Merge pull request #1231 from LerianStudio/feat/plugin-fees-multi-ten… #1231
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| name: Helm Release | |
| on: | |
| push: | |
| branches: | |
| - main | |
| - develop | |
| paths-ignore: | |
| - 'README.md' | |
| - '**/CHANGELOG.md' | |
| - '.github/workflows/**' | |
| - '.github/configs/**' | |
| - '.gitignore' | |
| permissions: | |
| contents: write | |
| packages: write | |
| id-token: write | |
| jobs: | |
| get-changed-paths: | |
| if: github.actor != 'lerian-studio-midaz-push-bot[bot]' | |
| name: Get Changed Paths | |
| runs-on: ubuntu-latest | |
| outputs: | |
| matrix: ${{ steps.changed-paths.outputs.matrix }} | |
| steps: | |
| - name: Checkout code | |
| uses: actions/checkout@v3 | |
| with: | |
| fetch-depth: 0 | |
| - name: Get changed paths | |
| id: changed-paths | |
| uses: LerianStudio/github-actions-changed-paths@main | |
| with: | |
| filter_paths: charts/ | |
| get_app_name: true | |
| path_level: 2 | |
| release-helm-chart: | |
| needs: get-changed-paths | |
| name: Release Helm Chart | |
| if: needs.get-changed-paths.outputs.matrix != '[]' | |
| runs-on: ubuntu-latest | |
| strategy: | |
| max-parallel: 1 | |
| matrix: | |
| chart: ${{ fromJson(needs.get-changed-paths.outputs.matrix) }} | |
| steps: | |
| - name: Generate GitHub App Token | |
| id: app-token | |
| uses: actions/create-github-app-token@v1 | |
| with: | |
| app-id: ${{ secrets.LERIAN_STUDIO_MIDAZ_PUSH_BOT_APP_ID }} | |
| private-key: ${{ secrets.LERIAN_STUDIO_MIDAZ_PUSH_BOT_PRIVATE_KEY }} | |
| - name: Checkout code | |
| uses: actions/checkout@v4 | |
| with: | |
| fetch-depth: 0 | |
| token: ${{ steps.app-token.outputs.token }} | |
| - name: Update Last Changes | |
| run: git pull origin ${{ github.ref_name }} | |
| - name: Set up Helm | |
| continue-on-error: true | |
| uses: azure/setup-helm@1a275c3b69536ee54be43f2070a358922e12c8d4 | |
| - name: Set up Homebrew | |
| id: setup-homebrew | |
| if: ${{ steps.setup-helm.outcome == 'failure' }} | |
| uses: Homebrew/actions/setup-homebrew@f119db709c0cd61731df77f0dd22c87511ee9b6a | |
| - name: Install Helm | |
| id: install-helm | |
| if: ${{ steps.setup-helm.outcome == 'failure' }} | |
| shell: bash | |
| run: | | |
| brew install helm | |
| - name: Helm Dependency Update | |
| run: helm dependency update ${{ matrix.chart.working_dir }} | |
| - name: Helm Lint | |
| run: helm lint ${{ matrix.chart.working_dir }} | |
| - name: Run helm unittest | |
| id: unittest | |
| run: | | |
| helm plugin install https://github.com/helm-unittest/helm-unittest.git --verify=false | |
| helm unittest ${{ matrix.chart.working_dir }} | |
| - name: Log in to Docker Hub | |
| uses: docker/login-action@v3 | |
| with: | |
| username: ${{ secrets.DOCKER_USERNAME }} | |
| password: ${{ secrets.DOCKER_PASSWORD }} | |
| - name: Login to GitHub Container Registry | |
| run: echo "${{ secrets.GITHUB_TOKEN }}" | helm registry login ghcr.io -u lerianstudio --password-stdin | |
| - name: Import GPG key | |
| uses: crazy-max/ghaction-import-gpg@v6 | |
| id: import_gpg | |
| with: | |
| gpg_private_key: ${{ secrets.LERIAN_CI_CD_USER_GPG_KEY }} | |
| passphrase: ${{ secrets.LERIAN_CI_CD_USER_GPG_KEY_PASSWORD }} | |
| git_committer_name: ${{ secrets.LERIAN_CI_CD_USER_NAME }} | |
| git_committer_email: ${{ secrets.LERIAN_CI_CD_USER_EMAIL }} | |
| git_config_global: true | |
| git_user_signingkey: true | |
| git_commit_gpgsign: true | |
| - name: Setup Go | |
| uses: actions/setup-go@v5 | |
| with: | |
| go-version: '1.21' | |
