From 5fd5c0d178510b7d29ccf640dc3530d568a13e0a Mon Sep 17 00:00:00 2001
From: Tiago Castro <tiagolobocastro@gmail.com>
Date: Fri, 6 Dec 2024 10:46:14 +0000
Subject: [PATCH] ci: various release chart update fixes

Don't update the chart on a pre-release
Set missing base branch for pull-request
Add stricter release validation
Add more tests

Signed-off-by: Tiago Castro <tiagolobocastro@gmail.com>
---
 .github/workflows/release-chart.yml     |  7 +++-
 scripts/helm/publish-chart-yaml.sh      | 39 +++++++++++++++++++--
 scripts/helm/test-publish-chart-yaml.sh | 45 +++++++++++++++++++++++++
 3 files changed, 88 insertions(+), 3 deletions(-)

diff --git a/.github/workflows/release-chart.yml b/.github/workflows/release-chart.yml
index 7d6345c5f..fd811c47e 100644
--- a/.github/workflows/release-chart.yml
+++ b/.github/workflows/release-chart.yml
@@ -54,7 +54,9 @@ jobs:
       - name: Publish locally in the workspace
         run: |
           tag="${{ github.ref_name }}"
-          nix-shell --pure --run "./scripts/helm/publish-chart-yaml.sh --released "$tag"" ./scripts/helm/shell.nix
+          BASE_REF="${{ github.event.base_ref }}"
+          BRANCH="${BASE_REF#refs/heads/}"
+          nix-shell --pure --run "./scripts/helm/publish-chart-yaml.sh --released "$tag" --released-branch "$BRANCH"" ./scripts/helm/shell.nix
           nix-shell --pure --run "SKIP_GIT=1 ./scripts/helm/generate-readme.sh" ./scripts/helm/shell.nix
       - name: Create Pull Request
         id: cpr
@@ -69,6 +71,9 @@ jobs:
             automated-pr
           draft: false
           signoff: true
+          delete-branch: true
+          branch-suffix: "random"
+          base: ${{ github.event.base_ref }}
           token: ${{ secrets.ORG_CI_GITHUB }}
       - name: Approve Pull Request by CI Bot
         if: ${{ steps.cpr.outputs.pull-request-number }}
diff --git a/scripts/helm/publish-chart-yaml.sh b/scripts/helm/publish-chart-yaml.sh
index dcda2d2f9..1a9787865 100755
--- a/scripts/helm/publish-chart-yaml.sh
+++ b/scripts/helm/publish-chart-yaml.sh
@@ -256,6 +256,7 @@ Options:
   --check-chart           <branch>                 Check if the chart version/app version is correct for the branch.
   --develop-to-release                             Also upgrade the chart to the release version matching the branch.
   --released              <released-tag>           Bumps the future chart version after releasing the given tag.
+  --released-branch       <branch_name>            The name of the current releasing branch.
   --helm-testing          <branch>                 Upgrade the chart to the appropriate branch chart version.
   --app-tag               <tag>                    The appVersion tag.
   --override-index        <latest_version>         Override the latest chart version from the published chart's index.
@@ -302,6 +303,7 @@ DATE_TIME=
 IGNORE_INDEX_CHECK=
 LATEST_RELEASE_BRANCH=
 BUMP_MAJOR_FOR_MAIN=
+BRANCH=
 
