diff --git a/.github/workflows/job-chart-ocm.yml b/.github/workflows/job-chart-ocm.yml deleted file mode 100644 index d5eda97..0000000 --- a/.github/workflows/job-chart-ocm.yml +++ /dev/null @@ -1,141 +0,0 @@ -name: Chart OCM Component -on: - workflow_call: - inputs: - chartPath: - description: "Path to the chart directory" - required: true - type: string - chartName: - description: "Name of the chart" - required: true - type: string - chartRepository: - description: "Chart repository URL (defaults to platform-mesh/helm-charts)" - type: string - default: https://github.com/platform-mesh/helm-charts - componentConstructorFile: - description: "Path to component constructor file" - type: string - default: .ocm/component-constructor-chart-only.yaml - componentName: - description: "Component name (e.g., github.com/platform-mesh/helm-charts/security-operator)" - required: true - type: string - ocmRegistryUrl: - description: "OCM registry URL" - type: string - default: ghcr.io/platform-mesh - -jobs: - chart-ocm: - runs-on: ubuntu-latest - permissions: - contents: read - packages: write - steps: - - name: Create Github App Token - uses: actions/create-github-app-token@f8d387b68d61c58ab83c6c016672934102569859 # v3 - id: app-token - with: - app-id: "1415820" - private-key: ${{ secrets.PM_PUBLISHER_PRIVATE_KEY }} - owner: ${{ github.repository_owner }} - - - name: Setup yq@latest - run: | - if ! command -v yq &>/dev/null - then - mkdir -p /home/runner/.local/bin - wget https://github.com/mikefarah/yq/releases/latest/download/yq_linux_amd64 -O /home/runner/.local/bin/yq &&\ - chmod +x /home/runner/.local/bin/yq - fi - - - name: Check out the repo - uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6 - - - name: Setup OCM CLI - run: | - REPO=${repo:=open-component-model/ocm} - if [ -z "$version" -o "$version" == latest ]; then - version="$(basename "$(curl -Ls -o /dev/null -w %{url_effective} https://github.com/$REPO/releases/latest)")" - echo "Selecting latest version: $version" - fi - VERSION=${version#v} - ARCHIVE_FILE="ocm-${VERSION}-linux-amd64.tar.gz" - URL="https://github.com/$REPO/releases/download/v${VERSION}/$ARCHIVE_FILE" - echo "Installing ocm-cli version $version from $REPO" - curl -LsS -o ocm-cli.tgz "$URL" - tar --overwrite -xvzf ocm-cli.tgz >/dev/null - chmod a+x ocm - - - name: Prepare template variables - run: | - VERSION=$(yq '.version' ${{ inputs.chartPath }}/Chart.yaml) - CHART_OCI_PATH=ghcr.io/platform-mesh/helm-charts/${{ inputs.chartName }} - CHART_REPO=${{ inputs.chartRepository }} - - echo "VERSION=$VERSION" >> $GITHUB_ENV - echo "CHART_OCI_PATH=$CHART_OCI_PATH" >> $GITHUB_ENV - echo "CHART_REPO=$CHART_REPO" >> $GITHUB_ENV - - - name: Write OCM credentials file - run: | - OCM_REGISTRY_URL="${{ inputs.ocmRegistryUrl }}" - OCM_HOSTNAME="${OCM_REGISTRY_URL%%/*}" - OCM_PATHPREFIX="${OCM_REGISTRY_URL#*/}" - cat < $HOME/.ocmconfig - type: generic.config.ocm.software/v1 - configurations: - - type: credentials.config.ocm.software - consumers: - - identity: - type: OCIRegistry - scheme: https - hostname: ${OCM_HOSTNAME} - pathprefix: ${OCM_PATHPREFIX} - credentials: - - type: Credentials - properties: - username: github - password: ${{ secrets.GITHUB_TOKEN }} - EOF - - - name: