Skip to content

fix: correctly delete existing helm release artifacts by appending asset ID to URL #1827

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Merged
alex-zaitsev merged 1 commit into from
Sep 27, 2025
+183 −183
Merged

fix: correctly delete existing helm release artifacts by appending asset ID to URL #1827

Changes from all commits
Commits
Show all changes
1 commit
Select commit
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
366 changes: 183 additions & 183 deletions .github/workflows/release_chart.yaml
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -1,183 +1,183 @@
name: release_chart

on:
release:
types:
- published
- edited

jobs:
release_chart:
name: Release Chart
permissions:
contents: write
runs-on: ubuntu-latest
steps:
- name: Checkout
uses: actions/checkout@v4
with:
fetch-depth: 0

- name: Install chart-releaser
run: |
wget https://github.com/helm/chart-releaser/releases/download/v1.4.1/chart-releaser_1.4.1_linux_amd64.tar.gz
tar -zxf chart-releaser_1.4.1_linux_amd64.tar.gz cr
sudo install cr /usr/local/bin/
rm -f cr chart-releaser_1.4.1_linux_amd64.tar.gz

- name: Package Chart
run: cr package deploy/helm/clickhouse-operator

- name: Get Release Assets
id: get_assets
run: |
CHART_PATH=$(ls .cr-release-packages/altinity-clickhouse-operator-*.tgz)
ASSET_NAME=$(basename ${CHART_PATH})
ASSET_ID=$(curl -s -H "Authorization: Bearer ${{ secrets.GITHUB_TOKEN }}" \
"https://api.github.com/repos/${{ github.repository }}/releases/${{ github.event.release.id }}/assets" | \
jq -r ".[] | select(.name == \"$ASSET_NAME\") | .id")

echo "Asset ID is $ASSET_ID"
echo "asset_id=$ASSET_ID" >> $GITHUB_OUTPUT

- name: Delete Existing Release Artifacts
if: steps.get_assets.outputs.asset_id != ''
run: |
curl -X DELETE -H "Authorization: Bearer ${{ secrets.GITHUB_TOKEN }}" \
"https://api.github.com/repos/${{ github.repository }}

- name: Upload Release Artifacts
run: |
CHART_PATH=$(ls .cr-release-packages/altinity-clickhouse-operator-*.tgz)
curl -X POST \
-H "Accept: application/vnd.github+json" \
-H "Authorization: Bearer ${{ secrets.GITHUB_TOKEN }}" \
-H "Content-Type: application/gzip" \
-T "${CHART_PATH}" \
"https://uploads.github.com/repos/${GITHUB_REPOSITORY}/releases/${{ github.event.release.id }}/assets?name=$(basename ${CHART_PATH})"
- name: Validate Helm Repository Configuration
run: |
if [ -z "${{ secrets.HELM_GITHUB_TOKEN }}" ]; then
echo "ERROR: HELM_GITHUB_TOKEN secret is not set or is empty"
echo "Please add HELM_GITHUB_TOKEN to repository secrets with write access to the helm repository"
exit 1
fi

if [ -z "${{ vars.HELM_GITHUB_REPOSITORY }}" ]; then
echo "ERROR: HELM_GITHUB_REPOSITORY variable is not set or is empty"
echo "Please add HELM_GITHUB_REPOSITORY to repository variables (Settings -> Secrets and variables -> Actions -> Variables)"
exit 1
fi

echo "Configuration validated:"
echo " HELM_GITHUB_REPOSITORY: ${{ vars.HELM_GITHUB_REPOSITORY }}"
echo " HELM_GITHUB_TOKEN: [SET]"

