From e9c50d800739f35db764ec008f49890c60ef2fd5 Mon Sep 17 00:00:00 2001
From: Nicholas openSUSE Software Engineer <nicholas.paolillo@suse.com>
Date: Thu, 23 Jan 2025 15:20:41 -0300
Subject: [PATCH] [dev-v2.9] Improve process  (#5022)

---
 .github/CODEOWNERS               | 28 +++++++++++++++
 .github/pull_request_template.md | 58 ++++++++++++++++++++------------
 .github/workflows/build.yaml     | 16 +++++++--
 .gitignore                       |  1 +
 scripts/version                  |  2 +-
 5 files changed, 79 insertions(+), 26 deletions(-)

diff --git a/.github/CODEOWNERS b/.github/CODEOWNERS
index 74a2d1779..09bbc838b 100644
--- a/.github/CODEOWNERS
+++ b/.github/CODEOWNERS
@@ -12,70 +12,98 @@
 
 # Elemental
 packages/elemental @rancher/elemental
+assets/elemental @rancher/elemental
 
 # Fleet
 packages/fleet @rancher/fleet
+assets/fleet @rancher/fleet
 
 # Harvester
 packages/harvester @rancher/harvester
+assets/harvester @rancher/harvester
 
 # Longhorn
 packages/longhorn @rancher/longhorn
 packages/longhorn-crd @rancher/longhorn
+assets/longhorn @rancher/longhorn
+assets/longhorn-crd @rancher/longhorn
 
 # Neuvector
 packages/neuvector @rancher/neuvector
 packages/neuvector-monitor @rancher/neuvector
+assets/neuvector @rancher/neuvector
+assets/neuvector-monitor @rancher/neuvector
 
 # Rancher AKS EKS GKE
 packages/rancher-aks-operator @rancher/highlander
 packages/rancher-eks-operator @rancher/highlander
 packages/rancher-gke-operator @rancher/highlander
+assets/rancher-aks-operator @rancher/highlander
+assets/rancher-eks-operator @rancher/highlander
+assets/rancher-gke-operator @rancher/highlander
+
 
 # Rancher Alerting
 packages/rancher-alerting @rancher/observation-backup
+assets/rancher-alerting @rancher/observation-backup
 
 # Rancher Backup
 packages/rancher-backup @rancher/observation-backup
+assets/rancher-backup @rancher/observation-backup
 
 # Rancher CIS Benchmark
 packages/rancher-cis-benchmark @rancher/infracloud-team
 tests/rancher-cis-benchmark @rancher/infracloud-team
+assets/rancher-cis-benchmark @rancher/infracloud-team
 
 # Rancher CSP Adapter
 packages/rancher-csp-adapter @rancher/socket
+assets/rancher-csp-adapter @rancher/socket
 
 # Rancher OPA Gatekeeper
 packages/rancher-gatekeeper @rancher/mapps
+assets/rancher-gatekeeper @rancher/mapps
 
 # Rancher Istio
 packages/rancher-istio @rancher/mapps
 tests/rancher-istio @rancher/mapps
+assets/rancher-istio @rancher/mapps
 
 # Rancher Logging
 packages/rancher-logging @rancher/observation-backup
+assets/rancher-logging @rancher/observation-backup
 
 # Rancher Monitoring
 packages/rancher-monitoring @rancher/observation-backup
+assets/rancher-monitoring @rancher/observation-backup
 
 # Rancher SRIOV
 packages/rancher-sriov @rancher/rke1-team
 packages/rancher-nfd @rancher/rke1-team
+assets/rancher-sriov @rancher/rke1-team
+assets/rancher-nfd @rancher/rke1-team
 
 # Rancher Provisioning CAPI
 packages/rancher-provisioning-capi @rancher/rancher-team-2-hostbusters-dev
+assets/rancher-provisioning-capi @rancher/rancher-team-2-hostbusters-dev
 
 # Rancher VSphere
 packages/rancher-vsphere @rancher/rancher-team-2-hostbusters-dev
+assets/rancher-vsphere-cpi @rancher/rancher-team-2-hostbusters-dev
+assets/rancher-vsphere-csi @rancher/rancher-team-2-hostbusters-dev
 
 # Rancher Windows GSMA
 packages/rancher-windows-gsma @rancher/rancher-team-2-hostbusters-dev
+assets/rancher-windows-gsma @rancher/rancher-team-2-hostbusters-dev
 
 # Rancher Webhook
 packages/rancher-webhook @rancher/rancher-squad-frameworks
+assets/rancher-webhook @rancher/rancher-squad-frameworks
 
 # System Upgrade Controller
 packages/system-upgrade-controller @rancher/rancher-team-2-hostbusters-dev
+assets/system-upgrade-controller @rancher/rancher-team-2-hostbusters-dev
 
 # UI Extension Operator
 packages/ui-plugin-operator @rancher/mapps
+assets/ui-plugin-operator @rancher/mapps
\ No newline at end of file
diff --git a/.github/pull_request_template.md b/.github/pull_request_template.md
index f7e55808f..da2b4e9ed 100644
--- a/.github/pull_request_template.md
+++ b/.github/pull_request_template.md
@@ -1,26 +1,40 @@
-## Issue: <!-- link the issue or issues this PR resolves here -->
+#### Pull Requests Rules
+
+- `Never remove an already released chart!`
+    - This does not apply to RC's because they are not released.
+- Each Pull Request should only modify one chart with its dependencies.
+
+- Pull request title:
+    ```
+    [dev-v2.X] <chart> <version> <action>
+    ```
+    - `<action>`: 1 of (bump; remove; UnRC)
+
+---
+
+##### Checkpoints for Chart Bumps
+
+`release.yaml`:
+- [ ] Each chart version in release.yaml DOES NOT modify an already released chart. If so, stop and modify the versions so that it releases a net-new chart.
+- [ ] Each chart version in release.yaml IS exactly 1 more patch or minor version than the last released chart version. If not, stop and modify the versions so that it releases a net-new chart.
+
+`Chart.yaml and index.yaml`:
+- [ ] The `index.yaml` file has an entry for your new chart version.
+- [ ] The `index.yaml` entries for each chart matches the `Chart.yaml` for each chart.
+- [ ] Each chart has ALL required annotations
+  - kube-version annotation
+  - rancher-version annotation
+  - permits-os annotation (indicates Windows and/or Linux)
+
+---
+
+Fill the following only if required by your manager.
+
+##### Issue: <!-- link the issue or issues this PR resolves here -->
 <!-- If your PR depends on changes from another pr link them here and describe why they are needed in your solution section. -->
 
