-
Notifications
You must be signed in to change notification settings - Fork 2.3k
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
ci(helm): auto public Helm chart after PR merged #7526
base: main
Are you sure you want to change the base?
Conversation
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Hello @afdesk
I left a comments.
Do you have a test action in your fork? If yes, please add a link to this run in the PR description.
Trivy publishes a new Helm Chart only for major versions (ex 0.55.0).
I didn't find conditions for that.
This condition works only for major version, because trivy/.github/workflows/publish-chart.yaml Lines 51 to 52 in aeb7039
|
Oh... You said current behavior. I thought it was new logic. |
it seems it depends on token owner, because I tried to keep the same workflow: trivy/.github/workflows/backport.yaml Lines 48 to 58 in 5dd94eb
|
you said this and I realized that most likely you are right and I have already encountered this 👍 |
Do we need a label?
They should be different; otherwise, we can't update the chart version when we fix the Helm chart itself. |
@knqyf263 @DmitriyLewen I've updated a version changing. |
magefiles/helm.go
Outdated
return result | ||
} | ||
|
||
func newHelmVersion(currentHelm, currentTrivy, newTrivy string) string { |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
What do you think about using https://github.com/aquasecurity/go-version/blob/main/pkg/semver/version.go?
you can get minor and patch parts
also you can increment version part
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
done 1e4b16c
publish-chart: | ||
if: github.event_name == 'push' || github.event_name == 'workflow_dispatch' | ||
if: github.event.pull_request.merged == true || github.event_name == 'workflow_dispatch' |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
I may be wrong, but I remember that the events for merging a PR by default and merging using merge queue
may be different.
Does this work correctly?
aefa476
to
8d5a183
Compare
Description
Trivy publishes a new Helm Chart only for major versions (ex 0.55.0).
This PR suggests next workflow:
if there are any changes in helm folder ('helm/trivy/**'), the test will be run.
if a new tag is pushed will be created a new PR with update a new version of Helm Chart.
Helm Chart will be published, after the PR with new version is merged.
The action runs helm test before publishing again to check that everything is still OK
(ex. Trivy image wasn't removed).
Tests with mage command
I've tested this update in my fork:
Refs:
Checklist