actions-runner-controller/.github/workflows/gha-publish-chart.yaml

name: (gha) Publish Helm Charts

on:
  workflow_dispatch:
    inputs:
      ref:
        description: "The branch, tag or SHA to cut a release from"
        required: false
        type: string
        default: ""
      release_tag_name:
        description: "The name to tag the controller image with"
        required: true
        type: string
        default: "canary"
      push_to_registries:
        description: "Push images to registries"
        required: true
        type: boolean
        default: false
      publish_gha_runner_scale_set_controller_chart:
        description: "Publish new helm chart for gha-runner-scale-set-controller"
        required: true
        type: boolean
        default: false
      publish_gha_runner_scale_set_chart:
        description: "Publish new helm chart for gha-runner-scale-set"
        required: true
        type: boolean
        default: false

env:
  HELM_VERSION: v3.8.0

permissions:
  packages: write

concurrency:
  group: ${{ github.workflow }}
  cancel-in-progress: true

jobs:
  build-push-image:
    name: Build and push controller image
    runs-on: ubuntu-latest
    steps:
      - name: Checkout
        uses: actions/checkout@v4
        with:
          # If inputs.ref is empty, it'll resolve to the default branch
          ref: ${{ inputs.ref }}

      - name: Check chart versions
        # Binary version and chart versions need to match.
        # In case of an upgrade, the controller will try to clean up
        # resources with older versions that should have been cleaned up
        # during the upgrade process
        run: ./hack/check-gh-chart-versions.sh ${{ inputs.release_tag_name }}

      - name: Resolve parameters
        id: resolve_parameters
        run: |
          resolvedRef="${{ inputs.ref }}"
          if [ -z "$resolvedRef" ]
          then
            resolvedRef="${{ github.ref }}"
          fi
          echo "resolved_ref=$resolvedRef" >> $GITHUB_OUTPUT
          echo "INFO: Resolving short SHA for $resolvedRef"
          echo "short_sha=$(git rev-parse --short $resolvedRef)" >> $GITHUB_OUTPUT
          echo "INFO: Normalizing repository name (lowercase)"
          echo "repository_owner=$(echo ${{ github.repository_owner }} | tr '[:upper:]' '[:lower:]')" >> $GITHUB_OUTPUT          

      - name: Set up QEMU
        # https://github.com/docker/setup-qemu-action/releases/tag/v3.6.0
        uses: docker/setup-qemu-action@29109295f81e9208d7d86ff1c6c12d2833863392

      - name: Set up Docker Buildx
        uses: docker/setup-buildx-action@b5ca514318bd6ebac0fb2aedd5d36ec1b5c232a2
        with:
          # Pinning v0.9.1 for Buildx and BuildKit v0.10.6
          # BuildKit v0.11 which has a bug causing intermittent
          # failures pushing images to GHCR
          version: v0.9.1
          driver-opts: image=moby/buildkit:v0.10.6

      - name: Login to GitHub Container Registry
        # https://github.com/docker/login-action/releases/tag/v3.4.0
        uses: docker/login-action@74a5d142397b4f367a81961eba4e8cd7edddf772
        with:
          registry: ghcr.io
          username: ${{ github.actor }}
          password: ${{ secrets.GITHUB_TOKEN }}

      - name: Build & push controller image
        # https://github.com/docker/build-push-action/releases/tag/v6.15.0
        uses: docker/build-push-action@471d1dc4e07e5cdedd4c2171150001c434f0b7a4
        with:
          file: Dockerfile
          platforms: linux/amd64,linux/arm64
          build-args: VERSION=${{ inputs.release_tag_name }}
          push: ${{ inputs.push_to_registries }}
          tags: |
            ghcr.io/${{ steps.resolve_parameters.outputs.repository_owner }}/gha-runner-scale-set-controller:${{ inputs.release_tag_name }}
            ghcr.io/${{ steps.resolve_parameters.outputs.repository_owner }}/gha-runner-scale-set-controller:${{ inputs.release_tag_name }}-${{ steps.resolve_parameters.outputs.short_sha }}            
          cache-from: type=gha
          cache-to: type=gha,mode=max

      - name: Job summary
        run: |
          echo "The [gha-publish-chart.yaml](https://github.com/actions/actions-runner-controller/blob/main/.github/workflows/gha-publish-chart.yaml) workflow run was completed successfully!" >> $GITHUB_STEP_SUMMARY
          echo "" >> $GITHUB_STEP_SUMMARY
          echo "**Parameters:**" >> $GITHUB_STEP_SUMMARY
          echo "- Ref: ${{ steps.resolve_parameters.outputs.resolvedRef }}" >> $GITHUB_STEP_SUMMARY
          echo "- Short SHA: ${{ steps.resolve_parameters.outputs.short_sha }}" >> $GITHUB_STEP_SUMMARY
          echo "- Release tag: ${{ inputs.release_tag_name }}" >> $GITHUB_STEP_SUMMARY
          echo "- Push to registries: ${{ inputs.push_to_registries }}" >> $GITHUB_STEP_SUMMARY
          echo "" >> $GITHUB_STEP_SUMMARY          

  publish-helm-chart-gha-runner-scale-set-controller:
    if: ${{ inputs.publish_gha_runner_scale_set_controller_chart == true }}
    needs: build-push-image
    name: Publish Helm chart for gha-runner-scale-set-controller
    runs-on: ubuntu-latest
    steps:
      - name: Checkout
        uses: actions/checkout@v4
        with:
          # If inputs.ref is empty, it'll resolve to the default branch
          ref: ${{ inputs.ref }}

