chore: workflows to dependencies [skip ci]

devops-ia · Aug 12, 2024 · 6d2c441 · 6d2c441
1 parent dcaa970
commit 6d2c441
Show file tree

Hide file tree

Showing 8 changed files with 217 additions and 13 deletions.
diff --git a/cr.yaml → .github/cr.yaml b/cr.yaml → .github/cr.yaml
diff --git a/ct.yaml → .github/ct.yaml b/ct.yaml → .github/ct.yaml
@@ -1,8 +1,8 @@
 # See https://github.com/helm/chart-testing#configuration
 chart-dirs: charts
-check-version-increment: true
-debug: false
-helm-extra-args: --timeout 900s
+check-version-increment: false
+debug: true
+helm-extra-args: '--timeout 900s'
 remote: origin
 target-branch: main
 upgrade: true

diff --git a/.github/updatecli/helm-dependencies.yaml b/.github/updatecli/helm-dependencies.yaml
@@ -0,0 +1,83 @@
+sources:
+  elasticsearch:
+    kind: helmchart
+    spec:
+      url: https://charts.bitnami.com/bitnami
+      name: elasticsearch
+      versionFilter:
+        kind: semver
+        pattern: '*' # replace with CI/CD updatecli
+    sourceid: elasticsearch
+  minio:
+    kind: helmchart
+    spec:
+      url: https://charts.bitnami.com/bitnami
+      name: minio
+      versionFilter:
+        kind: semver
+        pattern: '*' # replace with CI/CD updatecli
+    sourceid: minio
+  opensearch:
+    kind: helmchart
+    spec:
+      url: https://opensearch-project.github.io/helm-charts/
+      name: opensearch
+      versionFilter:
+        kind: semver
+        pattern: '*' # replace with CI/CD updatecli
+    sourceid: opensearch
+  rabbitmq:
+    kind: helmchart
+    spec:
+      url: https://charts.bitnami.com/bitnami
+      name: rabbitmq
+      versionFilter:
+        kind: semver
+        pattern: '*' # replace with CI/CD updatecli
+    sourceid: rabbitmq
+  redis:
+    kind: helmchart
+    spec:
+      url: https://charts.bitnami.com/bitnami
+      name: redis
+      versionFilter:
+        kind: semver
+        pattern: '*' # replace with CI/CD updatecli
+    sourceid: redis
+conditions: {}
+targets:
+  elasticsearch:
+    name: bump chart dependencies
+    kind: yaml
+    spec:
+      file: charts/opencti/Chart.yaml
+      key: $.dependencies[0].version
+    sourceid: elasticsearch
+  minio:
+    name: bump chart dependencies
+    kind: yaml
+    spec:
+      file: charts/opencti/Chart.yaml
+      key: $.dependencies[1].version
+    sourceid: minio
+  opensearch:
+    name: bump chart dependencies
+    kind: yaml
+    spec:
+      file: charts/opencti/Chart.yaml
+      key: $.dependencies[2].version
+    sourceid: opensearch
+  rabbitmq:
+    name: bump chart dependencies
+    kind: yaml
+    spec:
+      file: charts/opencti/Chart.yaml
+      key: $.dependencies[3].version
+    sourceid: rabbitmq
+  redis:
+    name: bump chart dependencies
+    kind: yaml
+    spec:
+      file: charts/opencti/Chart.yaml
+      key: $.dependencies[4].version
+    sourceid: redis
diff --git a/.github/workflows/check-opencti-major-dependencies.yaml b/.github/workflows/check-opencti-major-dependencies.yaml
@@ -0,0 +1,60 @@
+name: Check OpenCTI major dependencies releases
+
+on:
+  workflow_dispatch:
+  schedule:
+    - cron: '0 0 1 * *' # first day of month
+
+jobs:
+  check-and-update-major-dependencies:
+    runs-on: ubuntu-latest
+    steps:
+      - name: Checkout repository
+        uses: actions/checkout@v4
+        with:
+          fetch-depth: 0
+
+      - name: Prepare updatecli configuration
+        id: dependencies
+        run: |