 # Check if all needed tools are installed
 semver --version >/dev/null
@@ -329,7 +331,12 @@ while [ "$#" -gt 0 ]; do
       ;;
     --released)
       shift
-      UPDATE_REL=$1
+      UPDATE_REL=${1#v}
+      shift
+      ;;
+    --released-branch)
+      shift
+      BRANCH=$1
       shift
       ;;
     --helm-testing)
@@ -409,7 +416,35 @@ else
     if [ -n "$APP_TAG" ]; then
       die "Cannot specify --update-release and --app-tag together"
     fi
-    APP_TAG=$(semver bump "patch" "$UPDATE_REL")
+    if [ "$(semver get build "$UPDATE_REL")" != "" ]; then
+      die "Build not supported"
+    fi
+    if [ -n "$BRANCH" ]; then
+      if ! [[ "$BRANCH" =~ ^release/[0-9]+.[0-9]+$ ]]; then
+        die "Updates on $BRANCH not supported"
+      fi
+      BRANCH_VERSION="${BRANCH#release/}.0"
+      allowed_diff=( "" "patch" )
+      diff="$(semver diff "$BRANCH_VERSION" "$CHART_APP_VERSION")"
+      if ! [[ "${allowed_diff[*]}" =~ $diff ]]; then
+        die "Branch $BRANCH is incompatible due to semver diff of $diff with current $CHART_APP_VERSION"
+      fi
+    fi
+    diff="$(semver diff "$UPDATE_REL" "$CHART_APP_VERSION")"
+    if [ "$diff" = "prerelease" ]; then
+      # It's a pre-release, nothing to do here
+      APP_TAG="$CHART_APP_VERSION"
+    else
+      APP_TAG=$(semver bump "patch" "$UPDATE_REL")
+
+      if [ "$(semver compare "$CHART_APP_VERSION" "$UPDATE_REL" )" == "1" ]; then
+        die "Future version can't possibly be older than the current next"
+      fi
+
+      if [ "$(semver get prerel "$UPDATE_REL")" != "" ]; then
+        die "$UPDATE_REL with $diff and preprelease change not allowed"
+      fi
+    fi
   fi
   if [ -z "$APP_TAG" ]; then
     die "--app-tag not specified"
diff --git a/scripts/helm/test-publish-chart-yaml.sh b/scripts/helm/test-publish-chart-yaml.sh
index 7f87108cb..8ea07f276 100755
--- a/scripts/helm/test-publish-chart-yaml.sh
+++ b/scripts/helm/test-publish-chart-yaml.sh
@@ -27,10 +27,14 @@ DATE_TIME=
 DEVELOP_TO_REL=
 # Update the release version after release
 RELEASED=
+# The release branch being updated
+RELEASED_BRANCH=
 # Upgrade from develop to helm-testing
 HELM_TESTING=
 # Tag that has been pushed
 APP_TAG=
+# Expected output of APP_TAG
+OUT_APP_TAG=
 # Version from the Chart.yaml
 CHART_VERSION=
 # AppVersion from the Chart.yaml
@@ -82,14 +86,21 @@ EOF
   else
     if [ -n "$RELEASED" ]; then
       APP_TAG=$NEW_CHART_VERSION
+      if [ -n "$OUT_APP_TAG" ]; then
+        APP_TAG=$OUT_APP_TAG
+      fi
     fi
     cat <<EOF
 APP_TAG: $APP_TAG
 CHART_VERSION: $CHART_VERSION
 CHART_APP_VERSION: $CHART_APP_VERSION
+EOF
+    if [ -n "$NEW_CHART_VERSION" ]; then
+    cat <<EOF
 NEW_CHART_VERSION: $NEW_CHART_VERSION
 NEW_CHART_APP_VERSION: $NEW_CHART_APP_VERSION
 EOF
+    fi
   fi
 }
 
@@ -181,6 +192,8 @@ test_one()
   DATE_TIME=
   DEVELOP_TO_REL=
   RELEASED=
+  RELEASED_BRANCH=
+  OUT_APP_TAG=
   HELM_TESTING=
   APP_TAG=
   CHART_VERSION=
@@ -399,11 +412,42 @@ test_one "A more stable version is already published, but the app tag stable is
 
 RELEASED=2.0.0
 CHART_VERSION=2.0.0
+RELEASED_BRANCH=release/2.0
 CHART_APP_VERSION=2.0.0
 NEW_CHART_VERSION=2.0.1
 NEW_CHART_APP_VERSION=2.0.1
 test_one "After release 2.0.0, the next one is 2.0.1"
 
+RELEASED=2.0.0-rc.1
+CHART_VERSION=2.0.1
+RELEASED_BRANCH=release/2.0
+CHART_APP_VERSION=2.0.1
+EXPECT_FAIL=1
+test_one "Can't pre-release what's already released"
+
+RELEASED=2.0.0-rc.1
+CHART_VERSION=2.0.0
+RELEASED_BRANCH=release/2.0
+CHART_APP_VERSION=2.0.0
+OUT_APP_TAG=2.0.0
+test_one "Just a pre-release"
+
+RELEASED=2.2.0-rc.1
+CHART_VERSION=2.0.0
+RELEASED_BRANCH=release/2.0
+CHART_APP_VERSION=2.0.0
+EXPECT_FAIL=1
+test_one "A prerelease too far away"
+
+RELEASED=2.0.0
+CHART_VERSION=2.0.0
+RELEASED_BRANCH=release/2.1
+CHART_APP_VERSION=2.0.0
+NEW_CHART_VERSION=2.0.1
+NEW_CHART_APP_VERSION=2.0.1
+EXPECT_FAIL=1
+test_one "Branch does not match"
+
 RELEASED=2.0.0
 CHART_VERSION=2.0.0
 CHART_APP_VERSION=2.0.0
@@ -412,6 +456,7 @@ EXPECT_FAIL=1
 test_one "We've actually already release 2.0.1, so the next one is 2.0.2"
 
 RELEASED=2.0.1
+RELEASED_BRANCH=release/2.0
 CHART_VERSION=2.0.0
 CHART_APP_VERSION=2.0.0
 INDEX_CHART_VERSIONS=(2.0.1 2.0.0-a.0)