feat: Helm chart release synchronization #5187

casibbald · 2025-09-01T08:46:28Z

CI: Unified Helm Chart Release Synchronization

Summary

This PR implements a unified, automated release process that synchronizes Helm chart releases with the main application releases. It removes legacy, conflicting workflows and consolidates release steps into a single, controlled pipeline.

Unified Release Workflow

The new workflow orchestrates all release components in a coordinated manner:

flowchart TD
    A[Push to main] --> B[Release-Please Action]
    B --> C{Release Created?}
    C -->|No| D[Exit - No Release]
    C -->|Yes| E[Validate Versions]
    
    E --> F{Versions Match?}
    F -->|No| G[Fail with Error]
    F -->|Yes| H[Build & Push Images]
    F -->|Yes| I[Publish NPM Package]
    F -->|Yes| J[Run GoReleaser]
    
    H --> K[Package Helm Chart]
    K --> L[Push Chart to OCI Registry]
    L --> M[Sign Chart with Cosign]
    M --> N[Verify Chart Signature]
    
    I --> O[Create Release Summary]
    J --> O
    N --> O
    
    O --> P[Complete - All Components Released]
    
    style E fill:#e1f5fe
    style F fill:#fff3e0
    style O fill:#e8f5e8
    style P fill:#c8e6c9

Key Validation Steps

Version Synchronization Check: Ensures all components have matching versions:
- Application version: v0.39.0-rc.2
- Chart appVersion: v0.39.0-rc.2 (matches app)
- Chart version: 0.39.0-rc.2 (app version without 'v' prefix)
- Image tag: v0.39.0-rc.2 (matches app)
Chart Validation: Helm lint and packaging verification before push
Security: Chart signing with Cosign and signature verification

Release Components

The unified workflow releases all components atomically:

Application Binaries: Built and released via GoReleaser
Container Images: Multi-arch builds pushed to ghcr.io/weaveworks/wego-app
Helm Chart: Packaged and pushed to ghcr.io/weaveworks/charts (OCI format)
NPM Package: Published to GitHub Packages under @weaveworks scope

Changes

Added .github/workflows/unified-release.yaml to orchestrate releases end-to-end:
- Release-please driven versioning
- Version synchronization validation (app, chart appVersion, chart version, image tag)
- Build and push container images
- Package and push Helm chart (OCI) with signing and verification
- Publish NPM package
- Create release summary
Updated release-please-config.json:
- Removed contradictory charts exclusion
- Added structured YAML extra-file updates for Chart.yaml and values.yaml
- Disabled separate-pull-requests to ensure atomic, unified releases
- Removed separate chart package entry (single manifest source)
Updated .release-please-manifest.json to a single version entry
Updated .github/workflows/prepare-release.yaml:
- Replaced manual chart updates with informational notice (now automated)
Removed legacy workflows:
- .github/workflows/helm.yaml (disabled and then removed)
- .github/workflows/release-please.yaml (legacy; removed)
Synchronized chart metadata:
- charts/gitops-server/Chart.yaml version set to match the app version without the v prefix
Removed emojis and non-ASCII characters from workflow outputs to comply with repository standards

Scope

CI/CD workflows, release configuration, and chart metadata automation only.
No application (Go/TS) source code changes.

Motivation

Eliminate desynchronization between application and Helm chart releases
Support prerelease (RC) flows end-to-end
Reduce manual steps and failure risk
Provide a single source of truth for release automation

Testing

YAML validated via loader
Helm chart linted: helm lint charts/gitops-server/
grep check for non-ASCII characters in workflows: none found
Local validation of version update logic and packaging paths

Risks & Mitigations

Risk: First unified release may fail due to environment differences
- Mitigation: Clear error messages, version validation, and actionable logs
Risk: OCI push/signing or NPM publish failures
- Mitigation: Step isolation; failure does not corrupt versioning

Release Notes

Introduces unified release pipeline for synchronized Helm chart and application releases
Adds automated version synchronization and validation
Deprecates legacy release workflows

erikgb

Let#s see how this works! 🚀

Copilot

Pull Request Overview

This PR implements a unified release automation workflow that synchronizes Helm chart releases with application releases, replacing separate and potentially conflicting release processes with a single coordinated pipeline.

