From 2c0ff1b471d379cfdf96886fe1861a4460efab53 Mon Sep 17 00:00:00 2001
From: adrianc <adrianc@nvidia.com>
Date: Tue, 4 Jun 2024 16:30:58 +0300
Subject: [PATCH] Helm Chart release automation

- add workflow to update helm chart and push to ghcr.io oc registry
- add chart update script to edit chart values for a specific release
- add chart push script to package and push helm chart
- add makefile targets to install pre-req and invoke scripts above

Signed-off-by: adrianc <adrianc@nvidia.com>
---
 .github/workflows/chart-push-release.yml | 34 ++++++++++++
 Makefile                                 | 17 ++++++
 hack/release/chart-push.sh               | 42 +++++++++++++++
 hack/release/chart-update.sh             | 68 ++++++++++++++++++++++++
 4 files changed, 161 insertions(+)
 create mode 100644 .github/workflows/chart-push-release.yml
 create mode 100755 hack/release/chart-push.sh
 create mode 100755 hack/release/chart-update.sh

diff --git a/.github/workflows/chart-push-release.yml b/.github/workflows/chart-push-release.yml
new file mode 100644
index 0000000000..912ed8fb08
--- /dev/null
+++ b/.github/workflows/chart-push-release.yml
@@ -0,0 +1,34 @@
+name: "Push helm chart on release"
+
+env:
+  IMAGE_NAME: ghcr.io/${{ github.repository }}
+
+on:
+  push:
+    tags:
+      - v*
+jobs:
+  package-and-push-helm-chart:
+    runs-on: ubuntu-22.04
+    steps:
+      - name: install helm
+        uses: azure/setup-helm@v4.2.0
+        with:
+          version: latest
+
+      - name: Check out the repo
+        uses: actions/checkout@v4
+      
+      - name: update chart
+        env:
+          GITHUB_TAG: ${{ github.ref_name }}
+          GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
+          GITHUB_REPO_OWNER: ${{ github.repository_owner }}
+        run: make chart-prepare-release
+    
+      - name: push chart
+        env:
+          GITHUB_TAG: ${{ github.ref_name }}
+          GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
+          GITHUB_REPO_OWNER: ${{ github.repository_owner }}
+        run: make chart-push-release
diff --git a/Makefile b/Makefile
index e6fa128ae2..c79cf0ce09 100644
--- a/Makefile
+++ b/Makefile
@@ -253,3 +253,20 @@ $(GOLANGCI_LINT): ; $(info installing golangci-lint...)
 .PHONY: lint
 lint: | $(GOLANGCI_LINT) ; $(info  running golangci-lint...) @ ## Run golangci-lint
 	$(GOLANGCI_LINT) run --timeout=10m
+
+$(BIN_DIR):
+	@mkdir -p $(BIN_DIR)
+
+YQ=$(BIN_DIR)/yq
+YQ_VERSION=v4.44.1
+$(YQ): | $(BIN_DIR); $(info installing yq)
+	@curl -fsSL -o $(YQ) https://github.com/mikefarah/yq/releases/download/$(YQ_VERSION)/yq_linux_amd64 && chmod +x $(YQ)
+
+.PHONY: chart-prepare-release
+chart-prepare-release: | $(YQ) ; ## prepare chart for release
+	@GITHUB_TAG=$(GITHUB_TAG) GITHUB_TOKEN=$(GITHUB_TOKEN) GITHUB_REPO_OWNER=$(GITHUB_REPO_OWNER) hack/release/chart-update.sh
+
+.PHONY: chart-push-release
+chart-push-release: ## push release chart
+	@GITHUB_TAG=$(GITHUB_TAG) GITHUB_TOKEN=$(GITHUB_TOKEN) GITHUB_REPO_OWNER=$(GITHUB_REPO_OWNER) hack/release/chart-push.sh
+
diff --git a/hack/release/chart-push.sh b/hack/release/chart-push.sh
new file mode 100755
index 0000000000..09666cc8f4
--- /dev/null
+++ b/hack/release/chart-push.sh
@@ -0,0 +1,42 @@
+#!/bin/bash
+set -ex
+
+# github repo owner: e.g k8snetworkplumbingwg
+GITHUB_REPO_OWNER=${GITHUB_REPO_OWNER:-}
+# github api token with package:write permissions
+GITHUB_TOKEN=${GITHUB_TOKEN:-}
+# github tag e.g v1.2.3
+GITHUB_TAG=${GITHUB_TAG:-}
+
+BASE=${PWD}
+HELM_CHART=${BASE}/deployment/sriov-network-operator
+HELM_CHART_VERSION=${GITHUB_TAG#"v"}
+HELM_CHART_TARBALL="sriov-network-operator-${HELM_CHART_VERSION}.tgz"
+
+# make sure helm is installed
+set +e
+which helm
+if [ $? -ne 0 ]; then
