Skip to content

[Index] Sync index.yaml with OCI releases #10

[Index] Sync index.yaml with OCI releases

[Index] Sync index.yaml with OCI releases #10

Workflow file for this run

name: '[Index] Sync index.yaml with OCI releases'
on:
schedule:
- cron: "*/30 * * * *"
# Remove all permissions by default.
permissions: {}
jobs:
find-new-releases:
runs-on: ubuntu-latest
name: Find new releases
outputs:
new-releases: ${{ steps.get-new-releases.outputs.new-releases }}
permissions:
contents: read
steps:
- id: checkout-repo
name: Checkout repo
uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683
with:
ref: index
path: index
- uses: oras-project/setup-oras@9c92598691bfef1424de2f8fae81941568f5889c
- id: get-oci-index
name: Get OCI index
run: |
oras pull registry-1.docker.io/bitnamicharts/charts-index:latest
cat charts-index.json | yq -P | yq eval '. | .entries[] |= .versions' > ./oci_index.yaml
- id: get-charts-index
name: Get Charts index
run: |
cp index/bitnami/index.yaml ./charts_index.yaml
- id: merge
name: Generate merged index
run: |
yq eval-all '. as $item ireduce ({}; . *+ $item )' charts_index.yaml oci_index.yaml > duplicates_index.yaml
yq eval '.entries[] |= unique_by(.name + .version)' duplicates_index.yaml > merged_index.yaml
- id: get-new-releases
name: Find new versions
run: |
yq eval '.entries[][] | .name + ":" + .version' charts_index.yaml |sort| uniq > charts_index_releases
yq eval '.entries[][] | .name + ":" + .version' merged_index.yaml | sort| uniq > merged_index_releases
new_releases="$(comm -13 charts_index_releases merged_index_releases | tr "\n" " " | sed 's/ $//')"
if [ -n "${new_releases}" ]; then
echo "Found new releases: ${new_releases}"
else
echo "No new releases detected"
fi
echo "new-releases=$new_releases" >> $GITHUB_OUTPUT
update-index-and-promotions:
runs-on: ubuntu-latest
needs:
- find-new-releases
name: Update index and push promotions
if: ${{ needs.find-new-releases.outputs.new-releases != '' }}
steps:
- name: Install helm
run: |
HELM_TARBALL="helm-v3.8.1-linux-amd64.tar.gz"
curl -SsLfO "https://get.helm.sh/${HELM_TARBALL}" && sudo tar xf "$HELM_TARBALL" --strip-components 1 -C /usr/local/bin
# Install file plugin
helm plugin add https://github.com/zoobab/helm_file_repo
- uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683
with:
ref: 'index'
path: index
# The token is persisted in the local git config and enables scripts to run authenticated git commands.
token: ${{ secrets.BITNAMI_BOT_TOKEN }}
- id: update-index-and-promotions
name: Pull charts and update index
env:
AWS_ACCESS_KEY_ID: ${{ secrets.AWS_PROMOTION_ACCESS_KEY_ID }}
AWS_SECRET_ACCESS_KEY: ${{ secrets.AWS_PROMOTION_SECRET_ACCESS_KEY }}
AWS_PROMOTION_BUCKET: ${{ secrets.AWS_PROMOTION_BUCKET }}
AWS_MAX_ATTEMPTS: 3
AWS_DEFAULT_REGION: us-east-1
NEW_RELEASES: ${{ needs.find-new-releases.outputs.new-releases }}
run: |
# Promotions template
promotion_json_template=$(cat << "EOF"
{
"platform_id": $platform_id,
"application": $chart_name,
"external_id": "\($chart_name):\($chart_version)",
"version": $app_version,
"bundled_os_version": $bundled_os_version,
"properties": {
"chart_url": "oci://registry-1.docker.io/bitnamicharts/\($chart_name):\($chart_version)",
"containers": $image_list,
"github_repository": "bitnami/charts/tree/main/bitnami/\($chart_name)",
}
}
EOF
