-
Notifications
You must be signed in to change notification settings - Fork 6
Add action to update chart and CRDs #18
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Open
tsaarni
wants to merge
1
commit into
projectcontour:main
Choose a base branch
from
Nordix:chart-version-bump-action
base: main
Could not load branches
Branch not found: {{ refName }}
Loading
Could not load tags
Nothing to show
Loading
Are you sure you want to change the base?
Some commits from the old base branch may be removed from the timeline,
and old review comments may become outdated.
+859
−0
Open
Changes from all commits
Commits
File filter
Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
There are no files selected for viewing
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -0,0 +1,33 @@ | ||
| name: Update Contour Helm chart | ||
|
|
||
| on: | ||
| schedule: | ||
| - cron: '0 4 * * *' # Runs daily at 04:00 UTC | ||
| workflow_dispatch: | ||
|
|
||
| permissions: | ||
| contents: write # Required for git push. | ||
| pull-requests: write # Required for gh pr create. | ||
|
|
||
| env: | ||
| GOPROXY: https://proxy.golang.org/ | ||
| GO_VERSION: 1.25.2 | ||
|
|
||
| jobs: | ||
| bump-contour-version: | ||
| runs-on: ubuntu-latest | ||
| steps: | ||
| - uses: actions/setup-go@44694675825211faa026b3c33043df3e48a5fa00 # v6.0.0 | ||
| with: | ||
| go-version: ${{ env.GO_VERSION }} | ||
| cache: false | ||
|
|
||
| - uses: actions/checkout@08c6903cd8c0fde910a37f88322edcfb5dd907a8 # v5.0.0 | ||
|
|
||
| - name: update contour helm chart and create pull request | ||
| env: | ||
| GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} # Required for gh pr create. | ||
| run: | | ||
| git config user.name "github-actions[bot]" | ||
| git config user.email "github-actions[bot]@users.noreply.github.com" | ||
| ./hack/actions/update-and-create-pr.sh --real-run | ||
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -0,0 +1,34 @@ | ||
| module github.com/projectcontour/helm-charts | ||
|
|
||
| go 1.24.0 | ||
|
|
||
| require ( | ||
| github.com/mholt/archives v0.1.5 | ||
| github.com/sirupsen/logrus v1.9.3 | ||
| gopkg.in/yaml.v3 v3.0.1 | ||
| ) | ||
|
|
||
| require ( | ||
| github.com/STARRY-S/zip v0.2.3 // indirect | ||
| github.com/andybalholm/brotli v1.2.0 // indirect | ||
| github.com/bodgit/plumbing v1.3.0 // indirect | ||
| github.com/bodgit/sevenzip v1.6.1 // indirect | ||
| github.com/bodgit/windows v1.0.1 // indirect | ||
| github.com/dsnet/compress v0.0.2-0.20230904184137-39efe44ab707 // indirect | ||
| github.com/hashicorp/golang-lru/v2 v2.0.7 // indirect | ||
| github.com/klauspost/compress v1.18.0 // indirect | ||
| github.com/klauspost/pgzip v1.2.6 // indirect | ||
| github.com/kr/pretty v0.3.1 // indirect | ||
| github.com/mikelolasagasti/xz v1.0.1 // indirect | ||
| github.com/minio/minlz v1.0.1 // indirect | ||
| github.com/nwaples/rardecode/v2 v2.2.0 // indirect | ||
| github.com/pierrec/lz4/v4 v4.1.22 // indirect | ||
| github.com/rogpeppe/go-internal v1.13.1 // indirect | ||
| github.com/sorairolake/lzip-go v0.3.8 // indirect | ||
| github.com/spf13/afero v1.15.0 // indirect | ||
| github.com/stretchr/testify v1.11.1 // indirect | ||
| github.com/ulikunitz/xz v0.5.15 // indirect | ||
| go4.org v0.0.0-20230225012048-214862532bf5 // indirect | ||
| golang.org/x/sys v0.35.0 // indirect | ||
| golang.org/x/text v0.29.0 // indirect | ||
| ) |
Oops, something went wrong.
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
The optimal trigger would be from https://github.com/projectcontour/contour/ when a release is created
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
I believe action cannot be triggered by event in main repo, and the default GitHub token granted for actions don’t allow cross-repository permissions i.e. release action in main repo cannot do something in helm chart repo through github REST API by using the github token that it receives.
One option mentioned in the docs is for maintainer to create a PAT with the needed scopes and storing it as a repository secret, but I’d prefer not to tie personal tokens to automation.
Another option is using a GitHub App registered at the organization level, which could be granted broader permissions. Normally Github Apps would run as a web service outside GitHub which sounds too much of a burden to maintain, but the create-github-app-token action might bridge the gap by generating app tokens directly within a workflow, although I’m not fully sure if I understood it correctly.
Cron based trigger and polling is trivial approach and works around the permission problem :)