index-update.yml

name: '[Index] Sync index.yaml with OCI releases'
on:
  schedule:
    - cron: "*/30 * * * *"
# Remove all permissions by default.
permissions: {}
jobs:
  find-new-releases:
    runs-on: ubuntu-latest
    name: Find new releases
    outputs:
      new-releases: ${{ steps.get-new-releases.outputs.new-releases }}
    permissions:
      contents: read
    steps:
      - id: checkout-repo
        name: Checkout repo
        uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683
        with:
          ref: index
          path: index
      - uses: oras-project/setup-oras@9c92598691bfef1424de2f8fae81941568f5889c
      - id: get-oci-index
        name: Get OCI index
        run: |
          oras pull registry-1.docker.io/bitnamicharts/charts-index:latest
          cat charts-index.json | yq -P | yq eval '. | .entries[] |= .versions' > ./oci_index.yaml
      - id: get-charts-index
        name: Get Charts index
        run: |
          cp index/bitnami/index.yaml ./charts_index.yaml
      - id: merge
        name: Generate merged index
        run: |
          yq eval-all '. as $item ireduce ({}; . *+ $item )' charts_index.yaml oci_index.yaml > duplicates_index.yaml
          yq eval '.entries[] |= unique_by(.name + .version)' duplicates_index.yaml > merged_index.yaml
      - id: get-new-releases
        name: Find new versions
        run: |
          yq eval '.entries[][] | .name + ":" + .version' charts_index.yaml |sort| uniq > charts_index_releases
          yq eval '.entries[][] | .name + ":" + .version' merged_index.yaml | sort| uniq > merged_index_releases
          new_releases="$(comm -13 charts_index_releases merged_index_releases | tr "\n" " " | sed 's/ $//')"
          if [ -n "${new_releases}" ]; then
              echo "Found new releases: ${new_releases}"
          else
              echo "No new releases detected"
          fi
          echo "new-releases=$new_releases" >> $GITHUB_OUTPUT
  update-index-and-promotions:
    runs-on: ubuntu-latest
    needs:
      - find-new-releases
    name: Update index and push promotions
    if: ${{ needs.find-new-releases.outputs.new-releases != '' }}
    steps:
      - name: Install helm
        run: |
          HELM_TARBALL="helm-v3.8.1-linux-amd64.tar.gz"
          curl -SsLfO "https://get.helm.sh/${HELM_TARBALL}" && sudo tar xf "$HELM_TARBALL" --strip-components 1 -C /usr/local/bin
          # Install file plugin
          helm plugin add https://github.com/zoobab/helm_file_repo
      - uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683
        with:
          ref: 'index'
          path: index
          # The token is persisted in the local git config and enables scripts to run authenticated git commands.
          token: ${{ secrets.BITNAMI_BOT_TOKEN }}
      - id: update-index-and-promotions
        name: Pull charts and update index
        env:
          AWS_ACCESS_KEY_ID: ${{ secrets.AWS_PROMOTION_ACCESS_KEY_ID }}
          AWS_SECRET_ACCESS_KEY: ${{ secrets.AWS_PROMOTION_SECRET_ACCESS_KEY }}
          AWS_PROMOTION_BUCKET: ${{ secrets.AWS_PROMOTION_BUCKET }}
          AWS_MAX_ATTEMPTS: 3
          AWS_DEFAULT_REGION: us-east-1
          NEW_RELEASES: ${{ needs.find-new-releases.outputs.new-releases }}
        run: |
          # Promotions template
          promotion_json_template=$(cat << "EOF"
          {
            "platform_id": $platform_id,
            "application": $chart_name,
            "external_id": "\($chart_name):\($chart_version)",
            "version": $app_version,
            "bundled_os_version": $bundled_os_version,
            "properties": {
                "chart_url": "oci://registry-1.docker.io/bitnamicharts/\($chart_name):\($chart_version)",
                "containers": $image_list,
                "github_repository": "bitnami/charts/tree/main/bitnami/\($chart_name)",
            }
          }
          EOF
          )

          cd index
          # Configure git
          git config user.name "Bitnami Containers"
          git config user.email "bitnami-bot@vmware.com"

          read -r -a new_releases_arr <<< $NEW_RELEASES
          for release in "${new_releases_arr[@]}"; do
            read -r -a release_arr <<< "$(tr ':' ' ' <<< "$release")"
            chart_name="${release_arr[0]}"
            chart_version="${release_arr[1]}"

