From 8fff58e295216a75ddc6401742fba4a665eaf705 Mon Sep 17 00:00:00 2001 From: Adam Pickering Date: Mon, 8 Apr 2024 14:35:07 -0600 Subject: [PATCH] Automate updates of existing helm charts (#997) --- .github/workflows/update-main-source.yml | 33 +++++++++++++----------- .github/workflows/update-main.yml | 22 +++++++++++++++- 2 files changed, 39 insertions(+), 16 deletions(-) diff --git a/.github/workflows/update-main-source.yml b/.github/workflows/update-main-source.yml index 92df6ab97..2f9888d85 100644 --- a/.github/workflows/update-main-source.yml +++ b/.github/workflows/update-main-source.yml @@ -16,26 +16,29 @@ jobs: git config --global user.name "github-actions[bot]" git config --global user.email "github-actions[bot]@users.noreply.github.com" + - name: Get rancher/partner-charts secrets out of vault + uses: rancher-eio/read-vault-secrets@main + with: + secrets: | + github/repo/rancher/partner-charts/github/app-credentials appId | APP_ID ; + github/repo/rancher/partner-charts/github/app-credentials privateKey | PRIVATE_KEY + + - name: Generate short-lived github app token + uses: actions/create-github-app-token@v1 + id: app-token + with: + app-id: ${{ env.APP_ID }} + private-key: ${{ env.PRIVATE_KEY }} + - name: Update main-source branch env: - GH_TOKEN: ${{ secrets.GITHUB_TOKEN }} - GITHUB_WORKFLOW: ${{ github.workflow }} - GITHUB_REPOSITORY: ${{ github.repository }} + APP_TOKEN: ${{ steps.app-token.outputs.token }} run: | scripts/pull-ci-scripts - BRANCH="auto-update/$(date '+%s')" - git checkout -b "$BRANCH" bin/partner-charts-ci auto # exit if there are no changes - git diff --quiet main-source "$BRANCH" && exit 0 + git diff --quiet origin/main-source main-source && exit 0 - # close all existing PRs from branches starting with "auto-update" - gh pr --repo "$GITHUB_REPOSITORY" list --search 'head:auto-update' --json 'headRefName' --jq '.[] | join("\n")' | \ - xargs --no-run-if-empty -n 1 gh pr --repo "$GITHUB_REPOSITORY" close - - # push changes - git push --set-upstream origin "$BRANCH" - TITLE="[AUTOMATED] Auto-update charts on main-source" - BODY="This PR was created by the \"$GITHUB_WORKFLOW\" workflow. It auto-updates the helm charts on the main-source branch." - gh pr create --repo "$GITHUB_REPOSITORY" --base main-source --head "$BRANCH" --title "$TITLE" --body "$BODY" + git remote set-url origin https://x-access-token:${APP_TOKEN}@github.com/rancher/partner-charts + git push origin main-source diff --git a/.github/workflows/update-main.yml b/.github/workflows/update-main.yml index 32f22df56..55ade6ac4 100644 --- a/.github/workflows/update-main.yml +++ b/.github/workflows/update-main.yml @@ -17,14 +17,34 @@ jobs: git config --global user.name "github-actions[bot]" git config --global user.email "github-actions[bot]@users.noreply.github.com" + - name: Get rancher/partner-charts secrets out of vault + uses: rancher-eio/read-vault-secrets@main + with: + secrets: | + github/repo/rancher/partner-charts/github/app-credentials appId | APP_ID ; + github/repo/rancher/partner-charts/github/app-credentials privateKey | PRIVATE_KEY + + - name: Generate short-lived github app token + uses: actions/create-github-app-token@v1 + id: app-token + with: + app-id: ${{ env.APP_ID }} + private-key: ${{ env.PRIVATE_KEY }} + - name: Update main branch with latest from main-source + env: + APP_TOKEN: ${{ steps.app-token.outputs.token }} run: | # checkout action only fetches main-source, so we need to fetch main git fetch origin main --depth 1 git checkout main + git rm -r assets index.yaml git checkout main-source -- assets index.yaml + # exit if there are no changes git diff-index --quiet HEAD assets index.yaml && exit 0 - git commit -m "Update partner charts" + + git commit -m "Release partner charts" + git remote set-url origin https://x-access-token:${APP_TOKEN}@github.com/rancher/partner-charts git push origin