| cache-dependency-path: .github/scripts/go.mod | |
| - name: Build scripts | |
| run: | | |
| cd .github/scripts | |
| go build -o update-chart-version-readme update-chart-version-readme.go | |
| - name: Generate .releaserc file | |
| run: | | |
| CHART_NAME="${{ matrix.chart.name }}" | |
| CHART_PATH="${{ matrix.chart.working_dir }}" | |
| if [ "$CHART_NAME" == "plugin-access-manager" ] || [ "$CHART_NAME" == "otel-collector-lerian" ]; then | |
| PUSH_FILE="$CHART_NAME-\${nextRelease.version}.tgz" | |
| else | |
| PUSH_FILE="$CHART_NAME-helm-\${nextRelease.version}.tgz" | |
| fi | |
| jq \ | |
| --arg chartPath "$CHART_PATH" \ | |
| --arg tagFormat "$CHART_NAME-v\${version}" \ | |
| --arg successCmd "helm package $CHART_PATH && helm push $PUSH_FILE oci://ghcr.io/lerianstudio" \ | |
| --arg prepareCmd "./.github/scripts/update-chart-version-readme --chart $CHART_NAME --version \${nextRelease.version}" \ | |
| '.plugins[2][1].chartPath = $chartPath | | |
| .plugins[4][1].assets = [($chartPath + "/Chart.yaml"), "README.md"] | | |
| .tagFormat = $tagFormat | | |
| .plugins[3][1].successCmd = $successCmd | | |
| .plugins[3][1].prepareCmd = $prepareCmd' \ | |
| .github/configs/.releaserc.json > .releaserc | |
| - name: Semantic Release | |
| uses: cycjimmy/semantic-release-action@v4 | |
| id: semantic_changelog | |
| with: | |
| ci: false | |
| semantic_version: 23.0.8 | |
| extra_plugins: | | |
| conventional-changelog-conventionalcommits@v7.0.2 | |
| semantic-release-helm3 | |
| @semantic-release/exec@6.0.3 | |
| @semantic-release/git | |
| env: | |
| GITHUB_TOKEN: ${{ steps.app-token.outputs.token }} | |
| GIT_AUTHOR_NAME: ${{ secrets.LERIAN_CI_CD_USER_NAME }} | |
| GIT_AUTHOR_EMAIL: ${{ secrets.LERIAN_CI_CD_USER_EMAIL }} | |
| GIT_COMMITTER_NAME: ${{ secrets.LERIAN_CI_CD_USER_NAME }} | |
| GIT_COMMITTER_EMAIL: ${{ secrets.LERIAN_CI_CD_USER_EMAIL }} | |
| - name: Install oras | |
| if: steps.semantic_changelog.outputs.new_release_published == 'true' && github.ref == 'refs/heads/main' | |
| uses: oras-project/setup-oras@v1.2.4 | |
| - name: Tag chart as latest | |
| if: steps.semantic_changelog.outputs.new_release_published == 'true' && github.ref == 'refs/heads/main' | |
| run: | | |
| CHART="${{ matrix.chart.name }}" | |
| VERSION="${{ steps.semantic_changelog.outputs.new_release_version }}" | |
| if [ "$CHART" == "plugin-access-manager" ] || [ "$CHART" == "otel-collector-lerian" ]; then | |
| PACKAGE="$CHART" | |
| else | |
| PACKAGE="${CHART}-helm" | |
| fi | |
| echo "${{ secrets.GITHUB_TOKEN }}" | oras login ghcr.io -u lerianstudio --password-stdin | |
| echo "${{ secrets.DOCKER_PASSWORD }}" | oras login registry-1.docker.io -u ${{ secrets.DOCKER_USERNAME }} --password-stdin | |
| oras cp "ghcr.io/lerianstudio/${PACKAGE}:${VERSION}" "ghcr.io/lerianstudio/${PACKAGE}:latest" | |
| oras cp "registry-1.docker.io/lerianstudio/${PACKAGE}:${VERSION}" "registry-1.docker.io/lerianstudio/${PACKAGE}:latest" | |
| - name: Publish Release in Plugin Lifecycle Management | |
| if: github.ref == 'refs/heads/main' | |
| uses: LerianStudio/github-actions-lifecycle-management@main | |
| with: | |
| chart_name: "${{ matrix.chart.name }}" | |
| application_ids: ${{ vars.APPLICATION_IDS }} | |
| lifecycle_api_token: ${{ secrets.LIFECYCLE_API_TOKEN }} | |
| working_directory: ${{ matrix.chart.working_dir }} | |
| notify-release: | |
| needs: | |
| - get-changed-paths | |
| - release-helm-chart | |
| name: 📢 Release Notification | |
| if: needs.get-changed-paths.outputs.matrix != '[]' && github.ref == 'refs/heads/main' | |
