feat(ci): add automatic chart version bump workflow#411
feat(ci): add automatic chart version bump workflow#411pierluigilenoci wants to merge 4 commits into
Conversation
Introduce a GarnerCorp/build-actions-based bump-version workflow that eliminates manual version bump conflicts between concurrent PRs. How it works: - Contributors add a file to changelogs/minor/ (feature) or changelogs/major/ (breaking change) alongside their chart changes. - On merge to main, the bump-version workflow reads those files, determines the bump type (major > minor > patch), updates version: in Chart.yaml, commits, and pushes. - The changelog files are consumed (git rm'd) by the workflow. - Patch bumps happen automatically when no file is present. The lint-test workflow is extended with a check that fails fast when chart files are modified without a changelog entry. Inspired by the pattern described in oauth2-proxy#410 by @jsoref. Signed-off-by: Pierluigi Lenoci <pierluigi.lenoci@gmail.com>
| version-type: raw | ||
| version-file-path: helm/oauth2-proxy/Chart.yaml |
There was a problem hiding this comment.
You'd probably want to do a bit more magic so that you can update this section:
manifests/helm/oauth2-proxy/Chart.yaml
Line 32 in 529c2f6
We weren't actively maintaining helm charts, so it wasn't something I was worried about, but I'm starting to do more work with helm charts, so I might add that support myself...
There was a problem hiding this comment.
Good point! I added scripts/chart-version-parser.sh as a custom version-parser for the action. It handles both version: and the artifacthub.io/changes block — it reads the commit-log produced by next-version, extracts the kind (added/changed) and description from each changelog file, and rewrites the annotation in place.
Would love your thoughts on whether the approach is sound — especially the changelog parsing logic. Happy to iterate!
There was a problem hiding this comment.
It's pretty much what I envisioned when I designed this. Beyond this, I'd need some sample inputs and outputs to test it, but it feels about right.
There was a problem hiding this comment.
Great to hear — thanks for the validation! I'll add a few example inputs/outputs to the script's header comments to make it easier to test and reason about. Will update the PR shortly.
There was a problem hiding this comment.
Just pushed a fix and added the inline examples you mentioned. The script now has 5 documented test cases in the header (parse, update without log, two minor entries with PR refs, breaking change detection, no PR ref), and the changelog splice was rewritten in a single Python pass to avoid awk issues with multi-line strings containing slashes (URLs).
Tested locally — all 5 cases produce the expected output. Happy to add a proper bats test file if you think that's worth it.
Addresses review feedback from @jsoref: - Pin actions/checkout to SHA (df4cb1c, v6) - Pin GarnerCorp/build-actions/bump-version to SHA (ed29b86) - Introduce scripts/chart-version-parser.sh as a version-parser that updates both version: and the artifacthub.io/changes block in Chart.yaml from the commit-log produced by next-version, so the changelog is always in sync with the version bump commit. Signed-off-by: Pierluigi Lenoci <pierluigi.lenoci@gmail.com>
- Replace awk+python multi-step approach with a single python pass to avoid issues passing multi-line strings with slashes via awk -v - Add comprehensive inline examples to the script header: * Input commit-log format * Example Chart.yaml before/after for parse and update - Verified locally with 5 test cases: parse, update-no-log, two-minor-entries, breaking-change, no-pr-ref Signed-off-by: Pierluigi Lenoci <pierluigi.lenoci@gmail.com>
|
|
||
| # Splice the new changes block into Chart.yaml using python for reliable multi-line handling | ||
| changes_block="$(printf '%b' "$changes_yaml")" | ||
| python3 - "$CHART_FILE" "$changes_block" << 'PYEOF' |
There was a problem hiding this comment.
I'd pull this out of line as a script w/ .py instead of using python3 - ..., since your .sh script is bash, you'll have access to the current bash script's path (it may require some bash magic).
Or, you might replace the whole .sh with .py. -- Personally, by the time I've started writing Python, I prefer to switch entirely.
There was a problem hiding this comment.
Good call — I went ahead and rewrote the whole thing as scripts/chart-version-parser.py. The bash was just glue at that point anyway. All 5 test cases still pass, and the inline heredoc is gone entirely.
Replace the bash+inline-heredoc approach with a clean Python script as suggested by @jsoref. All logic is now in chart-version-parser.py: - parse: extract version from Chart.yaml - update: bump version + splice artifacthub.io/changes block All 5 test cases verified locally (parse, update-no-log, two-minor-entries, breaking-change, no-pr-ref). Signed-off-by: Pierluigi Lenoci <pierluigi.lenoci@gmail.com>
2 participants
Summary
This PR introduces an automatic chart version bump workflow inspired by the pattern described by @jsoref in #410.
The problem today: Every PR that touches the Helm chart must manually bump
version:inChart.yaml. Concurrent PRs always conflict on this line, requiring constant rebases and coordination.How this works:
changelogs/minor/(new feature) orchangelogs/major/(breaking change) alongside their chart changes — no need to pick a version number.main, thebump-versionworkflow (usingGarnerCorp/build-actions) reads those files, determines the bump type (major > minor > patch), updatesversion:inChart.yaml, commits, and pushes.Changes
.github/workflows/bump-version.yaml— new workflow that runs on push tomain.github/workflows/lint-test.yaml— adds a check in CI that fails fast when chart files are modified without a changelog entrychangelogs/README.md— documents the convention for contributorschangelogs/minor/.gitkeep,changelogs/major/.gitkeep— seed the directoriesNotes
PUSH_KEYsecret (deploy key with write access) so the bot commit can trigger downstream workflows.!contains(github.actor, 'oauth2-proxy-bot')guard prevents the workflow from eating its own tail.cc @jsoref @tuunit