnami/charts` CD pipeline*" | |
} | |
}, | |
{ | |
"type": "section", | |
"text": { | |
"type": "mrkdwn", | |
"text": "The CD pipeline for <${{ github.event.head_commit.url }}|bitnami/charts@${{ github.event.head_commit.id }}> did not succeed. Check the related <${{ github.server_url }}/${{ github.repository }}/actions/runs/${{ github.run_id }}|action run> for more information." | |
} | |
} | |
] | |
} | |
] | |
} | |
env: | |
SLACK_BOT_TOKEN: ${{ secrets.CD_SLACK_BOT_TOKEN }} |