diff --git a/.github/workflows/build-images-ci.yml b/.github/workflows/build-images-ci.yml index 04087899a23..e278076c7c5 100644 --- a/.github/workflows/build-images-ci.yml +++ b/.github/workflows/build-images-ci.yml @@ -150,44 +150,14 @@ jobs: echo "| **Pull by digest** | \`$IMAGE@${{ steps.docker_build_ci_pr.outputs.digest }}\` |" >> $GITHUB_STEP_SUMMARY helm-chart: - if: ${{ success() }} name: Push OCI Helm Chart - runs-on: ubuntu-24.04 needs: build-and-push - steps: - - name: Checkout Source Code - uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2 - with: - ref: ${{ needs.build-and-push.outputs.tag }} - submodules: true - persist-credentials: false - fetch-depth: 0 - - - name: Get chart version - id: version - run: | - echo "chart_version=$(make chart-version)" >> $GITHUB_OUTPUT - - - name: Push OCI Helm dev chart - uses: cilium/reusable-workflows/.github/actions/push-helm-chart@6ae27958f2f37545bf48e44106b73df05b1f6d12 # v0.1.0 - with: - name: tetragon - path: install/kubernetes/tetragon - version: ${{ steps.version.outputs.chart_version }} - values_file_changes: | - { - "tetragon.image.repository": "quay.io/cilium/tetragon-ci", - "tetragon.image.tag": "${{ needs.build-and-push.outputs.tag }}", - "tetragonOperator.image.repository": "quay.io/cilium/tetragon-operator-ci", - "tetragonOperator.image.tag": "${{ needs.build-and-push.outputs.tag }}", - } - registry: quay.io - registry_namespace: cilium-charts-dev - registry_username: ${{ secrets.QUAY_CHARTS_DEV_USERNAME }} - registry_password: ${{ secrets.QUAY_CHARTS_DEV_PASSWORD }} - - - name: Print helm command - run: | - echo "Example commands:" - echo helm template -n tetragon oci://quay.io/cilium-charts-dev/tetragon --version ${{ steps.version.outputs.chart_version }} - echo helm upgrade --install tetragon -n tetragon oci://quay.io/cilium-charts-dev/tetragon --version ${{ steps.version.outputs.chart_version }} + permissions: + contents: read + uses: ./.github/workflows/push-chart-ci.yml + with: + checkout_ref: ${{ needs.build-and-push.outputs.tag }} + image_tag: ${{ needs.build-and-push.outputs.tag }} + secrets: + QUAY_CHARTS_DEV_USERNAME: ${{ secrets.QUAY_CHARTS_DEV_USERNAME }} + QUAY_CHARTS_DEV_PASSWORD: ${{ secrets.QUAY_CHARTS_DEV_PASSWORD }} diff --git a/.github/workflows/push-chart-ci.yml b/.github/workflows/push-chart-ci.yml new file mode 100644 index 00000000000..51a883993ae --- /dev/null +++ b/.github/workflows/push-chart-ci.yml @@ -0,0 +1,102 @@ +name: Chart CI Push + +on: + workflow_call: + inputs: + checkout_ref: + description: 'Git ref to build.' + type: string + required: true + image_tag: + description: 'Image tag to use for the images in the chart.' + type: string + required: true + secrets: + QUAY_CHARTS_DEV_USERNAME: + required: true + QUAY_CHARTS_DEV_PASSWORD: + required: true + +permissions: + contents: read + +concurrency: + # Do not use github.workflow here. Under workflow_call it resolves to the + # calling workflow and can collide with the caller's concurrency group. + group: chart-ci-push-${{ github.event_name }}-${{ inputs.checkout_ref }} + cancel-in-progress: true + +jobs: + setup-chart: + name: Setup Chart + runs-on: ubuntu-24.04 + outputs: + chart-version: ${{ steps.get-version.outputs.chart_version }} + steps: + - name: Checkout default branch + uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2 + with: + ref: ${{ github.event.repository.default_branch }} + persist-credentials: false + + - name: Copy default branch chart version script + run: | + mkdir -p ../tetragon-default-branch/contrib/scripts + cp ./contrib/scripts/print-chart-version.sh ../tetragon-default-branch/contrib/scripts/ + + - name: Checkout source code + uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2 + with: + persist-credentials: false + ref: ${{ inputs.checkout_ref }} + fetch-depth: 0 + + - name: Get version + id: get-version + run: | + printf 'chart_version=%s\n' "$(../tetragon-default-branch/contrib/scripts/print-chart-version.sh)" | tee -a "$GITHUB_OUTPUT" + + push-chart: + name: Push Chart + runs-on: ubuntu-24.04 + needs: setup-chart + steps: + - name: Checkout source chart + uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2 + with: + persist-credentials: false + ref: ${{ inputs.checkout_ref }} + sparse-checkout: install/kubernetes/tetragon + + - name: Push chart + uses: cilium/reusable-workflows/.github/actions/push-helm-chart@6ae27958f2f37545bf48e44106b73df05b1f6d12 # v0.1.0 + with: + name: tetragon + path: install/kubernetes/tetragon + version: ${{ needs.setup-chart.outputs.chart-version }} + values_file_changes: | + { + "tetragon.image.repository": "quay.io/cilium/tetragon-ci", + "tetragon.image.tag": "${{ inputs.image_tag }}", + "tetragonOperator.image.repository": "quay.io/cilium/tetragon-operator-ci", + "tetragonOperator.image.tag": "${{ inputs.image_tag }}" + } + registry: quay.io + registry_namespace: cilium-charts-dev + registry_username: ${{ secrets.QUAY_CHARTS_DEV_USERNAME }} + registry_password: ${{ secrets.QUAY_CHARTS_DEV_PASSWORD }} + + post-push: + name: Post-push Steps + runs-on: ubuntu-24.04 + needs: + - setup-chart + - push-chart + steps: + - name: Print helm command + env: + CHART_VERSION: ${{ needs.setup-chart.outputs.chart-version }} + run: | + echo "Example commands:" + echo helm template -n tetragon oci://quay.io/cilium-charts-dev/tetragon --version "$CHART_VERSION" + echo helm upgrade --install tetragon -n tetragon oci://quay.io/cilium-charts-dev/tetragon --version "$CHART_VERSION" diff --git a/contrib/scripts/print-chart-version.sh b/contrib/scripts/print-chart-version.sh new file mode 100755 index 00000000000..b89e506419a --- /dev/null +++ b/contrib/scripts/print-chart-version.sh @@ -0,0 +1,6 @@ +#!/usr/bin/env bash + +set -euo pipefail + +version="$(git describe --tags --always --exclude '*/*')" +printf '%s\n' "${version#v}"