Consolidates all release components (binaries, images, Helm charts, NPM packages) into one workflow
Adds version synchronization validation to ensure consistency across all artifacts
Removes legacy workflows that could cause release conflicts

Reviewed Changes

Copilot reviewed 6 out of 7 changed files in this pull request and generated 1 comment.

Show a summary per file

File	Description
release-please-config.json	Restructures configuration to use structured YAML updates and removes separate chart package configuration
charts/gitops-server/Chart.yaml	Updates chart version to match application version pattern for synchronization
.release-please-manifest.json	Simplifies to single version entry, removing separate chart versioning
.github/workflows/release-please.yaml	Transforms into unified release workflow with validation, chart packaging, and signing
.github/workflows/prepare-release.yaml	Updates to remove manual chart updates, now handled by automation
.github/workflows/helm.yaml	Removes legacy Helm workflow to prevent conflicts

_{Tip: Customize your code reviews with copilot-instructions.md. Create the file or learn how to get started.}

.github/workflows/release-please.yaml

- Fix release-please configuration contradictions - Remove charts from exclude-paths, add structured extra-files - Disable separate-pull-requests for unified releases - Create unified-release.yaml workflow with version validation - Disable legacy helm.yaml and release-please.yaml workflows - Update chart version to sync with app version (0.39.0-rc.2) - Remove manual chart updates from prepare-release.yaml - Add comprehensive documentation for new release system Resolves Helm chart release synchronization issues: - Eliminates version misalignment between app and chart - Supports prerelease versions (RC) automatically - Provides single source of truth for all releases - Includes validation and error handling - Keep messaging clear and consistent - Keep messaging clear and consistent

Copilot

Pull Request Overview

Copilot reviewed 6 out of 7 changed files in this pull request and generated 3 comments.

_{Tip: Customize your code reviews with copilot-instructions.md. Create the file or learn how to get started.}

.github/workflows/release-please.yaml

Copilot · 2025-10-04T13:45:37Z

.github/workflows/release-please.yaml

-          helm push helm-release/weave-gitops-${{ needs.release-please.outputs['charts/gitops-server--version'] }}.tgz \
-            oci://ghcr.io/weaveworks/charts &> helm-release/push-metadata.txt
+          CHART_VERSION=$(yq e '.version' charts/gitops-server/Chart.yaml)
+          CHART_FILE="helm-release/weave-gitops-${CHART_VERSION}.tgz"


[nitpick] The chart name 'weave-gitops' is hardcoded in multiple places. Consider extracting it to a variable or using the chart name from Chart.yaml to improve maintainability.

Suggested change

CHART_FILE="helm-release/weave-gitops-${CHART_VERSION}.tgz"

CHART_NAME=$(yq e '.name' charts/gitops-server/Chart.yaml)

CHART_FILE="helm-release/${CHART_NAME}-${CHART_VERSION}.tgz"

Copilot · 2025-10-04T13:45:37Z

.github/workflows/release-please.yaml

+          echo "All components have been released with synchronized versions:" >> $GITHUB_STEP_SUMMARY
+          echo "- Application: ${{ needs.release-please.outputs.version }}" >> $GITHUB_STEP_SUMMARY
+          echo "- Chart AppVersion: ${{ needs.release-please.outputs.version }}" >> $GITHUB_STEP_SUMMARY
+          echo "- Chart Version: $(echo '${{ needs.release-please.outputs.version }}' | sed 's/^v//')" >> $GITHUB_STEP_SUMMARY


[nitpick] The version transformation logic (removing 'v' prefix) is duplicated here and in the validation step. Consider extracting this to a reusable variable or function.

Co-authored-by: Copilot <[email protected]>

Copilot

Pull Request Overview

Copilot reviewed 6 out of 7 changed files in this pull request and generated 3 comments.

_{Tip: Customize your code reviews with copilot-instructions.md. Create the file or learn how to get started.}

Copilot · 2025-10-04T14:01:13Z

release-please-config.json

      "include-component-in-tag": false,
      "prerelease": true,
      "prerelease-type": "rc",
      "release-as": "0.39.0-rc.3",


Hard-coded version string should be removed or updated. This static version override will prevent proper version bumping in future releases.

