diff --git a/.github/workflows/release_chart.yaml b/.github/workflows/release_chart.yaml index c86a0b37d..e912a98d0 100644 --- a/.github/workflows/release_chart.yaml +++ b/.github/workflows/release_chart.yaml @@ -1,183 +1,183 @@ -name: release_chart - -on: - release: - types: - - published - - edited - -jobs: - release_chart: - name: Release Chart - permissions: - contents: write - runs-on: ubuntu-latest - steps: - - name: Checkout - uses: actions/checkout@v4 - with: - fetch-depth: 0 - - - name: Install chart-releaser - run: | - wget https://github.com/helm/chart-releaser/releases/download/v1.4.1/chart-releaser_1.4.1_linux_amd64.tar.gz - tar -zxf chart-releaser_1.4.1_linux_amd64.tar.gz cr - sudo install cr /usr/local/bin/ - rm -f cr chart-releaser_1.4.1_linux_amd64.tar.gz - - - name: Package Chart - run: cr package deploy/helm/clickhouse-operator - - - name: Get Release Assets - id: get_assets - run: | - CHART_PATH=$(ls .cr-release-packages/altinity-clickhouse-operator-*.tgz) - ASSET_NAME=$(basename ${CHART_PATH}) - ASSET_ID=$(curl -s -H "Authorization: Bearer ${{ secrets.GITHUB_TOKEN }}" \ - "https://api.github.com/repos/${{ github.repository }}/releases/${{ github.event.release.id }}/assets" | \ - jq -r ".[] | select(.name == \"$ASSET_NAME\") | .id") - - echo "Asset ID is $ASSET_ID" - echo "asset_id=$ASSET_ID" >> $GITHUB_OUTPUT - - - name: Delete Existing Release Artifacts - if: steps.get_assets.outputs.asset_id != '' - run: | - curl -X DELETE -H "Authorization: Bearer ${{ secrets.GITHUB_TOKEN }}" \ - "https://api.github.com/repos/${{ github.repository }} - - - name: Upload Release Artifacts - run: | - CHART_PATH=$(ls .cr-release-packages/altinity-clickhouse-operator-*.tgz) - curl -X POST \ - -H "Accept: application/vnd.github+json" \ - -H "Authorization: Bearer ${{ secrets.GITHUB_TOKEN }}" \ - -H "Content-Type: application/gzip" \ - -T "${CHART_PATH}" \ - "https://uploads.github.com/repos/${GITHUB_REPOSITORY}/releases/${{ github.event.release.id }}/assets?name=$(basename ${CHART_PATH})" - - name: Validate Helm Repository Configuration - run: | - if [ -z "${{ secrets.HELM_GITHUB_TOKEN }}" ]; then - echo "ERROR: HELM_GITHUB_TOKEN secret is not set or is empty" - echo "Please add HELM_GITHUB_TOKEN to repository secrets with write access to the helm repository" - exit 1 - fi - - if [ -z "${{ vars.HELM_GITHUB_REPOSITORY }}" ]; then - echo "ERROR: HELM_GITHUB_REPOSITORY variable is not set or is empty" - echo "Please add HELM_GITHUB_REPOSITORY to repository variables (Settings -> Secrets and variables -> Actions -> Variables)" - exit 1 - fi - - echo "Configuration validated:" - echo " HELM_GITHUB_REPOSITORY: ${{ vars.HELM_GITHUB_REPOSITORY }}" - echo " HELM_GITHUB_TOKEN: [SET]" - - - name: Upload Release Artifacts to Helm Repo - run: | - cr upload \ - --git-repo=${{ vars.HELM_GITHUB_REPOSITORY }} \ - --owner=${GITHUB_REPOSITORY_OWNER} \ - --release-name-template=${{ github.event.release.name }} \ - --token=${{ secrets.HELM_GITHUB_TOKEN }} \ - --package-path=.cr-release-packages \ - --skip-existing - - name: Configure Git - run: | - git config user.name "$GITHUB_ACTOR" - git config user.email "$GITHUB_ACTOR@users.noreply.github.com" - - name: Release Chart to Operator Repo - run: | - git remote add httpsorigin "https://github.com/${GITHUB_REPOSITORY}.git" - git