bitnami
/
charts


			
				
					
						
						
							123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596979899100101102103104105106107108109110111112113114115116117118119120121122123124125126127128129130131132133134135136137138139140141142143144145146147148149150151152153154155156157158159160161162163164165166167168169170171172173174175176177178179180181182183184185186187188189190191192193194195196197198199200201202203204205206207208209210211212213214215216217218219220221222223224225226227228229230231232233234
							name: '[CI/CD] CD Pipeline'
on: # rebuild any PRs and main branch changes
  push:
    branches:
      - master
    paths:
      - 'bitnami/airflow/**'
      - 'bitnami/apache/**'
      - 'bitnami/aspnet-core/**'
      - 'bitnami/cassandra/**'
      - 'bitnami/consul/**'
      - 'bitnami/discourse/**'
      - 'bitnami/dokuwiki/**'
      - 'bitnami/elasticsearch/**'
      - 'bitnami/external-dns/**'
      - 'bitnami/fluentd/**'
      - 'bitnami/ghost/**'
      - 'bitnami/grafana-loki/**'
      - 'bitnami/grafana/**'
      - 'bitnami/haproxy/**'
      - 'bitnami/haproxy-intel/**'
      - 'bitnami/harbor/**'
      - 'bitnami/influxdb/**'
      - 'bitnami/jenkins/**'
      - 'bitnami/joomla/**'
      - 'bitnami/kafka/**'
      - 'bitnami/keycloak/**'
      - 'bitnami/kibana/**'
      - 'bitnami/magento/**'
      - 'bitnami/mariadb/**'
      - 'bitnami/matomo/**'
      - 'bitnami/mediawiki/**'
      - 'bitnami/memcached/**'
      - 'bitnami/minio/**'
      - 'bitnami/mongodb/**'
      - 'bitnami/mysql/**'
      - 'bitnami/nginx/**'
      - 'bitnami/node/**'
      - 'bitnami/odoo/**'
      - 'bitnami/opencart/**'
      - 'bitnami/owncloud/**'
      - 'bitnami/phpbb/**'
      - 'bitnami/phpmyadmin/**'
      - 'bitnami/pinniped/**'
      - 'bitnami/postgresql/**'
      - 'bitnami/prestashop/**'
      - 'bitnami/rabbitmq/**'
      - 'bitnami/redis-cluster/**'
      - 'bitnami/redis/**'
      - 'bitnami/redmine/**'
      - 'bitnami/schema-registry/**'
      - 'bitnami/sealed-secrets/**'
      - 'bitnami/solr/**'
      - 'bitnami/spark/**'
      - 'bitnami/spring-cloud-dataflow/**'
      - 'bitnami/suitecrm/**'
      - 'bitnami/tomcat/**'
      - 'bitnami/wildfly/**'
      - 'bitnami/wordpress/**'
      - 'bitnami/wordpress-intel/**'
      - 'bitnami/zookeeper/**'
      - '!**.md'
env:
  CSP_API_URL: https://console.cloud.vmware.com
  CSP_API_TOKEN: ${{ secrets.CSP_API_TOKEN }}
  VIB_PUBLIC_URL: https://cp.bromelia.vmware.com
jobs:
  get-chart:
    runs-on: ubuntu-latest
    name: 'Get modified charts'
    outputs:
      chart: ${{ steps.get-chart.outputs.chart }}
      result: ${{ steps.get-chart.outputs.result }}
    steps:
      - uses: actions/checkout@v2
        with:
          path: charts
          fetch-depth: 2 # to be able to obtain files changed in the latest commit
      - id: get-chart
        name: 'Get modified charts'
        run: |
          cd charts
          files_changed="$(git show --pretty="" --name-only)"
          # Adding || true to avoid "Process exited with code 1" errors
          charts_dirs_changed="$(echo "$files_changed" | xargs dirname | grep -o "bitnami/[^/]*" | sort | uniq || true)"
          # Using grep -c as a better alternative to wc -l when dealing with empty strings."
          num_charts_changed="$(echo "$charts_dirs_changed" | grep -c "bitnami" || true)"
          num_version_bumps="$(echo "$files_changed" | grep Chart.yaml | xargs git show | grep -c "+version" || true)"

