actions-runner-controller/.github/workflows/publish-chart.yaml

name: Publish Helm Chart

on:
  push:
    branches:
      - master
    paths:
      - 'charts/**'
      - '.github/workflows/publish-chart.yaml'
      - '!charts/actions-runner-controller/docs/**'
      - '!**.md'
  workflow_dispatch:

env:
  KUBE_SCORE_VERSION: 1.10.0
  HELM_VERSION: v3.8.0

permissions:
  contents: read

jobs:
  lint-chart:
    name: Lint Chart
    runs-on: ubuntu-latest
    outputs:
      publish-chart: ${{ steps.publish-chart-step.outputs.publish }}
    steps:
      - name: Checkout
        uses: actions/checkout@v3
        with:
          fetch-depth: 0

      - name: Set up Helm
        uses: azure/setup-helm@v3.3
        with:
          version: ${{ env.HELM_VERSION }}

      - name: Set up kube-score
        run: |
          wget https://github.com/zegl/kube-score/releases/download/v${{ env.KUBE_SCORE_VERSION }}/kube-score_${{ env.KUBE_SCORE_VERSION }}_linux_amd64 -O kube-score
          chmod 755 kube-score          

      - name: Kube-score generated manifests
        run: helm template  --values charts/.ci/values-kube-score.yaml charts/* | ./kube-score score -
              --ignore-test pod-networkpolicy
              --ignore-test deployment-has-poddisruptionbudget
              --ignore-test deployment-has-host-podantiaffinity
              --ignore-test container-security-context
              --ignore-test pod-probes
              --ignore-test container-image-tag
              --enable-optional-test container-security-context-privileged
              --enable-optional-test container-security-context-readonlyrootfilesystem

      # python is a requirement for the chart-testing action below (supports yamllint among other tests)
      - uses: actions/setup-python@v4
        with:
          python-version: '3.7'

      - name: Set up chart-testing
        uses: helm/chart-testing-action@v2.3.1

      - name: Run chart-testing (list-changed)
        id: list-changed
        run: |
          changed=$(ct list-changed --config charts/.ci/ct-config.yaml)
          if [[ -n "$changed" ]]; then
            echo "::set-output name=changed::true"
          fi          

      - name: Run chart-testing (lint)
        run: |
          ct lint --config charts/.ci/ct-config.yaml          

      - name: Create kind cluster
        if: steps.list-changed.outputs.changed == 'true'
        uses: helm/kind-action@v1.4.0

      # We need cert-manager already installed in the cluster because we assume the CRDs exist
      - name: Install cert-manager
        if: steps.list-changed.outputs.changed == 'true'      
        run: |
          helm repo add jetstack https://charts.jetstack.io --force-update
          helm install cert-manager jetstack/cert-manager --set installCRDs=true --wait          

      - name: Run chart-testing (install)
        if: steps.list-changed.outputs.changed == 'true'
        run: ct install --config charts/.ci/ct-config.yaml

      # WARNING: This relies on the latest release being inat the top of the JSON from GitHub and a clean chart.yaml
      - name: Check if Chart Publish is Needed
        id: publish-chart-step
        run: |
          CHART_TEXT=$(curl -fs https://raw.githubusercontent.com/actions-runner-controller/actions-runner-controller/master/charts/actions-runner-controller/Chart.yaml)
          NEW_CHART_VERSION=$(echo "$CHART_TEXT" | grep version: | cut -d ' ' -f 2)
          RELEASE_LIST=$(curl -fs https://api.github.com/repos/actions-runner-controller/actions-runner-controller/releases  | jq .[].tag_name | grep actions-runner-controller | cut -d '"' -f 2 | cut -d '-' -f 4)
          LATEST_RELEASED_CHART_VERSION=$(echo $RELEASE_LIST | cut -d ' ' -f 1)
          echo "Chart version in master : $NEW_CHART_VERSION"
          echo "Latest release chart version : $LATEST_RELEASED_CHART_VERSION"
          if [[ $NEW_CHART_VERSION != $LATEST_RELEASED_CHART_VERSION ]]; then
            echo "::set-output name=publish::true"
          fi          

  publish-chart:
    if: needs.lint-chart.outputs.publish-chart == 'true'
    needs: lint-chart
    name: Publish Chart
    runs-on: ubuntu-latest
    permissions:
      contents: write  # for helm/chart-releaser-action to push chart release and create a release
    

    steps:
      - name: Checkout
        uses: actions/checkout@v3
        with:
          fetch-depth: 0

      - name: Configure Git
        run: |
          git config user.name "$GITHUB_ACTOR"
          git config user.email "$GITHUB_ACTOR@users.noreply.github.com"          

      - name: Run chart-releaser
        uses: helm/chart-releaser-action@v1.4.0
        env:
          CR_TOKEN: "${{ secrets.GITHUB_TOKEN }}"