fetch httpsorigin - cr index \ - --git-repo=${GITHUB_REPOSITORY#*/} \ - --owner=${GITHUB_REPOSITORY_OWNER} \ - --release-name-template=${{ github.event.release.name }} \ - --token=${{ secrets.GITHUB_TOKEN }} \ - --index-path=index.yaml \ - --remote=httpsorigin \ - --push - - name: Release Chart to Helm Repo - run: | - # Validate configuration before attempting to push - if [ -z "${{ vars.HELM_GITHUB_REPOSITORY }}" ]; then - echo "ERROR: HELM_GITHUB_REPOSITORY variable is not set or is empty" - echo "This step requires HELM_GITHUB_REPOSITORY to be set in repository variables" - echo "Go to: Settings -> Secrets and variables -> Actions -> Variables" - exit 1 - fi - - if [ -z "${{ secrets.HELM_GITHUB_TOKEN }}" ]; then - echo "ERROR: HELM_GITHUB_TOKEN secret is not set or is empty" - echo "This step requires HELM_GITHUB_TOKEN with write access to: ${GITHUB_REPOSITORY_OWNER}/${{ vars.HELM_GITHUB_REPOSITORY }}" - echo "Go to: Settings -> Secrets and variables -> Actions -> Secrets" - exit 1 - fi - - echo "Attempting to push to helm repository: ${GITHUB_REPOSITORY_OWNER}/${{ vars.HELM_GITHUB_REPOSITORY }}" - - # Test token authentication - echo "Testing token authentication..." - TOKEN_USER=$(curl -sS -H "Authorization: token ${{ secrets.HELM_GITHUB_TOKEN }}" https://api.github.com/user | jq -r '.login') - echo "Token authenticated as user: ${TOKEN_USER}" - - # Save current directory - WORK_DIR=$(pwd) - - # Create a temporary directory for helm repo operations - TEMP_DIR=$(mktemp -d) - cd "$TEMP_DIR" - - # Clone the helm repository WITHOUT token in URL to avoid masking issues - echo "Cloning helm repository to temporary directory..." - git clone https://github.com/${GITHUB_REPOSITORY_OWNER}/${{ vars.HELM_GITHUB_REPOSITORY }}.git helm-repo || { - echo "ERROR: Failed to clone helm repository" - echo "Please verify:" - echo " 1. Repository exists: ${GITHUB_REPOSITORY_OWNER}/${{ vars.HELM_GITHUB_REPOSITORY }}" - exit 1 - } - - cd helm-repo - - # Configure git credentials for push - git config user.email "$GITHUB_ACTOR@users.noreply.github.com" - git config user.name "$GITHUB_ACTOR" - - # Set up authentication using git credential helper - git config credential.helper "store --file=.git/credentials" - echo "https://x-access-token:${{ secrets.HELM_GITHUB_TOKEN }}@github.com" > .git/credentials - - # Now use cr index from within the helm repo to avoid history conflicts - echo "Generating index.yaml within helm repository context..." - - # Copy the package to a local directory within helm repo - mkdir -p .cr-release-packages - cp "$WORK_DIR"/.cr-release-packages/*.tgz .cr-release-packages/ || { - echo "ERROR: No chart packages found in .cr-release-packages" - exit 1 - } - - # Generate index with cr (this will handle the gh-pages branch automatically) - cr index \ - --git-repo=${{ vars.HELM_GITHUB_REPOSITORY }} \ - --owner=${GITHUB_REPOSITORY_OWNER} \ - --release-name-template=${{ github.event.release.name }} \ - --token=${{ secrets.HELM_GITHUB_TOKEN }} \ - --package-path=.cr-release-packages \ - --index-path=index.yaml \ - --push || { - echo "ERROR: Failed to generate or push index to helm repository" - echo "Debug: Current directory is $(pwd)" - echo "Debug: Git remotes:" - git remote -v - echo "Debug: Git status:" - git status - exit 1 - } - - echo "Successfully