wip

.github/workflows/chart-release-candidate.yaml

@@ -0,0 +1,47 @@
+name: "Chart - Release - Candidate"
+
+on:
+  push:
+    branches:
+      - release-candidate*
+      - 2404-aa-create-rc-workflow
+
+jobs:
+  release:
+    name: Release Candidate
+    uses: ./.github/workflows/chart-release-template.yaml
+    with:
+      branch: ${{ github.ref_name }}
+      chart-matrix: |
+        [
+          {
+            "name": "Helm Chart rolling - 8.2",
+            "directory": "charts/camunda-platform-8.2",
+            "versionSuffix": "rc-8.2",
+            "override": true
+          },
+          {
+            "name": "Helm Chart rolling - 8.3",
+            "directory": "charts/camunda-platform-8.3",
+            "versionSuffix": "rc-8.3",
+            "override": true
+          },
+          {
+            "name": "Helm Chart rolling - 8.4",
+            "directory": "charts/camunda-platform-8.4",
+            "versionSuffix": "rc-8.4",
+            "override": true
+          },
+          {
+            "name": "Helm Chart rolling - 8.5",
+            "directory": "charts/camunda-platform-8.5",
+            "versionSuffix": "rc-8.5",
+            "override": true
+          },
+          {
+            "name": "Helm Chart rolling - 8.6",
+            "directory": "charts/camunda-platform-8.6",
+            "versionSuffix": "rc-8.6",
+            "override": true
+          }
+        ]

.github/workflows/chart-release-snapshot.yaml

@@ -1,186 +1,39 @@
-# TODO: Convert this workflow to a template and use it for both snapshot and actual releases.
 name: "Chart - Release - Snapshot"
 
 on:
   push:
     branches:
       - main
+      - 2404-aa-create-rc-workflow
     paths:
       - .github/workflows/chart-release-snapshot.yaml
-      - charts/camunda-platform-alpha/**
+      - charts/camunda-platform-alpha/*
+      - charts/camunda-platform-8.6/*
 