            ## Update index
            # Download published asset
            mkdir ../download
            helm pull "oci://registry-1.docker.io/bitnamicharts/${chart_name}" --version "${chart_version}" --destination ../download
            # Rebuild index
            helm repo index --url oci://registry-1.docker.io/bitnamicharts --merge bitnami/index.yaml ../download
            # Replace .tgz in URL with OCI tag
            sed -i "s|oci://registry-1.docker.io/bitnamicharts/$chart_name-$chart_version.tgz|oci://registry-1.docker.io/bitnamicharts/$chart_name:$chart_version|" ../download/index.yaml

            # Check index integrity
            if [[ $(stat -c%s bitnami/index.yaml) -gt $(stat -c%s ../download/index.yaml) ]]; then
              echo "New index.yaml file is shorter than the current one"
              exit 1
            fi
            # Check repo can be loaded
            if ! helm repo add cache file://../download/ ; then
              echo "New index.yaml file can't be used as a file"
              exit 1
            else
              # Remove the repo
              helm repo remove cache
            fi
            cp ../download/index.yaml bitnami/index.yaml

            ## Build and push promotions
            tar -xzf ../download/${chart_name}-${chart_version}.tgz -C ../download
            image_list="[]"
            # Get image list (removing the registry)
            for chart_yaml in $(find "../download/${chart_name}" -name "Chart.yaml"); do
              image_list_aux="$(yq '.annotations.images' "${chart_yaml}" | yq '[ .[] | .image | sub("^[^/]+/", "") ] | tojson')"
              image_list="$(jq -c --null-input --argjson arr1 "$image_list" --argjson arr2 "$image_list_aux" '$arr1 + $arr2 | unique')"
            done
            app_version=$(yq '.appVersion' "../download/${chart_name}/Chart.yaml")
            release_date="$(date -u +"%Y/%m/%d")"
            file_prefix="$(date -u +"%s%3N-${chart_name}-${app_version}")"
            # Build JSON files
            jq --null-input \
              --arg platform_id "bitnami-chart-debian-x64" \
              --arg chart_name "${chart_name}" \
              --arg app_version "${app_version}" \
              --arg chart_version "${chart_version}" \
              --arg bundled_os_version "12" \
              --argjson image_list "${image_list}" "${promotion_json_template}" > "${file_prefix}-bitnami-chart-debian-x64.json"
            jq --null-input \
              --arg platform_id "vmware-chart-debian-x64" \
              --arg chart_name "${chart_name}" \
              --arg app_version "${app_version}" \
              --arg chart_version "${chart_version}" \
              --arg bundled_os_version "12" \
              --argjson image_list "${image_list}" "${promotion_json_template}" | jq '.properties += {"alias_platform_from": "bitnami-chart-debian-x64"}' > "${file_prefix}-vmware-chart-debian-x64.json"
            # Upload files to the release bucket
            aws s3 cp "${file_prefix}-bitnami-chart-debian-x64.json" "s3://${AWS_PROMOTION_BUCKET}/releases/${release_date}/${file_prefix}-bitnami-chart-debian-x64.json"
            aws s3 cp "${file_prefix}-vmware-chart-debian-x64.json" "s3://${AWS_PROMOTION_BUCKET}/releases/${release_date}/${file_prefix}-vmware-chart-debian-x64.json"

            # Remove chart files
            rm -rf ../download
          done

          # Avoid overriding index branch when remote commit does not match our checkout commit
          current_commit_id=$(git rev-parse index)

          # Push changes
          git add bitnami/index.yaml && git commit --signoff --amend --no-edit
          git push origin index --force-with-lease=index:${current_commit_id}