Suggested change

"release-as": "0.39.0-rc.3",

Copilot · 2025-10-04T14:01:13Z

.github/workflows/release-please.yaml

+          # Validate that chart version follows expected pattern (remove 'v' prefix from app version)
+          EXPECTED_CHART_VERSION=$(echo "$APP_VERSION" | sed 's/^v//')
+          if [[ "$CHART_VERSION" != "$EXPECTED_CHART_VERSION" ]]; then
+            echo "Error: Chart version ($CHART_VERSION) does not match expected version ($EXPECTED_CHART_VERSION)"


The sed command will fail if APP_VERSION doesn't have a 'v' prefix. Consider using a more robust approach that handles both 'v0.39.0-rc.2' and '0.39.0-rc.2' formats.

Suggested change

# Validate that chart version follows expected pattern (remove 'v' prefix from app version)

EXPECTED_CHART_VERSION=$(echo "$APP_VERSION" | sed 's/^v//')

if [[ "$CHART_VERSION" != "$EXPECTED_CHART_VERSION" ]]; then

echo "Error: Chart version ($CHART_VERSION) does not match expected version ($EXPECTED_CHART_VERSION)"

# Validate that chart version follows expected pattern (remove 'v' prefix from both app version and chart version)

NORMALIZED_APP_VERSION=$(echo "$APP_VERSION" | sed 's/^v//')

NORMALIZED_CHART_VERSION=$(echo "$CHART_VERSION" | sed 's/^v//')

if [[ "$NORMALIZED_CHART_VERSION" != "$NORMALIZED_APP_VERSION" ]]; then

echo "Error: Chart version ($CHART_VERSION) does not match expected version ($APP_VERSION) (normalized: $NORMALIZED_CHART_VERSION vs $NORMALIZED_APP_VERSION)"

Copilot · 2025-10-04T14:01:13Z

.github/workflows/release-please.yaml

+          echo "All components have been released with synchronized versions:" >> $GITHUB_STEP_SUMMARY
+          echo "- Application: ${{ needs.release-please.outputs.version }}" >> $GITHUB_STEP_SUMMARY
+          echo "- Chart AppVersion: ${{ needs.release-please.outputs.version }}" >> $GITHUB_STEP_SUMMARY
+          echo "- Chart Version: $(echo '${{ needs.release-please.outputs.version }}' | sed 's/^v//')" >> $GITHUB_STEP_SUMMARY


Same sed issue as in the validation step. This command assumes the version always has a 'v' prefix, which may not be consistent.

Suggested change

echo "- Chart Version: $(echo '${{ needs.release-please.outputs.version }}' | sed 's/^v//')" >> $GITHUB_STEP_SUMMARY

echo "- Chart Version: $(echo '${{ needs.release-please.outputs.version }}' | sed -E 's/^v?([0-9]+\.[0-9]+\.[0-9]+)$/\1/')" >> $GITHUB_STEP_SUMMARY

casibbald requested a review from erikgb September 1, 2025 08:46

casibbald force-pushed the helm-chart-release-syncronization branch 3 times, most recently from 98dc50b to 7527d5d Compare September 1, 2025 08:52

casibbald changed the title ~~Helm chart release syncronization~~ feat: Helm chart release syncronization Sep 1, 2025

erikgb previously approved these changes Oct 4, 2025

View reviewed changes

erikgb requested a review from Copilot October 4, 2025 13:29

Copilot AI reviewed Oct 4, 2025

View reviewed changes

.github/workflows/release-please.yaml Outdated Show resolved Hide resolved

erikgb force-pushed the helm-chart-release-syncronization branch from 7527d5d to fb5623f Compare October 4, 2025 13:42

erikgb changed the title ~~feat: Helm chart release syncronization~~ feat: Helm chart release synchronization Oct 4, 2025

erikgb requested a review from Copilot October 4, 2025 13:44

Copilot AI reviewed Oct 4, 2025

View reviewed changes

rename job

c1840fd

Co-authored-by: Copilot <[email protected]>

erikgb dismissed their stale review via c1840fd October 4, 2025 13:46

erikgb approved these changes Oct 4, 2025

View reviewed changes

casibbald requested a review from Copilot October 4, 2025 14:00

casibbald merged commit 65a5c26 into weaveworks:main Oct 4, 2025
15 checks passed

casibbald deleted the helm-chart-release-syncronization branch October 4, 2025 14:00

Copilot AI reviewed Oct 4, 2025

View reviewed changes

weave-gitops-bot mentioned this pull request Oct 4, 2025

chore: release main #5225

Open

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Uh oh!

feat: Helm chart release synchronization #5187

feat: Helm chart release synchronization #5187

Uh oh!

casibbald commented Sep 1, 2025 •

edited

Loading

Uh oh!

erikgb left a comment

Uh oh!