 jobs:
-  clean:
-    name: Clean old artifacts digest
-    permissions:
-      packages: write
-    runs-on: ubuntu-latest
-    defaults:
-      run:
-        shell: bash
-        working-directory: /tmp
-    steps:
-      - name: Delete old artifacts
-        env:
-          GH_TOKEN: ${{ secrets.GITHUB_TOKEN }}
-        run: |
-          # Get IDs of the untagged artifacts (the sha256 digest).
-          artifacts_ids_to_delete="$(
-            gh api -H 'Accept: application/vnd.github+json' -H 'X-GitHub-Api-Version: 2022-11-28' \
-              '/orgs/camunda/packages/container/helm%2Fcamunda-platform/versions?per_page=100' |
-            jq '.[] | select(.metadata.container.tags | length == 0)' | jq '.id'
-          )"
-          # Early exit if no artifacts to delete.
-          test -z "${artifacts_ids_to_delete}" && {
-            echo "No old untagged artifacts to delete ...";
-            exit 0;
-          }
-          # Delete the untagged artifacts.
-          echo -e "Deleting the old untagged artifacts IDs:\n${artifacts_ids_to_delete}"
-          for container_id in ${artifacts_ids_to_delete}; do
-            gh api --method DELETE -H "Accept: application/vnd.github+json" -H "X-GitHub-Api-Version: 2022-11-28" \
-              "/orgs/camunda/packages/container/helm%2Fcamunda-platform/versions/${container_id}"
-          done
-
   release:
-    needs: clean
-    name: ${{ matrix.chart.name }}
-    permissions:
-      packages: write
-      id-token: write
-    runs-on: ubuntu-latest
-    strategy:
-      fail-fast: false
-      matrix:
-        chart:
-        - name: Helm Chart rolling - 8.2
-          directory: charts/camunda-platform-8.2
-          versionSuffix: snapshot-8.2
-          override: true
-        - name: Helm Chart rolling - 8.3
-          directory: charts/camunda-platform-8.3
-          versionSuffix: snapshot-8.3
-          override: true
-        - name: Helm Chart rolling - 8.4
-          directory: charts/camunda-platform-8.4
-          versionSuffix: snapshot-8.4
-          override: true
-        - name: Helm Chart rolling - 8.5
-          directory: charts/camunda-platform-8.5
-          versionSuffix: snapshot-8.5
-          override: true
-        - name: Helm Chart rolling - 8.6
-          directory: charts/camunda-platform-8.6
-          versionSuffix: snapshot-8.6
-          override: true
-        - name: Helm Chart rolling - Latest
-          directory: charts/camunda-platform-8.6
-          versionSuffix: snapshot-latest
-          override: true
-        - name: Helm Chart rolling - Alpha
-          directory: charts/camunda-platform-alpha
-          versionSuffix: snapshot-alpha
-          override: true
-        - name: Helm Chart versioned - Alpha
-          directory: charts/camunda-platform-alpha
-          versionSuffix: ""
-          override: false
-    defaults:
-      run:
-        shell: bash
-        working-directory: ${{ matrix.chart.directory }}
-    #
-    # Vars.
-    env:
-      REPOSITORY_NAME: "camunda/helm"
-      CHART_NAME: "camunda-platform"
-    steps:
-      - name: Checkout
-        uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332 # v4
-        with:
-          fetch-depth: 0
-      - name: Set vars
-        run: |
-          # NOTE: Helm CLI only accepts SemVer so we need to use something like "0.0.0-snapshot-latest".
-          CHART_VERSION_SUFFIX="${{ matrix.chart.versionSuffix }}"
-          CHART_VERSION_SUFFIX_DEFAULT="$(yq '.version' Chart.yaml)"
-          echo "CHART_VERSION=0.0.0-${CHART_VERSION_SUFFIX:-${CHART_VERSION_SUFFIX_DEFAULT}}" | tee -a $GITHUB_ENV
-      #
-      # Changelog.
-      - name: Generate snapshot changelog
-        run: |
-          export SNAPSHOT_DESCRIPTION="Check chart dir for more details: https://github.com/camunda/camunda-platform-helm/tree/main/charts/${{ matrix.chart.directory }}"
-          yq -i '.description |= strenv(SNAPSHOT_DESCRIPTION)' Chart.yaml
-      #
-      # Package.
-      - name: Install Helm CLI
-        uses: asdf-vm/actions/install@05e0d2ed97b598bfce82fd30daf324ae0c4570e6 # v3
-      - name: Print Helm CLI version
-        run: helm version
-      - name: ⭐ Check if the chart artifact should be published ⭐
-        id: vars
-        run: |
-          case "${{ matrix.chart.override }}" in
-            "true")
-              # For snapshots, the artifact is always overriden.
-              PUBLISH_ARTIFACT="true"
-              ;;
-            "false")
-              # If the artfact exists, then it will not republished.
-              helm pull oci://ghcr.io/${{ env.REPOSITORY_NAME }}/${{ env.CHART_NAME }} \
-                --version ${{ env.CHART_VERSION }} 2> /dev/null && EXIT_CODE=0 || EXIT_CODE=1
-              test ${EXIT_CODE} -eq 0 && PUBLISH_ARTIFACT="false" || PUBLISH_ARTIFACT="true"
-              ;;
-            *)
-              echo "Unsupported value."
-              exit 1
-              ;;
-          esac
-          # Add the var to GH vars.
-          echo "PUBLISH_ARTIFACT=${PUBLISH_ARTIFACT}" | tee -a $GITHUB_ENV
-      - name: Helm dependency update
-        if: env.PUBLISH_ARTIFACT == 'true'
-        run: |
-          make -C ../.. helm.dependency-update \
-            chartPath=${{ matrix.chart.directory }}
-      - name: Package and push Helm chart
-        if: env.PUBLISH_ARTIFACT == 'true'
-        env:
-          HELM_EXPERIMENTAL_OCI: 1
-        run: |
-          echo ${{ secrets.GITHUB_TOKEN }} | helm registry login -u ${{ github.actor }} --password-stdin ghcr.io
-          helm package --version ${{ env.CHART_VERSION }} .
-          helm push ${{ env.CHART_NAME }}-${{ env.CHART_VERSION }}.tgz oci://ghcr.io/${{ env.REPOSITORY_NAME }}
-          helm registry logout ghcr.io
-      #
-      # Security signature.
-      - name: Install Cosign CLI
-        if: env.PUBLISH_ARTIFACT == 'true'
-        uses: sigstore/cosign-installer@4959ce089c160fddf62f7b42464195ba1a56d382 # v3.6.0
-      - name: Sign Helm chart with Cosign
-        if: env.PUBLISH_ARTIFACT == 'true'
-        run: |
-          cosign sign-blob -y ${{ env.CHART_NAME }}-${{ env.CHART_VERSION }}.tgz \
-            --bundle ${{ env.CHART_NAME }}-${{ env.CHART_VERSION }}.cosign.bundle
-      - name: Verify signed Helm chart with Cosign
-        if: env.PUBLISH_ARTIFACT == 'true'
-        run: |
-          cosign verify-blob ${{ env.CHART_NAME }}-${{ env.CHART_VERSION }}.tgz \
-            --bundle ${{ env.CHART_NAME }}-${{ env.CHART_VERSION }}.cosign.bundle \
-            --certificate-identity "https://github.com/${GITHUB_WORKFLOW_REF}" \
-            --certificate-oidc-issuer "https://token.actions.githubusercontent.com"
-      - name: Login to GitHub Container Registry
-        if: env.PUBLISH_ARTIFACT == 'true'
-        uses: docker/login-action@9780b0c442fbb1117ed29e0efdff1e18412f7567 # v3
-        with:
-          registry: ghcr.io
-          username: ${{ github.actor }}
-          password: ${{ secrets.GITHUB_TOKEN }}
-      - name: Install ORAS CLI
-        if: env.PUBLISH_ARTIFACT == 'true'
-        uses: oras-project/setup-oras@ca28077386065e263c03428f4ae0c09024817c93 # v1
-      - name: Upload Helm chart Cosign bundle
-        if: env.PUBLISH_ARTIFACT == 'true'
-        run: |
-          oras push ghcr.io/${{ env.REPOSITORY_NAME }}/${{ env.CHART_NAME }}:${{ env.CHART_VERSION }}.cosign.bundle \
-            ${{ env.CHART_NAME }}-${{ env.CHART_VERSION }}.cosign.bundle:text/plain
+    name: Release Candidate
+    uses: ./.github/workflows/chart-release-template.yaml
+    with:
+      branch: ${{ github.ref_name }}
+      chart-matrix: |
+        [
+          {
+            "name": "Helm Chart rolling - Latest",
+            "directory": "charts/camunda-platform-8.6",
+            "versionSuffix": "snapshot-latest",
+            "override": true
+          },
+          {
+            "name": "Helm Chart rolling - Alpha",
+            "directory": "charts/camunda-platform-alpha",
+            "versionSuffix": "snapshot-alpha",
+            "override": true
+          },
+          {
+            "name": "Helm Chart versioned - Alpha",
+            "directory": "charts/camunda-platform-alpha",
+            "versionSuffix": "",
+            "override": false
+          }
+        ]