[castai-agent] release CNAB package on tag creation (#267)

* [castai-agent] release CNAB package on tag creation
castai · Jun 16, 2023 · 6faa1d8 · 6faa1d8
1 parent e6e76ad
commit 6faa1d8
Show file tree

Hide file tree

Showing 5 changed files with 98 additions and 29 deletions.
diff --git a/.github/workflows/release-cnab.yaml b/.github/workflows/release-cnab.yaml
@@ -0,0 +1,34 @@
+name: Release CNAB
+
+on:
+  push:
+    tags:
+      - "castai-*"
+
+jobs:
+  release:
+    runs-on: ubuntu-latest
+    steps:
+      - name: Checkout
+        uses: actions/checkout@v2
+        with:
+          fetch-depth: 0
+
+      # We need to manually add repos for deps due to bug in https://github.com/helm/chart-releaser/issues/135
+      - name: Add dependencies
+        run: |
+          helm repo add vector https://helm.vector.dev
+
+      - name: Install Helm
+        uses: azure/setup-helm@v1
+        with:
+          version: v3.5.2
+
+      - name: Release CNAB package
+        run: scripts/release-cnab-package.sh
+        env:
+          TAG_NAME: ${{ github.ref_name }}
+          AZURE_K8S_APP_MARKETPLACE_SP_ID: ${{ secrets.AZURE_K8S_APP_MARKETPLACE_SP_ID }}
+          AZURE_K8S_APP_MARKETPLACE_SP_SECRET: ${{ secrets.AZURE_K8S_APP_MARKETPLACE_SP_SECRET }}
+          AZURE_K8S_APP_MARKETPLACE_TENANT_ID: ${{ secrets.AZURE_K8S_APP_MARKETPLACE_TENANT_ID }}
+          AZURE_K8S_APP_MARKETPLACE_REGISTRY_NAME: ${{ secrets.AZURE_K8S_APP_MARKETPLACE_REGISTRY_NAME }}
diff --git a/.github/workflows/release.yaml b/.github/workflows/release.yaml
@@ -38,14 +38,4 @@ jobs:
           charts_dir: charts
           config: cr.yaml
         env:
-          CR_TOKEN: "${{ secrets.GITHUB_TOKEN }}"
-
-      - name: Release CNAB package
-        run: scripts/handle-cnab-package.sh
-        env:
-          PR_TITLE: ${{ github.event.pull_request.title }}
-          CNAB_ACTION: "RELEASE"
-          AZURE_K8S_APP_MARKETPLACE_SP_ID: ${{ secrets.AZURE_K8S_APP_MARKETPLACE_SP_ID }}
-          AZURE_K8S_APP_MARKETPLACE_SP_SECRET: ${{ secrets.AZURE_K8S_APP_MARKETPLACE_SP_SECRET }}
-          AZURE_K8S_APP_MARKETPLACE_TENANT_ID: ${{ secrets.AZURE_K8S_APP_MARKETPLACE_TENANT_ID }}
-          AZURE_K8S_APP_MARKETPLACE_REGISTRY_NAME: ${{ secrets.AZURE_K8S_APP_MARKETPLACE_REGISTRY_NAME }}
+          CR_TOKEN: "${{ secrets.GITHUB_TOKEN }}"
diff --git a/.github/workflows/validate-pr.yaml b/.github/workflows/validate-pr.yaml
@@ -26,7 +26,6 @@ jobs:
           PR_TITLE: ${{ github.event.pull_request.title }}
 
