Skip to content

chore(deps): update bundle dependencies (#1503) #1009

chore(deps): update bundle dependencies (#1503)

chore(deps): update bundle dependencies (#1503) #1009

Workflow file for this run

name: Release Charts
on:
push:
branches:
- master
# Weekly nri-bundle release
schedule:
- cron: "0 12 * * 2" # Tuesday at 12pm UTC or 5am PT
# Prevent two release workflows from running concurrently, which might cause WAR race conditions in the repository
# Ref: https://docs.github.com/en/actions/reference/workflow-syntax-for-github-actions#concurrency
concurrency: helm-release
env:
ORIGINAL_REPO_NAME: ${{ github.event.repository.full_name }}
jobs:
# Sometimes chart-releaser might fetch an outdated index.yaml from gh-pages, causing a WAW hazard on the repo
# This job checks the remote file is up to date with the local one on release
validate-gh-pages-index:
runs-on: ubuntu-latest
steps:
- name: Checkout
uses: actions/checkout@v4
with:
ref: gh-pages
- name: Download remote index file and check equality
run: |
curl -vsSL https://${{ github.repository_owner }}.github.io/${{ github.event.repository.name }}/index.yaml > index.yaml.remote
LOCAL="$(md5sum < index.yaml)"
REMOTE="$(md5sum < index.yaml.remote)"
echo "$LOCAL" = "$REMOTE"
test "$LOCAL" = "$REMOTE"
release:
runs-on: ubuntu-latest
needs: [ validate-gh-pages-index ]
steps:
- name: Checkout
uses: actions/checkout@v4
# chart-releaser need all the history of the repo to see what changed in the file tree and evaluate which charts need to be released
with:
fetch-depth: 0
- name: Add helm repositories
run: |
helm repo add newrelic-helm-charts https://newrelic.github.io/helm-charts
helm repo add newrelic-cdn-helm-charts https://helm-charts.newrelic.com
helm repo add newrelic-infrastructure https://newrelic.github.io/nri-kubernetes
helm repo add nri-prometheus https://newrelic.github.io/nri-prometheus
helm repo add newrelic-prometheus-configurator https://newrelic.github.io/newrelic-prometheus-configurator
helm repo add nri-metadata-injection https://newrelic.github.io/k8s-metadata-injection
helm repo add newrelic-k8s-metrics-adapter https://newrelic.github.io/newrelic-k8s-metrics-adapter
helm repo add kube-state-metrics https://kubernetes.github.io/kube-state-metrics
helm repo add nri-kube-events https://newrelic.github.io/nri-kube-events
helm repo add pixie-operator-chart https://pixie-operator-charts.storage.googleapis.com
helm repo add newrelic-infra-operator https://newrelic.github.io/newrelic-infra-operator
helm repo add prometheus-community https://prometheus-community.github.io/helm-charts
helm repo add flux2 https://fluxcd-community.github.io/helm-charts
helm repo add k8s-agents-operator https://newrelic.github.io/k8s-agents-operator
- name: Configure Git
run: |
git config user.name "$GITHUB_ACTOR"
git config user.email "[email protected]"
- name: Merge Renovate PR updating bundle dependencies
if: github.event_name == 'schedule'
# GITHUB_TOKEN does not allow to merge PRs with admin
# privilege, so use alternative token
# Source: https://stackoverflow.com/questions/74274130/allow-github-actions-to-merge-prs-on-protected-branch
env:
GITHUB_TOKEN: "${{ secrets.K8S_AGENTS_BOT_TOKEN }}"
run: |
PR_NUMBER=$(gh pr list --search "is:pr is:open author:app/renovate 'Update bundle dependencies' in:title" --json="number" --jq '.[0].number')
if [[ -n "${PR_NUMBER}" ]]; then
echo "Proceeding to merge PR #${PR_NUMBER}"
gh pr merge ${PR_NUMBER} \
--admin \
--body "Automatically merged by github-actions" \
--delete-branch \
--squash
else
echo "No PR found. Nothing to merge"
fi
# As of today, there is no way to filter/exclude charts to be released. Config does not support it:
# https://github.com/helm/chart-releaser/blob/4eb598f96aa53d1c0b8234af2087834e1f2275e1/pkg/config/config.go#L40-L61
# So we delete the Chart.yaml to filter the chart: https://github.com/helm/chart-releaser-action/pull/18
- name: remove the chart template as it should not be deployed
run: |
rm ./library/CHART-TEMPLATE/Chart.yaml
- name: Release library charts
uses: helm/[email protected]
with:
charts_dir: library
env:
CR_TOKEN: "${{ secrets.GITHUB_TOKEN }}"
CR_SKIP_EXISTING: true
- name: Release workload charts
uses: helm/[email protected]
env:
# GITHUB_TOKEN does not allow to create a new workflow run,
# so use alternative token to allow post-release workflow to run
# Source: https://docs.github.com/en/actions/security-guides/automatic-token-authentication#using-the-github_token-in-a-workflow
CR_TOKEN: "${{ secrets.K8S_AGENTS_BOT_TOKEN }}"
CR_SKIP_EXISTING: true
notify-failure:
if: ${{ always() && failure() && (github.event_name == 'schedule') }}
needs: [validate-gh-pages-index, release]
runs-on: ubuntu-latest
steps:
- name: Notify failure via Slack
uses: archive/[email protected]
with:
slack-bot-user-oauth-access-token: ${{ secrets.K8S_AGENTS_SLACK_TOKEN }}
slack-channel: ${{ secrets.K8S_AGENTS_SLACK_CHANNEL }}
slack-text: "❌ `${{ env.ORIGINAL_REPO_NAME }}`: <${{ github.server_url }}/${{ env.ORIGINAL_REPO_NAME }}/actions/runs/${{ github.run_id }}|'Release Charts' failed>."