          if [[ "$num_charts_changed" -ne "$num_version_bumps" ]]; then
            # Changes done in charts but version not bumped -> ERROR
            echo "::set-output name=error::Detected changes in charts without version bump in Chart.yaml.\nCharts changed: ${num_charts_changed}\n${charts_dirs_changed}\nVersion bumps detected: ${num_version_bumps}"
            echo "::set-output name=result::fail"
          elif [[ "$num_charts_changed" -eq "1" ]]; then
            # Changes done in only one chart -> OK
            chart_name=$(echo "$charts_dirs_changed" | sed "s|bitnami/||g")
            echo "::set-output name=chart::${chart_name}"
            echo "::set-output name=result::ok"
          else
            # Changes done in more than chart -> FAIL
            echo -e "::set-output name=error::Changes detected in more than one chart directory:\n${charts_dirs_changed}\nThe publish process will be stopped. Please create different commits for each chart."
            echo "::set-output name=result::fail"
          fi
      - id: show-error
        name: 'Show error'
        if: ${{ steps.get-chart.outputs.result == 'fail' }}
        uses: actions/github-script@v3
        with:
          script: |
              core.setFailed('${{ steps.get-chart.outputs.error }}')
  vib-publish:
    runs-on: ubuntu-latest
    needs: get-chart
    if: ${{ needs.get-chart.outputs.result == 'ok' }}
    name: VIB Publish
    steps:
      - uses: actions/checkout@v2
        name: Checkout Repository
        with:
          path: charts
      - uses: vmware-labs/vmware-image-builder-action@main
        name: Verify and publish ${{ needs.get-chart.outputs.chart }}
        with:
          pipeline: ${{ needs.get-chart.outputs.chart }}/vib-publish.json
          config: charts/.vib/
        env:
          VIB_ENV_TARGET_PLATFORM: ${{ secrets.VIB_ENV_TARGET_PLATFORM }}
          VIB_ENV_ALTERNATIVE_TARGET_PLATFORM: ${{ secrets.VIB_ENV_ALTERNATIVE_TARGET_PLATFORM }}
          VIB_ENV_S3_URL: s3://${{ secrets.AWS_S3_BUCKET }}/bitnami
          VIB_ENV_S3_USERNAME: ${{ secrets.AWS_ACCESS_KEY_ID }}
          VIB_ENV_S3_PASSWORD: ${{ secrets.AWS_SECRET_ACCESS_KEY }}
  update-index:
    runs-on: ubuntu-latest
    needs:
      - vib-publish
    name: Update charts index
    steps:
      - uses: actions/download-artifact@v3
        with:
          path: ~/artifacts
      # If we perform a checkout of the master branch, we will find conflicts with the submodules
      - uses: actions/checkout@v2
        with:
          ref: 'index'
          path: index
          # The token is persisted in the local git config and enables scripts to run authenticated git commands.
          token: ${{ secrets.BITNAMI_BOT_TOKEN }}
      - name: Install and configure aws-cli and helm
        run: |
          # AWS CLI
          sudo DEBIAN_FRONTEND=noninteractive apt-get install -y awscli
          aws configure set region us-east-1
          aws configure set aws_access_key_id ${{ secrets.AWS_ACCESS_KEY_ID }}
          aws configure set aws_secret_access_key ${{ secrets.AWS_SECRET_ACCESS_KEY }}
          aws configure set source_profile default
          # helm
          HELM_TARBALL="helm-v3.8.1-linux-amd64.tar.gz"
          curl -SsLfO "https://get.helm.sh/${HELM_TARBALL}" && sudo tar xf "$HELM_TARBALL" --strip-components 1 -C /usr/local/bin
      - id: update-index
        name: Fetch chart and update index
        run: |
          # Extract chart release metadata from the publish result file
          vib_publish_result_file=$(find ~/artifacts -name "result.json" -print -quit)
          chart_name=$(jq -re '.actions|map(select(.action_id == "helm-publish"))[0] | .application.name' $vib_publish_result_file)
          chart_version=$(jq -re '.actions|map(select(.action_id == "helm-publish"))[0] | .application.version' $vib_publish_result_file)
          # Download published asset
          mkdir download
          aws s3 cp s3://${{ secrets.AWS_S3_BUCKET }}/bitnami/${chart_name}-${chart_version}.tgz download/

          cd index
          git config user.name "Bitnami Containers"
          git config user.email "bitnami-bot@vmware.com"

          attempts=0
          max_attempts=5
          is_index_updated=0
          while [[ $attempts -lt $max_attempts && $is_index_updated -eq 0 ]]; do
            attempts=$((attempts + 1))
            git fetch origin index
            git reset --hard origin/index

            # Rebuild index
            helm repo index --url https://charts.bitnami.com/bitnami --merge bitnami/index.yaml ../download
            cp ../download/index.yaml bitnami/index.yaml
            # Push changes
            git add bitnami/index.yaml && git commit -m "${chart_name}-${chart_version}: Update index.yaml" -s
            git push && is_index_updated=1 || echo "Failed to push during attempt $attempts"
          done

          if [[ $is_index_updated -ne 1 ]]; then
            echo "Could not update the index after $max_attempts attempts"
            exit 1
          fi
  # If the CD Pipeline does not succeed we should notify the interested agents
  slack-notif:
    runs-on: ubuntu-latest
    needs:
      - vib-publish
      - update-index
    if: always()
    name: Notify unsuccessful CD run
    steps:
      - name: Notify in Slack channel
        if: ${{ needs.vib-publish.result != 'success' || needs.update-index.result != 'success' }}
        uses: slackapi/slack-github-action@v1.19.0
        with:
          channel-id: ${{ secrets.CD_SLACK_CHANNEL_ID }}
          payload: |
            {
              "attachments": [
                {
                  "color": "#CC0000",
                  "fallback": "Unsuccessful bitnami/charts CD pipeline",
                  "blocks": [
                    {
                      "type": "section",
                      "text": {
                        "type": "mrkdwn",
                        "text": "*Unsuccessful `bitnami/charts` CD pipeline*"
                      }
                    },
                    {
                      "type": "section",
                      "text": {
                        "type": "mrkdwn",
                        "text": "The CD pipeline for <${{ github.event.head_commit.url }}|bitnami/charts@${{ github.event.head_commit.id }}> did not succeed. Check the related <${{ github.server_url }}/${{ github.repository }}/actions/runs/${{ github.run_id }}|action run> for more information."
                      }
                    }
                  ]
                }
              ]
            }
        env:
          SLACK_BOT_TOKEN: ${{ secrets.CD_SLACK_BOT_TOKEN }}