Skip to content
Release Helm Chart by Branch

chore: trigger branch helm/image publish #13

Sign in to view logs

chore: trigger branch helm/image publish

chore: trigger branch helm/image publish #13

Workflow file for this run

.github/workflows/release-helm-chart-by-branch.yaml at 6e9f70a
name: Release Helm Chart by Branch
on:
push:
branches:
- master-copy
paths:
- 'deployments/kubernetes/chart/reloader/**'
workflow_dispatch: {}
permissions:
contents: write
packages: write
concurrency:
group: helm-chart-release-branch-${{ github.ref_name }}
cancel-in-progress: false
env:
# OCI repo will be computed and exported later to ensure lowercase
OCI_REPO: ""
NODEOPS_REGISTRY: reg.nodeops.xyz
jobs:
release:
runs-on: ubuntu-latest
steps:
- name: Checkout
uses: actions/checkout@v4
with:
fetch-depth: 0
- name: Configure Git
run: |
git config user.name "${GITHUB_ACTOR}"
git config user.email "${GITHUB_ACTOR}@users.noreply.github.com"
- name: Set up Helm
uses: azure/setup-helm@v4
with:
version: v3.14.0
- name: Read new chart version
id: newver
run: |
ver=$(grep '^version:' deployments/kubernetes/chart/reloader/Chart.yaml | awk '{print $2}')
echo "version=$ver" >> $GITHUB_OUTPUT
- name: Fetch existing branch index (if any)
id: prev
run: |
set -e
BRANCH_SAFE="${GITHUB_REF_NAME//\//-}"
URL="https://${{ github.repository_owner }}.github.io/${GITHUB_REPOSITORY#*/}/branches/${BRANCH_SAFE}/index.yaml"
echo "url=$URL" >> $GITHUB_OUTPUT
if curl -fsS "$URL" -o existing-index.yaml; then
latest=$(yq '.entries.reloader | sort_by(.version)[-1].version' existing-index.yaml || true)
echo "latest=$latest" >> $GITHUB_OUTPUT
else
echo "latest=" >> $GITHUB_OUTPUT
fi
- name: Ensure version increment
run: |
set -e
new="${{ steps.newver.outputs.version }}"
old="${{ steps.prev.outputs.latest }}"
if [ -n "$old" ]; then
# naive semver compare using sort -V
ordered=$(printf "%s\n%s\n" "$old" "$new" | sort -V | tail -n1)
if [ "$ordered" != "$new" ] || [ "$old" = "$new" ]; then
echo "Chart version $new is not greater than previous $old" >&2
exit 1
fi
fi
echo "Version check passed (old=$old new=$new)"
- name: Package chart
run: |
helm package deployments/kubernetes/chart/reloader --destination dist
ls -l dist
- name: Set up Docker Buildx (for NodeOps image build)
uses: docker/setup-buildx-action@v3
- name: Login to NodeOps Registry
uses: docker/login-action@v3
with:
registry: ${{ env.NODEOPS_REGISTRY }}
username: ${{ secrets.NODEOPS_REGISTRY_USERNAME }}
password: ${{ secrets.NODEOPS_REGISTRY_PASSWORD }}
- name: Build and Push NodeOps Images (version + vault-watcher)
run: |
set -e
ver='${{ steps.newver.outputs.version }}'
build_date=$(date -u +'%Y-%m-%dT%H:%M:%SZ')
echo "Building multi-arch image for version $ver"
docker buildx build \
--platform linux/amd64,linux/arm64 \
--build-arg VERSION=$ver \
--build-arg COMMIT=${{ github.sha }} \
--build-arg BUILD_DATE=$build_date \
-t ${{ env.NODEOPS_REGISTRY }}/devops/reloader:$ver \
-t ${{ env.NODEOPS_REGISTRY }}/devops/reloader:vault-watcher \
--push .
echo "NodeOps images pushed: $ver and vault-watcher"
- name: Compute OCI repo (lowercase owner)
run: |
OWNER_LOWER=$(echo "${{ github.repository_owner }}" | tr 'A-Z' 'a-z')
echo "OCI_REPO=ghcr.io/${OWNER_LOWER}/reloader" >> $GITHUB_ENV
echo "Computed OCI repo: ghcr.io/${OWNER_LOWER}/reloader"
- name: Push OCI package (optional, ignore failure)
run: |
set -e
echo "Logging into GHCR for OCI push"
echo ${{ github.token }} | helm registry login ghcr.io --username ${{ github.actor }} --password-stdin || true
if [ -z "$OCI_REPO" ]; then echo "OCI_REPO empty, skipping push"; exit 0; fi
echo "Attempting helm push to oci://$OCI_REPO"
helm push dist/*.tgz oci://$OCI_REPO || echo "OCI push failed or skipped"
- name: Update gh-pages branch (branch-scoped index)
run: |
set -euo pipefail
SAFE="${GITHUB_REF_NAME//\//-}"
git fetch origin gh-pages || true
if git rev-parse --verify origin/gh-pages >/dev/null 2>&1; then
git checkout gh-pages
git reset --hard origin/gh-pages
else
git checkout --orphan gh-pages
git reset --hard
touch .nojekyll
git add .nojekyll
git commit -m "init gh-pages"
fi
# Ensure git identity is present (in case earlier step was skipped)
git config user.name "${GITHUB_ACTOR}" || true
git config user.email "${GITHUB_ACTOR}@users.noreply.github.com" || true
mkdir -p branches/$SAFE
cp dist/*.tgz branches/$SAFE/
if [ -f branches/$SAFE/index.yaml ]; then
helm repo index branches/$SAFE --url "https://${{ github.repository_owner }}.github.io/${GITHUB_REPOSITORY#*/}/branches/${SAFE}" --merge branches/$SAFE/index.yaml
else
helm repo index branches/$SAFE --url "https://${{ github.repository_owner }}.github.io/${GITHUB_REPOSITORY#*/}/branches/${SAFE}"
fi
# --- Root index dual publish ---
# Maintain a root-level index.yaml so standard repo URL works without branch path.
# Copy new artifact to root and merge index preserving history.
if ls *.tgz >/dev/null 2>&1; then
echo "Moving packaged chart(s) to root for dual publish"
cp dist/*.tgz .
if [ -f index.yaml ]; then
helm repo index . --url "https://${{ github.repository_owner }}.github.io/${GITHUB_REPOSITORY#*/}" --merge index.yaml
else
helm repo index . --url "https://${{ github.repository_owner }}.github.io/${GITHUB_REPOSITORY#*/}"
fi
git add *.tgz index.yaml
fi
git add branches/$SAFE
if git diff --cached --quiet; then
echo "No changes to commit for branch repository"
else
git commit -m "chore(chart): publish reloader ${{ steps.newver.outputs.version }} (branch $SAFE + root index)"
fi
git push origin gh-pages
# Clean working tree to avoid checkout conflicts
git reset --hard
git checkout "${GITHUB_REF_NAME}"
- name: Create chart tag
run: |
set -e
ver="${{ steps.newver.outputs.version }}"
git tag -f chart-v$ver || true
git push -f origin refs/tags/chart-v$ver
- name: Summary
run: |
echo "Branch chart published. Add repo via:"
echo "helm repo add reloader https://${{ github.repository_owner }}.github.io/${GITHUB_REPOSITORY#*/}/branches/${GITHUB_REF_NAME//\//-}"