Skip to content
[CI/CD] CD Pipeline

[bitnami/consul] Release 11.1.9 updating components versions (#26104) #9279

Sign in to view logs

[bitnami/consul] Release 11.1.9 updating components versions (#26104)

[bitnami/consul] Release 11.1.9 updating components versions (#26104) #9279

Workflow file for this run

.github/workflows/cd-pipeline.yml at e6b6c77
# Copyright Broadcom, Inc. All Rights Reserved.
# SPDX-License-Identifier: APACHE-2.0
name: '[CI/CD] CD Pipeline'
on: # rebuild any PRs and main branch changes
push:
branches:
- main
paths:
- 'bitnami/**'
- '!**.md'
# Remove all permissions by default.
permissions: {}
jobs:
get-chart:
runs-on: ubuntu-latest
name: 'Get modified charts'
permissions:
contents: read
outputs:
chart: ${{ steps.get-chart.outputs.chart }}
result: ${{ steps.get-chart.outputs.result }}
steps:
- uses: actions/checkout@44c2b7a8a4ea60a981eaca3cf939b5f4305c123b
with:
path: charts
fetch-depth: 2 # to be able to obtain files changed in the latest commit
- id: get-chart
name: 'Get modified charts'
run: |
cd charts
files_changed="$(git show --pretty="" --name-only)"
# Adding || true to avoid "Process exited with code 1" errors
charts_dirs_changed="$(echo "$files_changed" | xargs dirname | grep -o "bitnami/[^/]*" | sort | uniq || true)"
# Using grep -c as a better alternative to wc -l when dealing with empty strings."
num_charts_changed="$(echo "$charts_dirs_changed" | grep -c "bitnami" || true)"
num_version_bumps="$(echo "$files_changed" | grep Chart.yaml | xargs git show | grep -c "+version" || true)"
if [[ "$num_charts_changed" -ne "$num_version_bumps" ]]; then
# Changes done in charts but version not bumped -> ERROR
charts_changed_str="$(echo ${charts_dirs_changed[@]})"
echo "error=Detected changes in charts without version bump in Chart.yaml. Charts changed: ${num_charts_changed} ${charts_changed_str}. Version bumps detected: ${num_version_bumps}" >> $GITHUB_OUTPUT
echo "result=fail" >> $GITHUB_OUTPUT
elif [[ "$num_charts_changed" -eq "1" ]]; then
# Changes done in only one chart -> OK
chart_name=$(echo "$charts_dirs_changed" | sed "s|bitnami/||g")
echo "chart=${chart_name}" >> $GITHUB_OUTPUT
echo "result=ok" >> $GITHUB_OUTPUT
else
# Changes done in more than chart -> FAIL
charts_changed_str="$(echo ${charts_dirs_changed[@]})"
echo "error=Changes detected in more than one chart directory: ${charts_changed_str}. The publish process will be stopped. Please create different commits for each chart." >> $GITHUB_OUTPUT
echo "result=fail" >> $GITHUB_OUTPUT
fi
- id: show-error
name: 'Show error'
if: ${{ steps.get-chart.outputs.result == 'fail' }}
uses: actions/github-script@60a0d83039c74a4aee543508d2ffcb1c3799cdea
with:
script: |
core.setFailed('${{ steps.get-chart.outputs.error }}')
vib-publish:
runs-on: ubuntu-latest
needs: get-chart
if: ${{ needs.get-chart.outputs.result == 'ok' }}
name: VIB Publish
permissions:
contents: read
env:
CSP_API_URL: https://console.cloud.vmware.com
CSP_API_TOKEN: ${{ secrets.CSP_API_TOKEN }}
VIB_PUBLIC_URL: https://cp.bromelia.vmware.com
steps:
- uses: actions/checkout@44c2b7a8a4ea60a981eaca3cf939b5f4305c123b
name: Checkout Repository
with:
path: charts
- uses: vmware-labs/vmware-image-builder-action@v0
name: Publish ${{ needs.get-chart.outputs.chart }}
with:
pipeline: ${{ needs.get-chart.outputs.chart }}/vib-publish.json
config: charts/.vib/
env:
VIB_ENV_S3_URL: s3://${{ secrets.AWS_S3_BUCKET }}/bitnami
VIB_ENV_S3_ACCESS_KEY_ID: ${{ secrets.AWS_PUBLISH_ACCESS_KEY_ID }}
VIB_ENV_S3_SECRET_ACCESS_KEY: ${{ secrets.AWS_PUBLISH_SECRET_ACCESS_KEY }}
VIB_ENV_S3_ROLE_ARN: ${{ secrets.AWS_PUBLISH_ROLE_ARN }}
update-index:
runs-on: ubuntu-latest
needs:
- vib-publish
name: Update charts index
steps:
- uses: actions/download-artifact@9bc31d5ccc31df68ecc42ccf4149144866c47d8a
with:
path: ~/artifacts