- name: Upload Release Artifacts to Helm Repo
run: |
cr upload \
--git-repo=${{ vars.HELM_GITHUB_REPOSITORY }} \
--owner=${GITHUB_REPOSITORY_OWNER} \
--release-name-template=${{ github.event.release.name }} \
--token=${{ secrets.HELM_GITHUB_TOKEN }} \
--package-path=.cr-release-packages \
--skip-existing
- name: Configure Git
run: |
git config user.name "$GITHUB_ACTOR"
git config user.email "[email protected]"
- name: Release Chart to Operator Repo
run: |
git remote add httpsorigin "https://github.com/${GITHUB_REPOSITORY}.git"
git fetch httpsorigin
cr index \
--git-repo=${GITHUB_REPOSITORY#*/} \
--owner=${GITHUB_REPOSITORY_OWNER} \
--release-name-template=${{ github.event.release.name }} \
--token=${{ secrets.GITHUB_TOKEN }} \
--index-path=index.yaml \
--remote=httpsorigin \
--push
- name: Release Chart to Helm Repo
run: |
# Validate configuration before attempting to push
if [ -z "${{ vars.HELM_GITHUB_REPOSITORY }}" ]; then
echo "ERROR: HELM_GITHUB_REPOSITORY variable is not set or is empty"
echo "This step requires HELM_GITHUB_REPOSITORY to be set in repository variables"
echo "Go to: Settings -> Secrets and variables -> Actions -> Variables"
exit 1
fi

if [ -z "${{ secrets.HELM_GITHUB_TOKEN }}" ]; then
echo "ERROR: HELM_GITHUB_TOKEN secret is not set or is empty"
echo "This step requires HELM_GITHUB_TOKEN with write access to: ${GITHUB_REPOSITORY_OWNER}/${{ vars.HELM_GITHUB_REPOSITORY }}"
echo "Go to: Settings -> Secrets and variables -> Actions -> Secrets"
exit 1
fi

echo "Attempting to push to helm repository: ${GITHUB_REPOSITORY_OWNER}/${{ vars.HELM_GITHUB_REPOSITORY }}"

# Test token authentication
echo "Testing token authentication..."
TOKEN_USER=$(curl -sS -H "Authorization: token ${{ secrets.HELM_GITHUB_TOKEN }}" https://api.github.com/user | jq -r '.login')
echo "Token authenticated as user: ${TOKEN_USER}"

# Save current directory
WORK_DIR=$(pwd)

# Create a temporary directory for helm repo operations
TEMP_DIR=$(mktemp -d)
cd "$TEMP_DIR"

# Clone the helm repository WITHOUT token in URL to avoid masking issues
echo "Cloning helm repository to temporary directory..."
git clone https://github.com/${GITHUB_REPOSITORY_OWNER}/${{ vars.HELM_GITHUB_REPOSITORY }}.git helm-repo || {
echo "ERROR: Failed to clone helm repository"
echo "Please verify:"
echo " 1. Repository exists: ${GITHUB_REPOSITORY_OWNER}/${{ vars.HELM_GITHUB_REPOSITORY }}"
exit 1
}

cd helm-repo

# Configure git credentials for push
git config user.email "[email protected]"
git config user.name "$GITHUB_ACTOR"

# Set up authentication using git credential helper
git config credential.helper "store --file=.git/credentials"
echo "https://x-access-token:${{ secrets.HELM_GITHUB_TOKEN }}@github.com" > .git/credentials

# Now use cr index from within the helm repo to avoid history conflicts
echo "Generating index.yaml within helm repository context..."

# Copy the package to a local directory within helm repo
mkdir -p .cr-release-packages
cp "$WORK_DIR"/.cr-release-packages/*.tgz .cr-release-packages/ || {
echo "ERROR: No chart packages found in .cr-release-packages"
exit 1
}

# Generate index with cr (this will handle the gh-pages branch automatically)
cr index \
--git-repo=${{ vars.HELM_GITHUB_REPOSITORY }} \
--owner=${GITHUB_REPOSITORY_OWNER} \
--release-name-template=${{ github.event.release.name }} \
--token=${{ secrets.HELM_GITHUB_TOKEN }} \
--package-path=.cr-release-packages \
--index-path=index.yaml \
--push || {
echo "ERROR: Failed to generate or push index to helm repository"
echo "Debug: Current directory is $(pwd)"
echo "Debug: Git remotes:"
git remote -v
echo "Debug: Git status:"
git status
exit 1
}

echo "Successfully updated helm repository index"