-## Problem
-<!-- Describe the root cause of the issue you are resolving. This may include what behavior is observed and why it is not desirable. If this is a new feature describe why we need this feature and how it will be used. -->
-## Solution
+##### Solution
 <!-- Describe what you changed to fix the issue. Relate your changes back to the original issue / feature and explain how this addresses the issue. -->
 
-## Testing
-<!-- Note: Confirm if the repro steps in the GitHub issue are valid, if not, please update the issue with accurate repro steps. -->
-
-## Engineering Testing
-### Manual Testing
-<!-- Describe what manual testing you did (if no testing was done, explain why). -->
-
-### Automated Testing
-<!--If you added/updated unit/integration/validation tests, describe what cases they cover and do not cover. -->
-
-## QA Testing Considerations
-<!-- Highlight areas or (additional) cases that QA should test w.r.t a fresh install as well as the upgrade scenarios -->
-
-### Regressions Considerations
-<!-- Dedicated section to specifically call out any areas that with higher chance of regressions caused by this change, include estimation of probability of regressions -->
-
-## Backporting considerations
-<!-- Does this change need to be backported to other versions? If so, which versions should it be backported to? -->
\ No newline at end of file
+##### QA Testing Considerations
+<!-- Highlight areas or (additional) cases that QA should test w.r.t a fresh install as well as the upgrade scenarios -->
\ No newline at end of file
diff --git a/.github/workflows/build.yaml b/.github/workflows/build.yaml
index e362e96cc..9e7b9aeaf 100755
--- a/.github/workflows/build.yaml
+++ b/.github/workflows/build.yaml
@@ -23,7 +23,6 @@ jobs:
         run: |
           echo "installing docker, jq, git, make, go, awk and patch through zypper"
           zypper --non-interactive install docker jq git make go awk patch
-
           echo "installing gh"
           mkdir -p /tmp/gh
           curl -fsL https://github.com/cli/cli/releases/download/v${GH_VERSION}/gh_${GH_VERSION}_linux_amd64.tar.gz | tar xvzf - --strip-components=1 -C /tmp/gh
@@ -43,6 +42,15 @@ jobs:
           secrets: |
             secret/data/github/repo/${{ github.repository }}/dockerhub/rancher/credentials username | DOCKER_USERNAME;
             secret/data/github/repo/${{ github.repository }}/dockerhub/rancher/credentials password | DOCKER_PASSWORD;
+            secret/data/github/repo/${{ github.repository }}/github/app-credentials appId | APP_ID ;
+            secret/data/github/repo/${{ github.repository }}/github/app-credentials privateKey | PRIVATE_KEY
+
+      - name: Create App Token
+        uses: actions/create-github-app-token@v1
+        id: app-token
+        with:
+          app-id: ${{ env.APP_ID }}
+          private-key: ${{ env.PRIVATE_KEY }}
 
       - name: actions/checkout@v4
         continue-on-error: false
@@ -51,7 +59,7 @@ jobs:
       - name: Git Checkout PR and into new branch
         continue-on-error: false
         env:
-            GH_TOKEN: ${{ secrets.GITHUB_TOKEN }}
+          GH_TOKEN: ${{ steps.app-token.outputs.token }}
         run: |
           echo  "git global configuration"
           git config --global --add safe.directory "$PWD"
@@ -72,7 +80,9 @@ jobs:
       - name: Release PR Validation Chekpoints
         continue-on-error: false
         if: contains(github.base_ref, 'release-v')
-        run: make validate-release-charts BRANCH=${{ github.event.pull_request.base.ref }} GH_TOKEN=${{ secrets.GITHUB_TOKEN }} PR_NUMBER=${{ github.event.pull_request.number }}
+        env:
+          GH_TOKEN: ${{ steps.app-token.outputs.token }}
+        run: make validate-release-charts BRANCH=${{ github.event.pull_request.base.ref }} GH_TOKEN=${{ env.GH_TOKEN }} PR_NUMBER=${{ github.event.pull_request.number }}
 
       - name: Validate index.yaml Vs assets/ dir
         continue-on-error: false
diff --git a/.gitignore b/.gitignore
index 9917c1c6b..6c273a54b 100755
--- a/.gitignore
+++ b/.gitignore
@@ -5,3 +5,4 @@ bin
 .idea
 .charts-build-scripts
 *.swp
+.vscode
diff --git a/scripts/version b/scripts/version
index 0fdbd4a53..ad3a273aa 100755
--- a/scripts/version
+++ b/scripts/version
@@ -2,4 +2,4 @@
 set -e
 
 CHARTS_BUILD_SCRIPTS_REPO=https://github.com/rancher/charts-build-scripts.git
-CHARTS_BUILD_SCRIPT_VERSION="${CHARTS_BUILD_SCRIPT_VERSION:-v1.3.5}"
+CHARTS_BUILD_SCRIPT_VERSION="${CHARTS_BUILD_SCRIPT_VERSION:-v1.3.7}"