Skip to content

Commit 8e9f4e5

Browse files
migruiz4bitnami-bot
migruiz4
authored and
bitnami-bot
committedMar 17, 2025·
[index] Update archive-full-index workflow dependencies (#32125)
Signed-off-by: Miguel Ruiz <miguel.ruiz@broadcom.com> Signed-off-by: Bitnami Containers <bitnami-bot@vmware.com> Signed-off-by: Bitnami Bot <bitnami.bot@broadcom.com>
0 parents  commit 8e9f4e5

File tree

5 files changed

+622694
-0
lines changed

5 files changed

+622694
-0
lines changed
 

‎.github/workflows/archive-full-index.yml

+128
Original file line numberDiff line numberDiff line change
@@ -0,0 +1,128 @@
1+
name: '[Index] Generate the full bitnami/charts index.yaml'
2+
on:
3+
push:
4+
branches:
5+
- index
6+
jobs:
7+
get:
8+
runs-on: ubuntu-latest
9+
name: Get
10+
steps:
11+
- id: checkout-repo-index
12+
name: Checkout repo
13+
uses: actions/checkout@v4
14+
with:
15+
ref: index
16+
path: index
17+
- id: checkout-repo-full-index
18+
name: Checkout repo
19+
uses: actions/checkout@v4
20+
with:
21+
ref: archive-full-index
22+
path: full-index
23+
- id: get-last-indexes
24+
name: Get indexes
25+
run: |
26+
cp index/bitnami/index.yaml ./last_index.yaml
27+
cp full-index/bitnami/index.yaml ./previous_index.yaml
28+
- id: upload-artifact
29+
name: Upload artifacts
30+
uses: actions/upload-artifact@v4
31+
with:
32+
name: indexes
33+
path: ./*index.yaml
34+
retention-days: 2
35+
if-no-files-found: error
36+
merge:
37+
runs-on: ubuntu-latest
38+
needs: get
39+
name: Merge
40+
steps:
41+
- id: download-artifact
42+
name: Download artifacts
43+
uses: actions/download-artifact@v4
44+
with:
45+
name: indexes
46+
- id: merge
47+
name: Merge
48+
run: yq eval-all '. as $item ireduce ({}; . *+ $item )' previous_index.yaml last_index.yaml > duplicates_index.yaml
49+
- id: remove
50+
name: Remove duplicates
51+
# Removes duplicates per entry using 'digest' as value.
52+
run: yq eval '.entries[] |= unique_by(.digest)' duplicates_index.yaml > index.yaml
53+
- id: upload-artifact
54+
name: Upload artifacts
55+
uses: actions/upload-artifact@v4
56+
with:
57+
name: archive-full-index
58+
path: index.yaml
59+
retention-days: 2
60+
if-no-files-found: error
61+
checks:
62+
runs-on: ubuntu-latest
63+
needs: merge
64+
name: Checks
65+
steps:
66+
- id: download-artifacts
67+
name: Download artifacts
68+
uses: actions/download-artifact@v4
69+
- id: index-lint
70+
name: Lint archive full index
71+
# Lint the resulting archive full index using ignoring identation and lin-length rules.
72+
run: |
73+
cat << EOF > config
74+
extends: relaxed
75+
76+
rules:
77+
indentation:
78+
level: error
79+
line-length: disable
80+
EOF
81+
yamllint -c config archive-full-index/index.yaml
82+
- id: check-no-dups
83+
name: Checks there are not any duplicates
84+
# Try to find duplicate digest attributes which would mean there are duplicates.
85+
run: |
86+
yq eval '.entries[][].digest' archive-full-index/index.yaml | sort | uniq -d | ( ! grep sha256 )
87+
- id: check-missing-releases
88+
name: Checks there are not missing releases
89+
# Available URLs should be fine if everything went well during the merge & deduplication.
90+
run: |
91+
yq eval '.entries[][].urls[]' indexes/last_index.yaml |sort| uniq > last_index_urls
92+
yq eval '.entries[][].urls[]' archive-full-index/index.yaml | sort| uniq > index_urls
93+
missing_urls="$(comm -13 index_urls last_index_urls)"
94+
if [ -n "${missing_urls}" ]; then
95+
echo "Found missing URLs:\n${missing_urls}"
96+
exit 1
97+
fi
98+
echo "No missing releases detected"
99+
update:
100+
runs-on: ubuntu-latest
101+
needs: checks
102+
name: Update
103+
steps:
104+
- id: checkout-repo
105+
name: Checkout repo
106+
uses: actions/checkout@v4
107+
with:
108+
ref: archive-full-index
109+
token: ${{ secrets.BITNAMI_BOT_TOKEN }}
110+
- id: download-artifact-archive-full-index
111+
name: Download artifacts
112+
uses: actions/download-artifact@v4
113+
with:
114+
name: archive-full-index
115+
- id: update-index
116+
name: git-add-push
117+
run: |
118+
git config user.name "Bitnami Containers"
119+
git config user.email "bitnami-bot@vmware.com"
120+
git fetch origin archive-full-index
121+
git reset --hard $(git commit-tree origin/archive-full-index^{tree} -m "Update index.yaml")
122+
# Compare size of files
123+
if [[ $(stat -c%s bitnami/index.yaml) -gt $(stat -c%s index.yaml) ]]; then
124+
echo "New index.yaml file is shorter than the current one"
125+
exit 1
126+
fi
127+
cp index.yaml bitnami/index.yaml
128+
git add bitnami/index.yaml && git commit --signoff --amend --no-edit && git push origin archive-full-index --force-with-lease