# If we perform a checkout of the main branch, we will find conflicts with the submodules
- uses: actions/checkout@44c2b7a8a4ea60a981eaca3cf939b5f4305c123b
with:
ref: 'index'
path: index
# The token is persisted in the local git config and enables scripts to run authenticated git commands.
token: ${{ secrets.BITNAMI_BOT_TOKEN }}
- name: Install helm
run: |
HELM_TARBALL="helm-v3.8.1-linux-amd64.tar.gz"
curl -SsLfO "https://get.helm.sh/${HELM_TARBALL}" && sudo tar xf "$HELM_TARBALL" --strip-components 1 -C /usr/local/bin
# Install file plugin
helm plugin add https://github.com/zoobab/helm_file_repo
- id: update-index
name: Fetch chart and update index
env:
AWS_ACCESS_KEY_ID: ${{ secrets.AWS_PUBLISH_ACCESS_KEY_ID }}
AWS_SECRET_ACCESS_KEY: ${{ secrets.AWS_PUBLISH_SECRET_ACCESS_KEY }}
AWS_ASSUME_ROLE_ARN: ${{ secrets.AWS_PUBLISH_ROLE_ARN }}
AWS_DEFAULT_REGION: us-east-1
run: |
# Configure AWS account
export $(printf "AWS_ACCESS_KEY_ID=%s AWS_SECRET_ACCESS_KEY=%s AWS_SESSION_TOKEN=%s" $(aws sts assume-role --role-arn ${AWS_ASSUME_ROLE_ARN} --role-session-name GitHubCharts --query "Credentials.[AccessKeyId,SecretAccessKey,SessionToken]" --output text))
# Extract chart release metadata from the publish report file
vib_publish_report_file=$(find ~/artifacts -name "report.json" -print -quit)
chart_name=$(jq -re '.actions|map(select(.action_id == "helm-publish"))[0] | .application.name' $vib_publish_report_file)
chart_version=$(jq -re '.actions|map(select(.action_id == "helm-publish"))[0] | .application.version' $vib_publish_report_file)
# Download published asset
mkdir download
aws s3 cp s3://${{ secrets.AWS_S3_BUCKET }}/bitnami/${chart_name}-${chart_version}.tgz download/
cd index
git config user.name "Bitnami Containers"
git config user.email "bitnami-bot@vmware.com"
attempts=0
max_attempts=5
is_index_updated=0
while [[ $attempts -lt $max_attempts && $is_index_updated -eq 0 ]]; do
attempts=$((attempts + 1))
# Pull changes from remote
git fetch origin index
current_commit_id=$(git rev-parse origin/index)
git reset --hard $(git commit-tree origin/index^{tree} -m "Update index.yaml")
# Rebuild index
helm repo index --url https://charts.bitnami.com/bitnami --merge bitnami/index.yaml ../download
# Compare size of files
if [[ $(stat -c%s bitnami/index.yaml) -gt $(stat -c%s ../download/index.yaml) ]]; then
echo "New index.yaml file is shorter than the current one"
exit 1
fi
# Adding tmp file as a helm repo
if ! helm repo add cache file://../download/ ; then
echo "New index.yaml file can't be indexed"
exit 1
fi
cp ../download/index.yaml bitnami/index.yaml
# Push changes
git add bitnami/index.yaml && git commit --signoff --amend --no-edit
git push origin index --force-with-lease=index:${current_commit_id} && is_index_updated=1 || echo "Failed to push during attempt $attempts"
done
if [[ $is_index_updated -ne 1 ]]; then
echo "Could not update the index after $max_attempts attempts"
exit 1
fi
# If the CD Pipeline does not succeed we should notify the interested agents
slack-notif:
runs-on: ubuntu-latest
needs:
- vib-publish
- update-index
if: always()
name: Notify unsuccessful CD run
steps:
- name: Notify in Slack channel
if: ${{ needs.update-index.result != 'success' }}
uses: slackapi/slack-github-action@70cd7be8e40a46e8b0eced40b0de447bdb42f68e
with:
channel-id: ${{ secrets.CD_SLACK_CHANNEL_ID }}
payload: |
{
"attachments": [
{
"color": "#CC0000",
"fallback": "Unsuccessful bitnami/charts CD pipeline",
"blocks": [
{
"type": "section",
"text": {
"type": "mrkdwn",
"text": "*Unsuccessful `bitnami/charts` CD pipeline*"
}
},
{
"type": "section",
"text": {
"type": "mrkdwn",
"text": "The CD pipeline for <${{ github.event.head_commit.url }}|bitnami/charts@${{ github.event.head_commit.id }}> did not succeed. Check the related <${{ github.server_url }}/${{ github.repository }}/actions/runs/${{ github.run_id }}|action run> for more information."
}
}
]
}
]
}
env:
SLACK_BOT_TOKEN: ${{ secrets.CD_SLACK_BOT_TOKEN }}