Copilot AI left a comment

Uh oh!

Uh oh!

Copilot AI left a comment

Uh oh!

Uh oh!

Copilot AI Oct 4, 2025

Uh oh!

Copilot AI Oct 4, 2025

Uh oh!

Uh oh!

Copilot AI left a comment

Uh oh!

Copilot AI Oct 4, 2025

Uh oh!

Copilot AI Oct 4, 2025

Uh oh!

Copilot AI Oct 4, 2025

Uh oh!

Uh oh!

	CHART_FILE="helm-release/weave-gitops-${CHART_VERSION}.tgz"
	CHART_NAME=$(yq e '.name' charts/gitops-server/Chart.yaml)
	CHART_FILE="helm-release/${CHART_NAME}-${CHART_VERSION}.tgz"

-          # Validate that chart version follows expected pattern (remove 'v' prefix from app version)
-          EXPECTED_CHART_VERSION=$(echo "$APP_VERSION" | sed 's/^v//')
-          if [[ "$CHART_VERSION" != "$EXPECTED_CHART_VERSION" ]]; then
-            echo "Error: Chart version ($CHART_VERSION) does not match expected version ($EXPECTED_CHART_VERSION)"
+          # Validate that chart version follows expected pattern (remove 'v' prefix from both app version and chart version)
+          NORMALIZED_APP_VERSION=$(echo "$APP_VERSION" | sed 's/^v//')
+          NORMALIZED_CHART_VERSION=$(echo "$CHART_VERSION" | sed 's/^v//')
+          if [[ "$NORMALIZED_CHART_VERSION" != "$NORMALIZED_APP_VERSION" ]]; then
+            echo "Error: Chart version ($CHART_VERSION) does not match expected version ($APP_VERSION) (normalized: $NORMALIZED_CHART_VERSION vs $NORMALIZED_APP_VERSION)"

	echo "- Chart Version: $(echo '${{ needs.release-please.outputs.version }}' \| sed 's/^v//')" >> $GITHUB_STEP_SUMMARY
	echo "- Chart Version: $(echo '${{ needs.release-please.outputs.version }}' \| sed -E 's/^v?([0-9]+\.[0-9]+\.[0-9]+)$/\1/')" >> $GITHUB_STEP_SUMMARY

feat: Helm chart release synchronization #5187

feat: Helm chart release synchronization #5187

Uh oh!

Conversation

casibbald commented Sep 1, 2025 • edited Loading Uh oh! There was an error while loading. Please reload this page.

Uh oh!

CI: Unified Helm Chart Release Synchronization

Summary

Unified Release Workflow

Key Validation Steps

Release Components

Changes

Scope

Motivation

Testing

Risks & Mitigations

Release Notes

Uh oh!

erikgb left a comment

Choose a reason for hiding this comment

Uh oh!

Copilot AI left a comment

Choose a reason for hiding this comment

Pull Request Overview

Reviewed Changes

Uh oh!

Uh oh!

Copilot AI left a comment

Choose a reason for hiding this comment

Pull Request Overview

Uh oh!

Uh oh!

Copilot AI Oct 4, 2025

Choose a reason for hiding this comment

Uh oh!

Copilot AI Oct 4, 2025

Choose a reason for hiding this comment

Uh oh!

Uh oh!

Copilot AI left a comment

Choose a reason for hiding this comment

Pull Request Overview

Uh oh!

Copilot AI Oct 4, 2025

Choose a reason for hiding this comment

Uh oh!

Copilot AI Oct 4, 2025

Choose a reason for hiding this comment

Uh oh!

Copilot AI Oct 4, 2025

Choose a reason for hiding this comment

Uh oh!

Uh oh!

casibbald commented Sep 1, 2025 •

edited

Loading