‎.github/workflows/sync-chart-cloudflare-index.yml

+94
Original file line numberDiff line numberDiff line change
@@ -0,0 +1,94 @@
1+
name: '[Index] Sync bitnami/charts index.yaml to Cloudflare'
2+
3+
on:
4+
push:
5+
branches:
6+
- index
7+
workflow_call:
8+
secrets:
9+
CLOUDFLARE_CLIENT_ID:
10+
required: true
11+
CLOUDFLARE_CLIENT_SECRET:
12+
required: true
13+
CLOUDFLARE_USER_AUTH:
14+
required: true
15+
16+
# Remove all permissions by default
17+
permissions: {}
18+
19+
jobs:
20+
deploy:
21+
name: Sync bitnami/charts index.yaml to Cloudflare
22+
runs-on: ubuntu-latest
23+
permissions:
24+
contents: read
25+
outputs:
26+
result: ${{ steps.upload.outputs.result }}
27+
steps:
28+
- uses: actions/checkout@master
29+
with:
30+
ref: 'index'
31+
- name: Upload to Cloudflare using a BCOM upload proxy
32+
id: upload
33+
env:
34+
CLOUDFLARE_CLIENT_ID: ${{ secrets.CLOUDFLARE_CLIENT_ID }}
35+
CLOUDFLARE_CLIENT_SECRET: ${{ secrets.CLOUDFLARE_CLIENT_SECRET }}
36+
CLOUDFLARE_USER_AUTH: ${{ secrets.CLOUDFLARE_USER_AUTH }}
37+
run: |
38+
status="fail"
39+
retries=0
40+
while [[ "${status}" != "ok" && "$retries" -lt 3 ]]; do
41+
export TOKEN=$(curl -s --location 'https://api-esp.broadcom.com/auth/oauth/v2/token' \
42+
--data-urlencode "client_id=${CLOUDFLARE_CLIENT_ID}" \
43+
--data-urlencode "client_secret=${CLOUDFLARE_CLIENT_SECRET}" \
44+
--data-urlencode 'grant_type=client_credentials' | jq .access_token -r )
45+
46+
curl_args=(
47+
"--location" "--request" "PUT"
48+
"--fail" "--max-time" "10"
49+
"--header" "userAuth: Basic ${CLOUDFLARE_USER_AUTH}"
50+
"--header" "filePath: /index.yaml"
51+
"--header" "Content-Type: text/yaml"
52+
"--header" "Authorization: Bearer $TOKEN"
53+
"--upload-file" "bitnami/index.yaml"
54+
)
55+
echo "Uploading index.yaml to Cloudflare"
56+
# To avoid the action from failing, we run the request inside a conditional so we can retry
57+
if curl "${curl_args[@]}" 'https://api-esp.broadcom.com/crushftp/fileUpload'; then
58+
echo "Index upload request succeeded, waiting 20 seconds before integrity check..."
59+
# Wait for 20 seconds to ensure the new index.yaml is available
60+
sleep 20
61+
# Compare the index.yaml checksums remote and locally
62+
REMOTE_MD5=($(curl -Ls https://charts.bitnami.com/bitnami/index.yaml | md5sum))
63+
REPOSITORY_MD5=($(md5sum bitnami/index.yaml))
64+
if [[ "${REPOSITORY_MD5[0]}" == "${REMOTE_MD5[0]}" ]]; then
65+
status='ok'
66+
else
67+
echo "Integrity check failed. Uploading index.yaml again.";
68+
fi
69+
else
70+
echo "Index upload request failed or timed out. Retrying again in 20 seconds...";
71+
sleep 20
72+
fi
73+
retries=$((retries+1))
74+
done
75+
echo "result=${status}" >> $GITHUB_OUTPUT
76+
- name: Show messages
77+
uses: actions/github-script@60a0d83039c74a4aee543508d2ffcb1c3799cdea
78+
with:
79+
script: |
80+
if ("${{ steps.upload.outputs.result }}" != "ok" ) {
81+
core.setFailed("Index upload failed");
82+
} else {
83+
core.info("Index upload succeeded")
84+
}
85+
notify:
86+
name: Send notification
87+
needs: [deploy]
88+
if: ${{ always() && needs.deploy.outputs.result != 'ok' }}
89+
uses: bitnami/support/.github/workflows/gchat-notification.yml@main
90+
with:
91+
workflow: ${{ github.workflow }}
92+
job-url: ${{ github.server_url }}/${{ github.repository }}/actions/runs/${{ github.run_id }}
93+
secrets:
94+
webhook-url: ${{ secrets.GCHAT_WEBHOOK_URL }}