+    echo "ERROR: helm must be installed"
+    exit 1
+fi
+set -e
+
+if [ -z "$GITHUB_REPO_OWNER" ]; then
+    echo "ERROR: GITHUB_REPO_OWNER must be provided as env var"
+    exit 1
+fi
+
+if [ -z "$GITHUB_TOKEN" ]; then
+    echo "ERROR: GITHUB_TOKEN must be provided as env var"
+    exit 1
+fi
+
+if [ -z "$GITHUB_TAG" ]; then
+    echo "ERROR: GITHUB_TAG must be provided as env var"
+    exit 1
+fi
+
+helm package ${HELM_CHART}
+helm registry login ghcr.io -u ${GITHUB_REPO_OWNER} -p ${GITHUB_TOKEN}
+helm push ${HELM_CHART_TARBALL} oci://ghcr.io/${GITHUB_REPO_OWNER}
diff --git a/hack/release/chart-update.sh b/hack/release/chart-update.sh
new file mode 100755
index 0000000000..fb8247b825
--- /dev/null
+++ b/hack/release/chart-update.sh
@@ -0,0 +1,68 @@
+#!/bin/bash
+set -ex
+
+# github tag e.g v1.2.3
+GITHUB_TAG=${GITHUB_TAG:-}
+# github api token (needed only for read access)
+GITHUB_TOKEN=${GITHUB_TOKEN:-}
+# github repo owner e.g k8snetworkplumbingwg
+GITHUB_REPO_OWNER=${GITHUB_REPO_OWNER:-}
+
+BASE=${PWD}
+YQ_CMD="${BASE}/bin/yq"
+HELM_VALUES=${BASE}/deployment/sriov-network-operator/values.yaml
+HELM_CHART=${BASE}/deployment/sriov-network-operator/Chart.yaml
+
+
+if [ -z "$GITHUB_TAG" ]; then
+    echo "ERROR: GITHUB_TAG must be provided as env var"
+    exit 1
+fi
+
+if [ -z "$GITHUB_TOKEN" ]; then
+    echo "ERROR: GITHUB_TOKEN must be provided as env var"
+    exit 1
+fi
+
+if [ -z "$GITHUB_REPO_OWNER" ]; then
+    echo "ERROR: GITHUB_REPO_OWNER must be provided as env var"
+    exit 1
+fi
+
+get_latest_github_tag() {
+    local owner="$1"
+    local repo="$2"
+    local latest_tag
+
+    # Fetch the latest tags using GitHub API and extract the latest tag name
+    latest_tag=$(curl -s "https://api.github.com/repos/$owner/$repo/tags" --header "Authorization: Bearer ${GITHUB_TOKEN}" | jq -r '.[0].name')
+
+    echo "$latest_tag"
+}
+
+# tag provided via env var
+OPERATOR_TAG=${GITHUB_TAG}
+IB_SRIOV_CNI_TAG=$(get_latest_github_tag k8snetworkplumbingwg ib-sriov-cni)
+SRIOV_CNI_TAG=$(get_latest_github_tag k8snetworkplumbingwg sriov-cni)
+OVS_CNI_TAG=$(get_latest_github_tag k8snetworkplumbingwg ovs-cni)
+NETWORK_RESOURCE_INJECTOR_TAG=$(get_latest_github_tag k8snetworkplumbingwg network-resources-injector)
+SRIOV_DEVICE_PLUGIN_TAG=$(get_latest_github_tag k8snetworkplumbingwg sriov-network-device-plugin)
+
+# patch values.yaml in-place
+
+# sriov-network-operator images:
+OPERATOR_REPO=${GITHUB_REPO_OWNER} # this is used to allow to release sriov-network-operator from forks
+$YQ_CMD -i ".images.operator = \"ghcr.io/${OPERATOR_REPO}/sriov-network-operator:${OPERATOR_TAG}\"" ${HELM_VALUES}
+$YQ_CMD -i ".images.sriovConfigDaemon = \"ghcr.io/${OPERATOR_REPO}/sriov-network-operator-config-daemon:${OPERATOR_TAG}\"" ${HELM_VALUES}
+$YQ_CMD -i ".images.webhook = \"ghcr.io/${OPERATOR_REPO}/sriov-network-operator-webhook:${OPERATOR_TAG}\"" ${HELM_VALUES}
+
+# other images that sriov-network-operator uses:
+$YQ_CMD -i ".images.sriovCni = \"ghcr.io/k8snetworkplumbingwg/sriov-cni:${SRIOV_CNI_TAG}\"" ${HELM_VALUES}
+$YQ_CMD -i ".images.ibSriovCni = \"ghcr.io/k8snetworkplumbingwg/ib-sriov-cni:${IB_SRIOV_CNI_TAG}\"" ${HELM_VALUES}
+$YQ_CMD -i ".images.ovsCni = \"ghcr.io/k8snetworkplumbingwg/ovs-cni:${OVS_CNI_TAG}\"" ${HELM_VALUES}
+$YQ_CMD -i ".images.sriovDevicePlugin = \"ghcr.io/k8snetworkplumbingwg/sriov-network-device-plugin:${SRIOV_DEVICE_PLUGIN_TAG}\"" ${HELM_VALUES}
+$YQ_CMD -i ".images.resourcesInjector = \"ghcr.io/k8snetworkplumbingwg/network-resources-injector:${NETWORK_RESOURCE_INJECTOR_TAG}\"" ${HELM_VALUES}
+
+# patch Chart.yaml in-place
+$YQ_CMD -i ".version = \"${OPERATOR_TAG#"v"}\"" ${HELM_CHART}
+$YQ_CMD -i ".appVersion = \"${OPERATOR_TAG}\"" ${HELM_CHART}