      - name: Resolve parameters
        id: resolve_parameters
        run: |
          resolvedRef="${{ inputs.ref }}"
          if [ -z "$resolvedRef" ]
          then
            resolvedRef="${{ github.ref }}"
          fi
          echo "INFO: Resolving short SHA for $resolvedRef"
          echo "short_sha=$(git rev-parse --short $resolvedRef)" >> $GITHUB_OUTPUT
          echo "INFO: Normalizing repository name (lowercase)"
          echo "repository_owner=$(echo ${{ github.repository_owner }} | tr '[:upper:]' '[:lower:]')" >> $GITHUB_OUTPUT          

      - name: Set up Helm
        # Using https://github.com/Azure/setup-helm/releases/tag/v4.2.0
        uses: azure/setup-helm@fe7b79cd5ee1e45176fcad797de68ecaf3ca4814
        with:
          version: ${{ env.HELM_VERSION }}

      - name: Publish new helm chart for gha-runner-scale-set-controller
        run: |
          echo ${{ secrets.GITHUB_TOKEN }} | helm registry login ghcr.io --username ${{ github.actor }} --password-stdin
          GHA_RUNNER_SCALE_SET_CONTROLLER_CHART_VERSION_TAG=$(cat charts/gha-runner-scale-set-controller/Chart.yaml | grep version: | cut -d " " -f 2)
          echo "GHA_RUNNER_SCALE_SET_CONTROLLER_CHART_VERSION_TAG=${GHA_RUNNER_SCALE_SET_CONTROLLER_CHART_VERSION_TAG}" >> $GITHUB_ENV
          helm package charts/gha-runner-scale-set-controller/ --version="${GHA_RUNNER_SCALE_SET_CONTROLLER_CHART_VERSION_TAG}"
          helm push gha-runner-scale-set-controller-"${GHA_RUNNER_SCALE_SET_CONTROLLER_CHART_VERSION_TAG}".tgz oci://ghcr.io/${{ steps.resolve_parameters.outputs.repository_owner }}/actions-runner-controller-charts          

      - name: Job summary
        run: |
          echo "New helm chart for gha-runner-scale-set-controller published successfully!" >> $GITHUB_STEP_SUMMARY
          echo "" >> $GITHUB_STEP_SUMMARY
          echo "**Parameters:**" >> $GITHUB_STEP_SUMMARY
          echo "- Ref: ${{ steps.resolve_parameters.outputs.resolvedRef }}" >> $GITHUB_STEP_SUMMARY
          echo "- Short SHA: ${{ steps.resolve_parameters.outputs.short_sha }}" >> $GITHUB_STEP_SUMMARY
          echo "- gha-runner-scale-set-controller Chart version: ${{ env.GHA_RUNNER_SCALE_SET_CONTROLLER_CHART_VERSION_TAG }}" >> $GITHUB_STEP_SUMMARY          

  publish-helm-chart-gha-runner-scale-set:
    if: ${{ inputs.publish_gha_runner_scale_set_chart == true }}
    needs: build-push-image
    name: Publish Helm chart for gha-runner-scale-set
    runs-on: ubuntu-latest
    steps:
      - name: Checkout
        uses: actions/checkout@v4
        with:
          # If inputs.ref is empty, it'll resolve to the default branch
          ref: ${{ inputs.ref }}

      - name: Resolve parameters
        id: resolve_parameters
        run: |
          resolvedRef="${{ inputs.ref }}"
          if [ -z "$resolvedRef" ]
          then
            resolvedRef="${{ github.ref }}"
          fi
          echo "INFO: Resolving short SHA for $resolvedRef"
          echo "short_sha=$(git rev-parse --short $resolvedRef)" >> $GITHUB_OUTPUT
          echo "INFO: Normalizing repository name (lowercase)"
          echo "repository_owner=$(echo ${{ github.repository_owner }} | tr '[:upper:]' '[:lower:]')" >> $GITHUB_OUTPUT          

      - name: Set up Helm
        # Using https://github.com/Azure/setup-helm/releases/tag/v4.2.0
        uses: azure/setup-helm@fe7b79cd5ee1e45176fcad797de68ecaf3ca4814
        with:
          version: ${{ env.HELM_VERSION }}

      - name: Publish new helm chart for gha-runner-scale-set
        run: |
          echo ${{ secrets.GITHUB_TOKEN }} | helm registry login ghcr.io --username ${{ github.actor }} --password-stdin

          GHA_RUNNER_SCALE_SET_CHART_VERSION_TAG=$(cat charts/gha-runner-scale-set/Chart.yaml | grep version: | cut -d " " -f 2)
          echo "GHA_RUNNER_SCALE_SET_CHART_VERSION_TAG=${GHA_RUNNER_SCALE_SET_CHART_VERSION_TAG}" >> $GITHUB_ENV
          helm package charts/gha-runner-scale-set/ --version="${GHA_RUNNER_SCALE_SET_CHART_VERSION_TAG}"
          helm push gha-runner-scale-set-"${GHA_RUNNER_SCALE_SET_CHART_VERSION_TAG}".tgz oci://ghcr.io/${{ steps.resolve_parameters.outputs.repository_owner }}/actions-runner-controller-charts          

      - name: Job summary
        run: |
          echo "New helm chart for gha-runner-scale-set published successfully!" >> $GITHUB_STEP_SUMMARY
          echo "" >> $GITHUB_STEP_SUMMARY
          echo "**Parameters:**" >> $GITHUB_STEP_SUMMARY
          echo "- Ref: ${{ steps.resolve_parameters.outputs.resolvedRef }}" >> $GITHUB_STEP_SUMMARY
          echo "- Short SHA: ${{ steps.resolve_parameters.outputs.short_sha }}" >> $GITHUB_STEP_SUMMARY
          echo "- gha-runner-scale-set Chart version: ${{ env.GHA_RUNNER_SCALE_SET_CHART_VERSION_TAG }}" >> $GITHUB_STEP_SUMMARY