‎.github/workflows/sync-chart-s3-index.yml

+24
Original file line numberDiff line numberDiff line change
@@ -0,0 +1,24 @@
1+
name: '[Index] Sync bitnami/charts index.yaml to S3'
2+
3+
on:
4+
push:
5+
branches:
6+
- index
7+
8+
jobs:
9+
deploy:
10+
name: Sync bitnami/charts index.yaml to S3
11+
runs-on: ubuntu-latest
12+
steps:
13+
- uses: actions/checkout@master
14+
- name: Upload to S3
15+
env:
16+
AWS_ACCESS_KEY_ID: ${{ secrets.AWS_PUBLISH_ACCESS_KEY_ID }}
17+
AWS_SECRET_ACCESS_KEY: ${{ secrets.AWS_PUBLISH_SECRET_ACCESS_KEY }}
18+
AWS_ASSUME_ROLE_ARN: ${{ secrets.AWS_PUBLISH_ROLE_ARN }}
19+
AWS_DEFAULT_REGION: ${{ secrets.AWS_REGION }}
20+
run: |
21+
# Configure AWS account
22+
export $(printf "AWS_ACCESS_KEY_ID=%s AWS_SECRET_ACCESS_KEY=%s AWS_SESSION_TOKEN=%s" $(aws sts assume-role --role-arn ${AWS_ASSUME_ROLE_ARN} --role-session-name GitHubIndex --query "Credentials.[AccessKeyId,SecretAccessKey,SessionToken]" --output text))
23+
aws s3 cp --follow-symlinks bitnami/index.yaml s3://${{ secrets.AWS_S3_BUCKET }}/bitnami/
24+
aws s3 cp --follow-symlinks bitnami/index.html s3://${{ secrets.AWS_S3_BUCKET }}/

‎bitnami/index.html

+24
Original file line numberDiff line numberDiff line change
@@ -0,0 +1,24 @@
1+
<!DOCTYPE html>
2+
<html>
3+
<head>
4+
<meta http-equiv="Content-type" content="text/html;charset=UTF-8">
5+
<title>Bitnami Helm Charts</title>
6+
</head>
7+
<body>
8+
9+
<h1 id="bitnami-library-kubernetes">The Bitnami Library for Kubernetes</h1>
10+
11+
Popular applications, provided by <a href="https://bitnami.com">Bitnami</a>, ready to launch on Kubernetes using <a href="https://github.com/helm/helm">Kubernetes Helm</a>.
12+
13+
<h2 id="tldr">TL;DR</h2>
14+
15+
<code>
16+
$ helm repo add bitnami https://charts.bitnami.com/bitnami<br />
17+
$ helm search repo bitnami<br />
18+
$ helm install my-release bitnami/&lt;chart&gt;
19+
</code>
20+
21+
<p>For more information, please refer to the <a href="https://github.com/bitnami/charts">Bitnami charts project on GitHub</a>.</p>
22+
23+
</body>
24+
</html>

0 commit comments

Comments
 (0)