# Cleanup
cd /
rm -rf "$TEMP_DIR"
name: release_chart
on:
release:
types:
- published
- edited
jobs:
release_chart:
name: Release Chart
permissions:
contents: write
runs-on: ubuntu-latest
steps:
- name: Checkout
uses: actions/checkout@v4
with:
fetch-depth: 0
- name: Install chart-releaser
run: |
wget https://github.com/helm/chart-releaser/releases/download/v1.4.1/chart-releaser_1.4.1_linux_amd64.tar.gz
tar -zxf chart-releaser_1.4.1_linux_amd64.tar.gz cr
sudo install cr /usr/local/bin/
rm -f cr chart-releaser_1.4.1_linux_amd64.tar.gz
- name: Package Chart
run: cr package deploy/helm/clickhouse-operator
- name: Get Release Assets
id: get_assets
run: |
CHART_PATH=$(ls .cr-release-packages/altinity-clickhouse-operator-*.tgz)
ASSET_NAME=$(basename ${CHART_PATH})
ASSET_ID=$(curl -s -H "Authorization: Bearer ${{ secrets.GITHUB_TOKEN }}" \
"https://api.github.com/repos/${{ github.repository }}/releases/${{ github.event.release.id }}/assets" | \
jq -r ".[] | select(.name == \"$ASSET_NAME\") | .id")
echo "Asset ID is $ASSET_ID"
echo "asset_id=$ASSET_ID" >> $GITHUB_OUTPUT
- name: Delete Existing Release Artifacts
if: steps.get_assets.outputs.asset_id != ''
run: |
curl -X DELETE -H "Authorization: Bearer ${{ secrets.GITHUB_TOKEN }}" \
"https://api.github.com/repos/${{ github.repository }}/releases/${{ github.event.release.id }}/assets/${{ steps.get_assets.outputs.asset_id }}"
Copy link
Collaborator Author

@Slach Slach Sep 26, 2025

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

i really happy we found it

Copy link
Member

@alex-zaitsev alex-zaitsev Sep 27, 2025

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Well, the level of this token access does not allow to delete repo, but thanks anyway