Create OCM ComponentArchive - run: | - ocm_ctf=transport.ctf - ./ocm add components -c --templater=go --file "$ocm_ctf" ${{ inputs.componentConstructorFile }} -- \ - VERSION=${{ env.VERSION }} \ - COMPONENT_NAME=${{ inputs.componentName }} \ - CHART_OCI_PATH=${{ env.CHART_OCI_PATH }} \ - CHART_REPO=${{ env.CHART_REPO }} \ - COMMIT=${{ github.sha }} - - - name: Download CA certificate - run: gh api repos/platform-mesh/helm-charts/contents/.ocm/signature/ca.cert --jq '.content' | base64 -d > /tmp/ca.cert - env: - GH_TOKEN: ${{ secrets.GITHUB_TOKEN }} - - - name: Sign OCM component - run: | - printf '%s' "$OCM_SIGNING_PRIVATE_KEY" > /tmp/ocm-signing.priv - printf '%s' "$OCM_SIGNING_CERT" > /tmp/ocm-signing.cert - ./ocm sign componentversion \ - --signature helm-charts.platform-mesh \ - --private-key /tmp/ocm-signing.priv \ - --public-key /tmp/ocm-signing.cert \ - --ca-cert /tmp/ca.cert \ - transport.ctf - rm -f /tmp/ocm-signing.priv /tmp/ocm-signing.cert /tmp/ca.cert - env: - OCM_SIGNING_PRIVATE_KEY: ${{ secrets.OCM_SIGNING_PRIVATE_KEY }} - OCM_SIGNING_CERT: ${{ secrets.OCM_SIGNING_CERT }} - - - name: Transfer to OCM registry - run: ./ocm transfer ctf transport.ctf "${{ inputs.ocmRegistryUrl }}" - - - name: Trigger PlatformMesh OCM build - run: | - gh workflow run ocm-aggregator.yaml --repo "platform-mesh/helm-charts" - env: - GITHUB_TOKEN: ${{ steps.app-token.outputs.token }} diff --git a/.github/workflows/job-check-helm-chart-docs.yml b/.github/workflows/job-check-helm-chart-docs.yml deleted file mode 100644 index 3400bbb..0000000 --- a/.github/workflows/job-check-helm-chart-docs.yml +++ /dev/null @@ -1,36 +0,0 @@ -name: Check Helm Chart Docs -on: - workflow_call: - inputs: - chartFolder: - description: 'The folder where the helm chart is located' - required: true - default: '' - type: string - headerFile: - description: 'The header file to use for the helm-docs' - required: false - default: '../../docs-templates/header.md.gotmpl' - type: string - footerFile: - description: 'The footer file to use for the helm-docs' - required: false - default: '../../docs-templates/footer.md.gotmpl' - type: string - -jobs: - docs: - runs-on: ubuntu-latest - steps: - - name: Install Task - uses: arduino/setup-task@b91d5d2c96a56797b48ac1e0e89220bf64044611 # v2.0.0 - with: - version: 3.44.1 - repo-token: ${{ secrets.GITHUB_TOKEN }} - - uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6 - with: - ref: ${{ github.event.pull_request.head.sha }} - fetch-depth: 0 - - name: Test task - run: task docs - - run: git diff --exit-code \ No newline at end of file diff --git a/.github/workflows/job-ocm-version-update.yml b/.github/workflows/job-ocm-version-update.yml deleted file mode 100644 index b717eb7..0000000 --- a/.github/workflows/job-ocm-version-update.yml +++ /dev/null @@ -1,20 +0,0 @@ -name: Trigger OCM Version Update -on: - workflow_call: - -jobs: - trigger-ocm-version-update: - runs-on: ubuntu-latest - steps: - - name: Generate a token - id: generate-token - uses: actions/create-github-app-token@f8d387b68d61c58ab83c6c016672934102569859 # v3 - with: - app-id: "1415820" - private-key: ${{ secrets.PM_PUBLISHER_PRIVATE_KEY }} - owner: ${{ github.repository_owner }} - repositories: | - helm-charts - - run: gh workflow run ocm-aggregator.yaml --repo platform-mesh/helm-charts - env: - GITHUB_TOKEN: ${{ steps.generate-token.outputs.token }} diff --git a/.github/workflows/job-ocm.yml b/.github/workflows/job-ocm.yml deleted file mode 100644 index b5da2cd..0000000 --- a/.github/workflows/job-ocm.yml +++ /dev/null @@ -1,201 +0,0 @@ -name: OCM -on: - workflow_call: - inputs: - chartPath: - required: true - type: string - componentName: - required: true - type: string - componentConstructorFile: - required: false - type: string - default: .ocm/component-constructor.yaml - ocmRegistryUrl: - type: string - default: ghcr.io/platform-mesh - chartOnly: - description: "If true, builds chart-only component and triggers service component pipeline" - required: false - type: boolean - default: false - imageComponentName: - description: "Image component name suffix for service component (defaults to chart name)" - required: false - type: string - default: '' - serviceComponentConstructorFile: - description: "Custom service component constructor file in the helm-charts repo (defaults to .ocm/component-constructor-service-component.yaml)" - required: false - type: string - default: '' - -jobs: - ocm: - runs-on: ubuntu-latest - permissions: - contents: read - packages: write - steps: - - name: Create Github App Token - uses: actions/create-github-app-token@f8d387b68d61c58ab83c6c016672934102569859 # v3 - id: app-token - with: - app-id: "1415820" - private-key: ${{ secrets.PM_PUBLISHER_PRIVATE_KEY }} - owner: ${{ github.repository_owner }} - - name: Setup yq@latest - run: | - if ! command -v yq &>/dev/null - then - mkdir -p /home/runner/.local/bin - wget https://github.com/mikefarah/yq/releases/latest/download/yq_linux_amd64 -O /home/runner/.local/bin/yq &&\ - chmod +x /home/runner/.local/bin/yq - fi - - name: Check out the repo - uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6 - - name: setup OCM CLI - run: | - REPO=${repo:=open-component-model/ocm} - if [ -z "$version" -o "$version" == latest ]; then - version="$(basename "$(curl -Ls -o /dev/null -w %{url_effective} https://github.com/$REPO/releases/latest)")" - echo "Selecting latest version: $version" - fi - VERSION=${version#v} - ARCHIVE_FILE="ocm-${VERSION}-linux-amd64.tar.gz" - URL="https://github.com/$REPO/releases/download/v${VERSION}/$ARCHIVE_FILE" - echo "Installing ocm-cli version $version from $REPO" - curl -LsS -o ocm-cli.tgz "$URL" - tar --overwrite -xvzf ocm-cli.tgz >/dev/null - chmod a+x ocm - - name: Prepare Template Variables - run: | - CHART_NAME=$(yq '.name' ${{ inputs.chartPath }}/Chart.yaml) - VERSION=$(yq '.version' ${{ inputs.chartPath }}/Chart.yaml) - APP_VERSION=$(yq '.appVersion' ${{ inputs.chartPath }}/Chart.yaml) - CHART_REPO=https://github.com/${{ github.repository }} - CHART_OCI_PATH=ghcr.io/${{ github.repository }}/$CHART_NAME - - echo "CHART_NAME=$CHART_NAME" >> $GITHUB_ENV - echo "VERSION=$VERSION" >> $GITHUB_ENV - echo "APP_VERSION=$APP_VERSION" >> $GITHUB_ENV - echo "CHART_REPO=$CHART_REPO" >> $GITHUB_ENV - echo "CHART_OCI_PATH=$CHART_OCI_PATH" >> $GITHUB_ENV - - # Only fetch image-related info for monolithic components (not chart-only) - if [ "${{ inputs.chartOnly }}" != "true" ]; then - IMAGE_NAME=$(yq '.image.name' ${{ inputs.chartPath }}/values.yaml) - ORG_REPO=$(echo "$IMAGE_NAME" | sed 's|ghcr.io/||') - IMAGE_REPO=https://github.com/$ORG_REPO - IMAGE_REPO_SHA=$(gh api repos/$ORG_REPO/git/ref/tags/$APP_VERSION | jq -r '.object.sha') - - echo "IMAGE_NAME=$IMAGE_NAME" >> $GITHUB_ENV - echo "ORG_REPO=$ORG_REPO" >> $GITHUB_ENV - echo "IMAGE_REPO=$IMAGE_REPO" >> $GITHUB_ENV - echo "IMAGE_REPO_SHA=$IMAGE_REPO_SHA" >> $GITHUB_ENV - fi - env: - GH_TOKEN: ${{ steps.app-token.outputs.token }} - - name: Write Credentials file - run: | - OCM_REGISTRY_URL="${{ inputs.ocmRegistryUrl }}" - OCM_HOSTNAME="${OCM_REGISTRY_URL%%/*}" - OCM_PATHPREFIX="${OCM_REGISTRY_URL#*/}" - cat < $HOME/.ocmconfig - type: generic.config.ocm.software/v1 - configurations: - - type: credentials.config.ocm.software - consumers: - - identity: - type: OCIRegistry - scheme: https - hostname: ${OCM_HOSTNAME} - pathprefix: ${OCM_PATHPREFIX} - credentials: - - type: Credentials - properties: - username: github - password: ${{ secrets.GITHUB_TOKEN }} - EOF - - name: create OCM ComponentArchive - run: | - ocm_ctf=.ocm/transport.ctf - mkdir -p "$(dirname "$ocm_ctf")" - if [ "${{ inputs.chartOnly }}" == "true" ]; then - ./ocm add components -c --templater=go --file "$ocm_ctf" ${{ inputs.componentConstructorFile }} -- \ - VERSION=${{ env.VERSION }} \ - APP_VERSION=${{ env.APP_VERSION }} \ - COMMIT=${{ github.sha }} \ - CHART_REPO=${{ env.CHART_REPO }} \ - COMPONENT_NAME=${{ inputs.componentName }} \ - CHART_NAME=${{ env.CHART_NAME }} \ - CHART_OCI_PATH=${{ env.CHART_OCI_PATH }} \ - LOCAL_CHART_PATH=${{ inputs.chartPath }} - else - ./ocm add components -c --templater=go --file "$ocm_ctf" ${{ inputs.componentConstructorFile }} -- \ - VERSION=${{ env.VERSION }} \ - APP_VERSION=${{ env.APP_VERSION }} \ - IMAGE_NAME=${{ env.IMAGE_NAME }} \ - COMMIT=${{ github.sha }} \ - IMAGE_REPO=${{ env.IMAGE_REPO }} \ - IMAGE_REPO_SHA=${{ env.IMAGE_REPO_SHA }} \ - CHART_REPO=${{ env.CHART_REPO }} \ - COMPONENT_NAME=${{ inputs.componentName }} \ - CHART_NAME=${{ env.CHART_NAME }} \ - CHART_OCI_PATH=${{ env.CHART_OCI_PATH }} \ - LOCAL_CHART_PATH=${{ inputs.chartPath }} - fi - - name: Download CA certificate - run: gh api repos/platform-mesh/helm-charts/contents/.ocm/signature/ca.cert --jq '.content' | base64 -d > /tmp/ca.cert - env: - GH_TOKEN: ${{ secrets.GITHUB_TOKEN }} - - - name: Sign OCM component - run: | - printf '%s' "$OCM_SIGNING_PRIVATE_KEY" > /tmp/ocm-signing.priv - printf '%s' "$OCM_SIGNING_CERT" > /tmp/ocm-signing.cert - ./ocm sign componentversion \ - --signature "helm-charts.platform-mesh" \ - --private-key /tmp/ocm-signing.priv \ - --public-key /tmp/ocm-signing.cert \ - --ca-cert /tmp/ca.cert \ - .ocm/transport.ctf - rm -f /tmp/ocm-signing.priv /tmp/ocm-signing.cert /tmp/ca.cert - env: - OCM_SIGNING_PRIVATE_KEY: ${{ secrets.OCM_SIGNING_PRIVATE_KEY }} - OCM_SIGNING_CERT: ${{ secrets.OCM_SIGNING_CERT }} - - - name: Transfer to OCM REPO - run: ./ocm transfer ctf .ocm/transport.ctf "${{ inputs.ocmRegistryUrl }}" - - - name: Trigger service component pipeline (chart-only mode) - if: ${{ inputs.chartOnly == true }} - run: | - # Determine image component name - IMAGE_COMPONENT_NAME="${{ inputs.imageComponentName }}" - if [ -z "$IMAGE_COMPONENT_NAME" ]; then - IMAGE_COMPONENT_NAME="${{ env.CHART_NAME }}" - fi - - # Derive service component name from chart component name by stripping helm-charts/ prefix - SERVICE_COMPONENT_NAME="${{ inputs.componentName }}" - SERVICE_COMPONENT_NAME="${SERVICE_COMPONENT_NAME/helm-charts\//}" - - gh workflow run ocm-service-component.yaml --repo "platform-mesh/helm-charts" \ - -f componentName="$SERVICE_COMPONENT_NAME" \ - -f chartName="${{ env.CHART_NAME }}" \ - -f chartVersion="${{ env.VERSION }}" \ - -f appVersion="${{ env.APP_VERSION }}" \ - -f imageComponentName="$IMAGE_COMPONENT_NAME" \ - ${SERVICE_COMPONENT_CONSTRUCTOR_FILE:+-f componentConstructorFile="$SERVICE_COMPONENT_CONSTRUCTOR_FILE"} - env: - GITHUB_TOKEN: ${{ steps.app-token.outputs.token }} - SERVICE_COMPONENT_CONSTRUCTOR_FILE: ${{ inputs.serviceComponentConstructorFile }} - - - name: Trigger PlatformMesh OCM build (monolithic mode) - if: ${{ inputs.chartOnly != true }} - run: | - gh workflow run ocm-aggregator.yaml --repo "platform-mesh/helm-charts" - env: - GITHUB_TOKEN: ${{ steps.app-token.outputs.token }} diff --git a/.github/workflows/job-test-chart.yml b/.github/workflows/job-test-chart.yml deleted file mode 100644 index 7de227b..0000000 --- a/.github/workflows/job-test-chart.yml +++ /dev/null @@ -1,77 +0,0 @@ -name: Test Helm Chart -on: - workflow_call: - inputs: - branch: - description: 'branch to checkout' - required: false - default: '' - type: string - chartRepos: - required: false - type: string - default: '' - chartsFolder: - required: false - type: string - default: 'charts' - chartName: - required: true - type: string - additionalTestFilesCommand: - required: false - type: string - default: '-f chart/test-values.yaml' - -jobs: - unittest: - runs-on: ubuntu-latest - container: - image: ghcr.io/platform-mesh/infra/helm-unittest:latest - credentials: - username: ${{ github.actor }} - password: ${{ secrets.GITHUB_TOKEN }} - steps: - - uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6 - with: - ref: ${{ inputs.branch }} - - name: Unit Testing Chart - run: helm unittest ${{ inputs.chartsFolder }}/${{ inputs.chartName }} - lint: - runs-on: ubuntu-latest - steps: - - name: Checkout - uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6 - with: - fetch-depth: 0 - - name: Set up Helm - uses: azure/setup-helm@dda3372f752e03dde6b3237bc9431cdc2f7a02a2 # v5.0.0 - with: - version: v3.14.4 - - uses: actions/setup-python@a309ff8b426b58ec0e2a45f0f869d46889d02405 # v6 - with: - python-version: '3.x' - check-latest: true - - name: Set up chart-testing - uses: helm/chart-testing-action@6ec842c01de15ebb84c8627d2744a0c2f2755c9f # v2.8.0 - with: - version: 'v3.14.0' - yamllint_version: '1.37.0' - yamale_version: '5.2.1' - - name: Log in to ghcr.io - run: | - echo "${GITHUB_TOKEN}" | helm registry login ghcr.io --username "${GITHUB_ACTOR}" --password-stdin - env: - GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} - GITHUB_ACTOR: ${{ github.actor }} - - name: Run chart-testing (list-changed) - id: list-changed - run: | - changed=$(ct list-changed --target-branch ${{ github.event.repository.default_branch }} --chart-dirs=${{ inputs.chartsFolder }}) - if [[ -n "$changed" ]]; then - echo "changed=true" >> "$GITHUB_OUTPUT" - fi - - name: Run chart-testing (lint) - if: steps.list-changed.outputs.changed == 'true' - run: ct lint --target-branch ${{ github.event.repository.default_branch }} --chart-dirs=${{ inputs.chartsFolder }} --validate-maintainers=false --chart-repos=${{ inputs.chartRepos }} - \ No newline at end of file diff --git a/.github/workflows/pipeline-chart.yml b/.github/workflows/pipeline-chart.yml deleted file mode 100644 index 3b84f5e..0000000 --- a/.github/workflows/pipeline-chart.yml +++ /dev/null @@ -1,97 +0,0 @@ -name: pipeline-chart -permissions: - contents: write - packages: write -on: - workflow_call: - inputs: - chartRepos: - required: false - type: string - default: '' - chartFolder: - required: false - type: string - default: 'charts' - chartName: - required: true - type: string - additionalTestFilesCommand: - required: false - type: string - default: '-f chart/test-values.yaml' - release_branch: - required: false - type: string - default: 'main' - pushTags: - required: false - type: boolean - default: false - disableOCM: - required: false - type: boolean - default: false - componentConstructorFile: - required: false - type: string - default: .ocm/component-constructor.yaml - chartOnly: - description: "If true, builds chart-only component and triggers service component pipeline" - required: false - type: boolean - default: false - imageComponentName: - description: "Image component name suffix for service component (defaults to chart name)" - required: false - type: string - default: '' - outputs: - version: - description: "The created Version" - value: ${{ jobs.release.outputs.version }} - -jobs: - testChart: - uses: ./.github/workflows/job-test-chart.yml - with: - chartsFolder: ${{ inputs.chartFolder }} - chartName: ${{ inputs.chartName }} - additionalTestFilesCommand: ${{ inputs.additionalTestFilesCommand }} - chartRepos: ${{ inputs.chartRepos }} - secrets: inherit - - checkHelmDocs: - uses: ./.github/workflows/job-check-helm-chart-docs.yml - with: - chartFolder: ${{ inputs.chartFolder }}/${{ inputs.chartName }} - secrets: inherit - - release: - needs: [testChart,checkHelmDocs] - uses: ./.github/workflows/job-release-chart.yml - secrets: inherit - with: - updateVersion: false - pushTags: ${{ inputs.pushTags }} - updateImageTag: false - chartFolder: ${{ inputs.chartFolder }}/${{ inputs.chartName }} - release_branch: ${{ inputs.release_branch }} - - ocm: - if: ${{ !inputs.disableOCM && (github.head_ref || github.ref) == format('refs/heads/{0}',inputs.release_branch) }} - needs: [release] - uses: ./.github/workflows/job-ocm.yml - secrets: inherit - with: - chartPath: ${{ inputs.chartFolder }}/${{ inputs.chartName }} - componentName: ${{ inputs.chartOnly && format('github.com/platform-mesh/helm-charts/{0}', inputs.chartName) || format('github.com/platform-mesh/{0}', inputs.chartName) }} - componentConstructorFile: ${{ inputs.componentConstructorFile }} - chartOnly: ${{ inputs.chartOnly }} - imageComponentName: ${{ inputs.imageComponentName }} - - pm-ocm: - if: ${{ !inputs.chartOnly && !inputs.disableOCM && (github.head_ref || github.ref) == format('refs/heads/{0}',inputs.release_branch) }} - needs: [ocm] - uses: ./.github/workflows/job-ocm-version-update.yml - secrets: inherit