| strategy: | |
| max-parallel: 1 | |
| matrix: | |
| chart: ${{ fromJson(needs.get-changed-paths.outputs.matrix) }} | |
| uses: ./.github/workflows/release-notification.yml | |
| with: | |
| chart_name: ${{ matrix.chart.name }} | |
| chart_path: ${{ matrix.chart.working_dir }} | |
| secrets: | |
| SLACK_BOT_TOKEN_HELM: ${{ secrets.SLACK_BOT_TOKEN_HELM }} | |
| SLACK_CHANNEL_DEVOPS: ${{ secrets.SLACK_CHANNEL_DEVOPS }} | |
| SLACK_GROUP_TECH_SUPPORT: ${{ secrets.SLACK_GROUP_TECH_SUPPORT }} | |
| back-merge: | |
| needs: | |
| - get-changed-paths | |
| - release-helm-chart | |
| name: 🔀 Back Merge to Develop | |
| if: needs.get-changed-paths.outputs.matrix != '[]' && github.ref == 'refs/heads/main' | |
| runs-on: ubuntu-latest | |
| steps: | |
| - name: Generate GitHub App Token | |
| id: app-token | |
| uses: actions/create-github-app-token@v1 | |
| with: | |
| app-id: ${{ secrets.LERIAN_STUDIO_MIDAZ_PUSH_BOT_APP_ID }} | |
| private-key: ${{ secrets.LERIAN_STUDIO_MIDAZ_PUSH_BOT_PRIVATE_KEY }} | |
| - name: Checkout code | |
| uses: actions/checkout@v4 | |
| with: | |
| fetch-depth: 0 | |
| token: ${{ steps.app-token.outputs.token }} | |
| - name: Import GPG key | |
| uses: crazy-max/ghaction-import-gpg@v6 | |
| with: | |
| gpg_private_key: ${{ secrets.LERIAN_CI_CD_USER_GPG_KEY }} | |
| passphrase: ${{ secrets.LERIAN_CI_CD_USER_GPG_KEY_PASSWORD }} | |
| git_committer_name: ${{ secrets.LERIAN_CI_CD_USER_NAME }} | |
| git_committer_email: ${{ secrets.LERIAN_CI_CD_USER_EMAIL }} | |
| git_config_global: true | |
| git_user_signingkey: true | |
| git_commit_gpgsign: true | |
| - name: Back Merge main into develop | |
| env: | |
| GH_TOKEN: ${{ steps.app-token.outputs.token }} | |
| GIT_AUTHOR_NAME: ${{ secrets.LERIAN_CI_CD_USER_NAME }} | |
| GIT_AUTHOR_EMAIL: ${{ secrets.LERIAN_CI_CD_USER_EMAIL }} | |
| GIT_COMMITTER_NAME: ${{ secrets.LERIAN_CI_CD_USER_NAME }} | |
| GIT_COMMITTER_EMAIL: ${{ secrets.LERIAN_CI_CD_USER_EMAIL }} | |
| run: | | |
| git fetch origin main develop | |
| # Check if there are differences between main and develop | |
| if git diff --quiet origin/main origin/develop; then | |
| echo "No differences between main and develop. Skipping back-merge." | |
| exit 0 | |
| fi | |
| # Checkout develop and merge main directly (no PR) | |
| # This way the merge is done by the bot, triggering the actor check | |
| git checkout develop | |
| git pull origin develop | |
| # Merge main into develop | |
| if git merge origin/main --no-edit -m "chore: back merge main into develop [skip ci]"; then | |
| echo "Merge successful, pushing to develop..." | |
| git push origin develop | |
| echo "Back-merge completed successfully." | |
| else | |
| echo "Merge conflict detected. Creating PR for manual resolution." | |
| git merge --abort | |
| # Check if a back-merge PR already exists | |
| EXISTING_PR=$(gh pr list --base develop --head main --state open --json number --jq '.[0].number') | |
| if [ -n "$EXISTING_PR" ]; then | |
| echo "Back-merge PR #$EXISTING_PR already exists. Skipping PR creation." | |
| exit 0 | |
| fi | |
| # Create PR for manual conflict resolution | |
| gh pr create \ | |
| --base develop \ | |
| --head main \ | |
| --title "chore: back merge main into develop (conflicts)" \ | |
| --body "## Back Merge"$'\n\n'"This PR merges the latest changes from main back into develop."$'\n\n'"⚠️ **Manual intervention required**: There are merge conflicts that need to be resolved manually."$'\n\n'"### Auto-generated"$'\n'"This PR was automatically created by the release pipeline." | |
| fi |