       - name: Verify CNAB package
-        run: scripts/handle-cnab-package.sh
+        run: scripts/verify-cnab-package.sh
         env:
           PR_TITLE: ${{ github.event.pull_request.title }}
-          CNAB_ACTION: "VERIFY"
diff --git a/scripts/release-cnab-package.sh b/scripts/release-cnab-package.sh
@@ -0,0 +1,59 @@
+#!/usr/bin/env bash
+
+set -o errexit
+set -o nounset
+set -o pipefail
+
+PACKAGING_IMAGE="mcr.microsoft.com/container-package-app:latest"
+
+main() {
+    # Strip version from the tag to have a chart name.
+    chartName="${TAG_NAME%-*}"
+
+    if [[ ! -d "./cnab-config/$chartName" ]]; then
+        echo "CNAB bundle is not setup for $chartName, skipping.."
+        exit 0
+    fi
+
+    # Update CNAB manifest.yaml to match Helm Chart version.
+    local chartVersion
+    chartVersion=$(yq '.version' < "./charts/$chartName/Chart.yaml")
+    echo "Parsed Helm Chart version: $chartVersion"
+    version="$chartVersion" yq -i '.version = env(version)' "./cnab-config/$chartName/manifest.yaml"
+
+    # Parse image details from charts/<service>/values.yaml.
+    local imageName
+    local imageTag
+    local imageRegistry
+    local imageDigest
+    local imageLocation
+    # Strip castai- prefix to gen service name.
+    imageName="${chartName##*-}"
+    imageTag=$(yq '.appVersion' < "./charts/$chartName/Chart.yaml")
+    imageRegistry=$(yq '.image.repository' < "./charts/$chartName/values.yaml")
+    imageRegistry=$(echo "${imageRegistry%/$imageName}" | xargs)
+    imageLocation="$imageRegistry/$imageName:$imageTag"
+    # shellcheck disable=SC2086
+    imageDigest=$(docker pull $imageLocation | grep  "Digest: " | sed 's|''Digest: ||g')
+
+    # Update CNAB values.yaml with image details.
+    digest="$imageDigest" yq -i '.global.azure.images.agent.digest = env(digest)' "./cnab-config/$chartName/values.yaml"
+    name="$imageName" yq -i '.global.azure.images.agent.image = env(name)' "./cnab-config/$chartName/values.yaml"
+    registry="$imageRegistry" yq -i '.global.azure.images.agent.registry = env(registry)' "./cnab-config/$chartName/values.yaml"
+
+    # Create staging area to create CNAB directory structure.
+    echo "Copying $chartName Helm chart to cpa-stage directory for packaging"
+    mkdir .cpa-stage
+    cp -R "./cnab-config/$chartName" "./.cpa-stage"
+    cp -R "./charts/$chartName" "./.cpa-stage/$chartName/"
+    # Merge CNAB specific configuration into values.yaml
+    valuesPath="cnab-config/$chartName/values.yaml" yq -i '. *= load(env(valuesPath))' "./.cpa-stage/$chartName/$chartName/values.yaml"
+
+    echo "Releasing CNAB package.."
+    az login --service-principal -u "$AZURE_K8S_APP_MARKETPLACE_SP_ID" -p "$AZURE_K8S_APP_MARKETPLACE_SP_SECRET" --tenant "$AZURE_K8S_APP_MARKETPLACE_TENANT_ID" -o none
+    TOKEN=$(az acr login --name "$AZURE_K8S_APP_MARKETPLACE_REGISTRY_NAME" --expose-token --output tsv --query accessToken)
+    docker run --env TOKEN="$TOKEN" --env REGISTRY="$AZURE_K8S_APP_MARKETPLACE_REGISTRY_NAME" --rm -v /var/run/docker.sock:/var/run/docker.sock -v "$PWD/.cpa-stage/$chartName":/data "$PACKAGING_IMAGE" /bin/bash -c 'cd /data ; docker login -p $TOKEN "$REGISTRY" --username 00000000-0000-0000-0000-000000000000; cpa buildbundle --telemetryOptOut'
+}
+
+main
+
diff --git a/scripts/handle-cnab-package.sh → scripts/verify-cnab-package.sh b/scripts/handle-cnab-package.sh → scripts/verify-cnab-package.sh
@@ -14,6 +14,7 @@ main() {
     changed=$(ct list-changed --config "$repo_root/ct.yaml")
 
     if [[ -z "$changed" ]]; then
+        echo "No helm charts were updated, skipping.."
         exit 0
     fi
 
@@ -28,11 +29,6 @@ main() {
     # Strip charts directory.
     chartName="${changed##*/}"
 
-    if [[ "$CNAB_ACTION" != "VERIFY" && "$CNAB_ACTION" != "RELEASE" ]]; then
-        echo "CNAB_ACTION must be one of: [VERIFY, RELEASE]."
-        exit 1
-    fi
-
     if [[ "$PR_TITLE" != "[$chartName] "* ]]; then
         echo "PR title must start with '[$chartName] '." >&2
         exit 1
@@ -77,17 +73,8 @@ main() {
     # Merge CNAB specific configuration into values.yaml
     valuesPath="cnab-config/$chartName/values.yaml" yq -i '. *= load(env(valuesPath))' "./.cpa-stage/$chartName/$chartName/values.yaml"
 
-    if [[ "$CNAB_ACTION" == "VERIFY" ]]; then
-      echo "Verifying CNAB package.."
-      docker run --rm -v /var/run/docker.sock:/var/run/docker.sock -v "$PWD/.cpa-stage/$chartName":/data  mcr.microsoft.com/container-package-app:latest /bin/bash -c 'cd /data ; cpa verify --telemetryOptOut'
-    fi
-
-    if [[ "$CNAB_ACTION" == "RELEASE" ]]; then
-      echo "Releasing CNAB package.."
-      az login --service-principal -u "$AZURE_K8S_APP_MARKETPLACE_SP_ID" -p "$AZURE_K8S_APP_MARKETPLACE_SP_SECRET" --tenant "$AZURE_K8S_APP_MARKETPLACE_TENANT_ID" -o none
-      TOKEN=$(az acr login --name "$AZURE_K8S_APP_MARKETPLACE_REGISTRY_NAME" --expose-token --output tsv --query accessToken)
-      docker run --env TOKEN="$TOKEN" --env REGISTRY="$AZURE_K8S_APP_MARKETPLACE_REGISTRY_NAME" --rm -v /var/run/docker.sock:/var/run/docker.sock -v "$PWD/.cpa-stage/$chartName":/data "$PACKAGING_IMAGE" /bin/bash -c 'cd /data ; docker login -p $TOKEN "$REGISTRY" --username 00000000-0000-0000-0000-000000000000; cpa buildbundle --telemetryOptOut'
-    fi
+    echo "Verifying CNAB package.."
+    docker run --rm -v /var/run/docker.sock:/var/run/docker.sock -v "$PWD/.cpa-stage/$chartName":/data  "$PACKAGING_IMAGE" /bin/bash -c 'cd /data ; cpa verify --telemetryOptOut'
 }
 
 main