- name: Upload Release Artifacts
run: |
CHART_PATH=$(ls .cr-release-packages/altinity-clickhouse-operator-*.tgz)
curl -X POST \
-H "Accept: application/vnd.github+json" \
-H "Authorization: Bearer ${{ secrets.GITHUB_TOKEN }}" \
-H "Content-Type: application/gzip" \
-T "${CHART_PATH}" \
"https://uploads.github.com/repos/${GITHUB_REPOSITORY}/releases/${{ github.event.release.id }}/assets?name=$(basename ${CHART_PATH})"
- name: Validate Helm Repository Configuration
run: |
if [ -z "${{ secrets.HELM_GITHUB_TOKEN }}" ]; then
echo "ERROR: HELM_GITHUB_TOKEN secret is not set or is empty"
echo "Please add HELM_GITHUB_TOKEN to repository secrets with write access to the helm repository"
exit 1
fi
if [ -z "${{ vars.HELM_GITHUB_REPOSITORY }}" ]; then
echo "ERROR: HELM_GITHUB_REPOSITORY variable is not set or is empty"
echo "Please add HELM_GITHUB_REPOSITORY to repository variables (Settings -> Secrets and variables -> Actions -> Variables)"
exit 1
fi
echo "Configuration validated:"
echo " HELM_GITHUB_REPOSITORY: ${{ vars.HELM_GITHUB_REPOSITORY }}"
echo " HELM_GITHUB_TOKEN: [SET]"
- name: Upload Release Artifacts to Helm Repo
run: |
cr upload \
--git-repo=${{ vars.HELM_GITHUB_REPOSITORY }} \
--owner=${GITHUB_REPOSITORY_OWNER} \
--release-name-template=${{ github.event.release.name }} \
--token=${{ secrets.HELM_GITHUB_TOKEN }} \
--package-path=.cr-release-packages \
--skip-existing
- name: Configure Git
run: |
git config user.name "$GITHUB_ACTOR"
git config user.email "[email protected]"
- name: Release Chart to Operator Repo
run: |
git remote add httpsorigin "https://github.com/${GITHUB_REPOSITORY}.git"
git fetch httpsorigin
cr index \
--git-repo=${GITHUB_REPOSITORY#*/} \
--owner=${GITHUB_REPOSITORY_OWNER} \
--release-name-template=${{ github.event.release.name }} \
--token=${{ secrets.GITHUB_TOKEN }} \
--index-path=index.yaml \
--remote=httpsorigin \
--push
- name: Release Chart to Helm Repo
run: |
# Validate configuration before attempting to push
if [ -z "${{ vars.HELM_GITHUB_REPOSITORY }}" ]; then
echo "ERROR: HELM_GITHUB_REPOSITORY variable is not set or is empty"
echo "This step requires HELM_GITHUB_REPOSITORY to be set in repository variables"
echo "Go to: Settings -> Secrets and variables -> Actions -> Variables"
exit 1
fi
if [ -z "${{ secrets.HELM_GITHUB_TOKEN }}" ]; then
echo "ERROR: HELM_GITHUB_TOKEN secret is not set or is empty"
echo "This step requires HELM_GITHUB_TOKEN with write access to: ${GITHUB_REPOSITORY_OWNER}/${{ vars.HELM_GITHUB_REPOSITORY }}"
echo "Go to: Settings -> Secrets and variables -> Actions -> Secrets"
exit 1
fi
echo "Attempting to push to helm repository: ${GITHUB_REPOSITORY_OWNER}/${{ vars.HELM_GITHUB_REPOSITORY }}"
# Test token authentication
echo "Testing token authentication..."
TOKEN_USER=$(curl -sS -H "Authorization: token ${{ secrets.HELM_GITHUB_TOKEN }}" https://api.github.com/user | jq -r '.login')
echo "Token authenticated as user: ${TOKEN_USER}"
# Save current directory
WORK_DIR=$(pwd)
# Create a temporary directory for helm repo operations
TEMP_DIR=$(mktemp -d)
cd "$TEMP_DIR"
# Clone the helm repository WITHOUT token in URL to avoid masking issues
echo "Cloning helm repository to temporary directory..."
git clone https://github.com/${GITHUB_REPOSITORY_OWNER}/${{ vars.HELM_GITHUB_REPOSITORY }}.git helm-repo || {
echo "ERROR: Failed to clone helm repository"
echo "Please verify:"
echo " 1. Repository exists: ${GITHUB_REPOSITORY_OWNER}/${{ vars.HELM_GITHUB_REPOSITORY }}"
exit 1
}
cd helm-repo
# Configure git credentials for push
git config user.email "[email protected]"
git config user.name "$GITHUB_ACTOR"
# Set up authentication using git credential helper
git config credential.helper "store --file=.git/credentials"
echo "https://x-access-token:${{ secrets.HELM_GITHUB_TOKEN }}@github.com" > .git/credentials
# Now use cr index from within the helm repo to avoid history conflicts
echo "Generating index.yaml within helm repository context..."
# Copy the package to a local directory within helm repo
mkdir -p .cr-release-packages
cp "$WORK_DIR"/.cr-release-packages/*.tgz .cr-release-packages/ || {
echo "ERROR: No chart packages found in .cr-release-packages"
exit 1
}
# Generate index with cr (this will handle the gh-pages branch automatically)
cr index \
--git-repo=${{ vars.HELM_GITHUB_REPOSITORY }} \
--owner=${GITHUB_REPOSITORY_OWNER} \
--release-name-template=${{ github.event.release.name }} \
--token=${{ secrets.HELM_GITHUB_TOKEN }} \
--package-path=.cr-release-packages \
--index-path=index.yaml \
--push || {
echo "ERROR: Failed to generate or push index to helm repository"
echo "Debug: Current directory is $(pwd)"
echo "Debug: Git remotes:"
git remote -v
echo "Debug: Git status:"
git status
exit 1
}
echo "Successfully updated helm repository index"
# Cleanup
cd /
rm -rf "$TEMP_DIR"