)
cd index
# Configure git
git config user.name "Bitnami Containers"
git config user.email "bitnami-bot@vmware.com"
read -r -a new_releases_arr <<< $NEW_RELEASES
for release in "${new_releases_arr[@]}"; do
read -r -a release_arr <<< "$(tr ':' ' ' <<< "$release")"
chart_name="${release_arr[0]}"
chart_version="${release_arr[1]}"
## Update index
# Download published asset
mkdir ../download
helm pull "oci://registry-1.docker.io/bitnamicharts/${chart_name}" --version "${chart_version}" --destination ../download
# Rebuild index
helm repo index --url oci://registry-1.docker.io/bitnamicharts --merge bitnami/index.yaml ../download
# Replace .tgz in URL with OCI tag
sed -i "s|oci://registry-1.docker.io/bitnamicharts/$chart_name-$chart_version.tgz|oci://registry-1.docker.io/bitnamicharts/$chart_name:$chart_version|" ../download/index.yaml
# Check index integrity
if [[ $(stat -c%s bitnami/index.yaml) -gt $(stat -c%s ../download/index.yaml) ]]; then
echo "New index.yaml file is shorter than the current one"
exit 1
fi
# Check repo can be loaded
if ! helm repo add cache file://../download/ ; then
echo "New index.yaml file can't be used as a file"
exit 1
else
# Remove the repo
helm repo remove cache
fi
cp ../download/index.yaml bitnami/index.yaml
## Build and push promotions
tar -xzf ../download/${chart_name}-${chart_version}.tgz -C ../download
image_list="[]"
# Get image list (removing the registry)
for chart_yaml in $(find "../download/${chart_name}" -name "Chart.yaml"); do
image_list_aux="$(yq '.annotations.images' "${chart_yaml}" | yq '[ .[] | .image | sub("^[^/]+/", "") ] | tojson')"
image_list="$(jq -c --null-input --argjson arr1 "$image_list" --argjson arr2 "$image_list_aux" '$arr1 + $arr2 | unique')"
done
app_version=$(yq '.appVersion' "../download/${chart_name}/Chart.yaml")
release_date="$(date -u +"%Y/%m/%d")"
file_prefix="$(date -u +"%s%3N-${chart_name}-${app_version}")"
# Build JSON files
jq --null-input \
--arg platform_id "bitnami-chart-debian-x64" \
--arg chart_name "${chart_name}" \
--arg app_version "${app_version}" \
--arg chart_version "${chart_version}" \
--arg bundled_os_version "12" \
--argjson image_list "${image_list}" "${promotion_json_template}" > "${file_prefix}-bitnami-chart-debian-x64.json"
jq --null-input \
--arg platform_id "vmware-chart-debian-x64" \
--arg chart_name "${chart_name}" \
--arg app_version "${app_version}" \
--arg chart_version "${chart_version}" \
--arg bundled_os_version "12" \
--argjson image_list "${image_list}" "${promotion_json_template}" | jq '.properties += {"alias_platform_from": "bitnami-chart-debian-x64"}' > "${file_prefix}-vmware-chart-debian-x64.json"
# Upload files to the release bucket
aws s3 cp "${file_prefix}-bitnami-chart-debian-x64.json" "s3://${AWS_PROMOTION_BUCKET}/releases/${release_date}/${file_prefix}-bitnami-chart-debian-x64.json"
aws s3 cp "${file_prefix}-vmware-chart-debian-x64.json" "s3://${AWS_PROMOTION_BUCKET}/releases/${release_date}/${file_prefix}-vmware-chart-debian-x64.json"
# Remove chart files
rm -rf ../download
done
# Avoid overriding index branch when remote commit does not match our checkout commit
current_commit_id=$(git rev-parse index)
# Push changes
git add bitnami/index.yaml && git commit --signoff --amend --no-edit
git push origin index --force-with-lease=index:${current_commit_id}