updated helm repository index" - - # Cleanup - cd / - rm -rf "$TEMP_DIR" +name: release_chart + +on: + release: + types: + - published + - edited + +jobs: + release_chart: + name: Release Chart + permissions: + contents: write + runs-on: ubuntu-latest + steps: + - name: Checkout + uses: actions/checkout@v4 + with: + fetch-depth: 0 + + - name: Install chart-releaser + run: | + wget https://github.com/helm/chart-releaser/releases/download/v1.4.1/chart-releaser_1.4.1_linux_amd64.tar.gz + tar -zxf chart-releaser_1.4.1_linux_amd64.tar.gz cr + sudo install cr /usr/local/bin/ + rm -f cr chart-releaser_1.4.1_linux_amd64.tar.gz + + - name: Package Chart + run: cr package deploy/helm/clickhouse-operator + + - name: Get Release Assets + id: get_assets + run: | + CHART_PATH=$(ls .cr-release-packages/altinity-clickhouse-operator-*.tgz) + ASSET_NAME=$(basename ${CHART_PATH}) + ASSET_ID=$(curl -s -H "Authorization: Bearer ${{ secrets.GITHUB_TOKEN }}" \ + "https://api.github.com/repos/${{ github.repository }}/releases/${{ github.event.release.id }}/assets" | \ + jq -r ".[] | select(.name == \"$ASSET_NAME\") | .id") + + echo "Asset ID is $ASSET_ID" + echo "asset_id=$ASSET_ID" >> $GITHUB_OUTPUT + + - name: Delete Existing Release Artifacts + if: steps.get_assets.outputs.asset_id != '' + run: | + curl -X DELETE -H "Authorization: Bearer ${{ secrets.GITHUB_TOKEN }}" \ + "https://api.github.com/repos/${{ github.repository }}/releases/${{ github.event.release.id }}/assets/${{ steps.get_assets.outputs.asset_id }}" + + - name: Upload Release Artifacts + run: | + CHART_PATH=$(ls .cr-release-packages/altinity-clickhouse-operator-*.tgz) + curl -X POST \ + -H "Accept: application/vnd.github+json" \ + -H "Authorization: Bearer ${{ secrets.GITHUB_TOKEN }}" \ + -H "Content-Type: application/gzip" \ + -T "${CHART_PATH}" \ + "https://uploads.github.com/repos/${GITHUB_REPOSITORY}/releases/${{ github.event.release.id }}/assets?name=$(basename ${CHART_PATH})" + - name: Validate Helm Repository Configuration + run: | + if [ -z "${{ secrets.HELM_GITHUB_TOKEN }}" ]; then + echo "ERROR: HELM_GITHUB_TOKEN secret is not set or is empty" + echo "Please add HELM_GITHUB_TOKEN to repository secrets with write access to the helm repository" + exit 1 + fi + + if [ -z "${{ vars.HELM_GITHUB_REPOSITORY }}" ]; then + echo "ERROR: HELM_GITHUB_REPOSITORY variable is not set or is empty" + echo "Please add HELM_GITHUB_REPOSITORY to repository variables (Settings -> Secrets and variables -> Actions -> Variables)" + exit 1 + fi + + echo "Configuration validated:" + echo " HELM_GITHUB_REPOSITORY: ${{ vars.HELM_GITHUB_REPOSITORY }}" + echo " HELM_GITHUB_TOKEN: [SET]" + + - name: Upload Release Artifacts to Helm Repo + run: | + cr upload \ + --git-repo=${{ vars.HELM_GITHUB_REPOSITORY }} \ + --owner=${GITHUB_REPOSITORY_OWNER} \ + --release-name-template=${{ github.event.release.name }} \ + --token=${{ secrets.HELM_GITHUB_TOKEN }} \ + --package-path=.cr-release-packages \ + --skip-existing + - name: Configure Git + run: | + git config user.name "$GITHUB_ACTOR" + git config user.email "$GITHUB_ACTOR@users.noreply.github.com" + - name: Release Chart to Operator Repo + run: | + git remote add httpsorigin "https://github.com/${GITHUB_REPOSITORY}.git" + git fetch httpsorigin + cr index \ + --git-repo=${GITHUB_REPOSITORY#*/} \ + --owner=${GITHUB_REPOSITORY_OWNER} \ + --release-name-template=${{ github.event.release.name }} \ + --token=${{ secrets.GITHUB_TOKEN }} \ + --index-path=index.yaml \ + --remote=httpsorigin \ + --push + - name: Release Chart to Helm Repo + run: | + # Validate configuration before attempting to push + if [ -z "${{ vars.HELM_GITHUB_REPOSITORY }}" ]; then + echo "ERROR: HELM_GITHUB_REPOSITORY variable is not set or is empty" + echo "This step requires HELM_GITHUB_REPOSITORY to be set in repository variables" + echo "Go to: Settings -> Secrets and variables -> Actions -> Variables" + exit 1 + fi + + if [ -z "${{ secrets.HELM_GITHUB_TOKEN }}" ]; then + echo "ERROR: HELM_GITHUB_TOKEN secret is not set or is empty" + echo "This step requires HELM_GITHUB_TOKEN with write access to: ${GITHUB_REPOSITORY_OWNER}/${{ vars.HELM_GITHUB_REPOSITORY }}" + echo "Go to: Settings -> Secrets and variables -> Actions -> Secrets" + exit 1 + fi + + echo "Attempting to push to helm repository: ${GITHUB_REPOSITORY_OWNER}/${{ vars.HELM_GITHUB_REPOSITORY }}" + + # Test token authentication + echo "Testing token authentication..." + TOKEN_USER=$(curl -sS -H "Authorization: token ${{ secrets.HELM_GITHUB_TOKEN }}" https://api.github.com/user | jq -r '.login') + echo "Token authenticated as user: ${TOKEN_USER}" + + # Save current directory + WORK_DIR=$(pwd) + + # Create a temporary directory for helm repo operations + TEMP_DIR=$(mktemp -d) + cd "$TEMP_DIR" + + # Clone the helm repository WITHOUT token in URL to avoid masking issues + echo "Cloning helm repository to temporary directory..." + git clone https://github.com/${GITHUB_REPOSITORY_OWNER}/${{ vars.HELM_GITHUB_REPOSITORY }}.git helm-repo || { + echo "ERROR: Failed to clone helm repository" + echo "Please verify:" + echo " 1. Repository exists: ${GITHUB_REPOSITORY_OWNER}/${{ vars.HELM_GITHUB_REPOSITORY }}" + exit 1 + } + + cd helm-repo + + # Configure git credentials for push + git config user.email "$GITHUB_ACTOR@users.noreply.github.com" + git config user.name "$GITHUB_ACTOR" + + # Set up authentication using git credential helper + git config credential.helper "store --file=.git/credentials" + echo "https://x-access-token:${{ secrets.HELM_GITHUB_TOKEN }}@github.com" > .git/credentials + + # Now use cr index from within the helm repo to avoid history conflicts + echo "Generating index.yaml within helm repository context..." + + # Copy the package to a local directory within helm repo + mkdir -p .cr-release-packages + cp "$WORK_DIR"/.cr-release-packages/*.tgz .cr-release-packages/ || { + echo "ERROR: No chart packages found in .cr-release-packages" + exit 1 + } + + # Generate index with cr (this will handle the gh-pages branch automatically) + cr index \ + --git-repo=${{ vars.HELM_GITHUB_REPOSITORY }} \ + --owner=${GITHUB_REPOSITORY_OWNER} \ + --release-name-template=${{ github.event.release.name }} \ + --token=${{ secrets.HELM_GITHUB_TOKEN }} \ + --package-path=.cr-release-packages \ + --index-path=index.yaml \ + --push || { + echo "ERROR: Failed to generate or push index to helm repository" + echo "Debug: Current directory is $(pwd)" + echo "Debug: Git remotes:" + git remote -v + echo "Debug: Git status:" + git status + exit 1 + } + + echo "Successfully updated helm repository index" + + # Cleanup + cd / + rm -rf "$TEMP_DIR"