+          # get name dependencies
+          dependencies=($(yq eval -o=json '.dependencies[] | .name' charts/opencti/Chart.yaml | xargs))
+
+          # replace version
+          for dependency in "${dependencies[@]}"; do
+            yq eval -i ".sources.${dependency}.spec.versionFilter.pattern = \"*\"" .github/updatecli/helm-dependencies.yaml
+          done
+
+      - name: Install updatecli
+        uses: updatecli/updatecli-action@v2
+
+      - name: Update dependencies
+        run: |
+          updatecli apply --config .github/updatecli/helm-dependencies.yaml --commit=false 2>&1 | tee > tmp-major-output.log
+          awk '/TARGETS/{flag=1;next}/ACTIONS/{flag=0}flag' tmp-major-output.log > major-output.log
+        env:
+          GITHUB_TOKEN: "${{ secrets.GITHUB_TOKEN }}"
+
+      - name: Update README.md Helm Chart
+        uses: losisin/helm-docs-github-action@v1
+        with:
+          chart-search-root: charts/opencti
+
+      - name: Get current date
+        id: date
+        run: |
+          echo "date=$(date -I)" >> $GITHUB_OUTPUT
+
+      - name: Create PR with changes
+        uses: peter-evans/create-pull-request@v6
+        with:
+          add-paths: charts/opencti
+          token: ${{ secrets.PAT_GITHUB }}
+          commit-message: "fix: update mayor dependencies version"
+          signoff: false
+          branch: fix/upgrade-opencti-major-dependencies-${{ steps.date.outputs.date }}
+          delete-branch: true
+          title: '[opencti] upgrade major dependencies (${{ steps.date.outputs.date }})'
+          body-path: major-output.log
+          labels: |
+            auto-pr-bump-version
diff --git a/.github/workflows/check-opencti-minor-dependencies.yaml b/.github/workflows/check-opencti-minor-dependencies.yaml
@@ -0,0 +1,61 @@
+name: Check OpenCTI minor dependencies releases
+
+on:
+  workflow_dispatch:
+  schedule:
+    - cron: '0 0 * * 1' # every monday
+
+jobs:
+  check-and-update-minor-dependencies:
+    runs-on: ubuntu-latest
+    steps:
+      - name: Checkout repository
+        uses: actions/checkout@v4
+        with:
+          fetch-depth: 0
+
+      - name: Prepare updatecli configuration
+        id: dependencies
+        run: |
+          # get name dependencies
+          dependencies=($(yq eval -o=json '.dependencies[] | .name' charts/opencti/Chart.yaml | xargs))
+
+          # replace version
+          for dependency in "${dependencies[@]}"; do
+            version="~$(yq eval -r ".dependencies[] | select(.name == \"${dependency}\") | .version" charts/opencti/Chart.yaml | cut -d'.' -f1)"
+            yq eval -i ".sources.${dependency}.spec.versionFilter.pattern = \"${version}\"" .github/updatecli/helm-dependencies.yaml
+          done
+
+      - name: Install updatecli
+        uses: updatecli/updatecli-action@v2
+
+      - name: Update dependencies
+        run: |
+          updatecli apply --config .github/updatecli/helm-dependencies.yaml --commit=false 2>&1 | tee > tmp-minor-output.log
+          awk '/TARGETS/{flag=1;next}/ACTIONS/{flag=0}flag' tmp-minor-output.log > minor-output.log
+        env:
+          GITHUB_TOKEN: "${{ secrets.GITHUB_TOKEN }}"
+
+      - name: Update README.md Helm Chart
+        uses: losisin/helm-docs-github-action@v1
+        with:
+          chart-search-root: charts/opencti
+
+      - name: Get current date
+        id: date
+        run: |
+          echo "date=$(date -I)" >> $GITHUB_OUTPUT
+
+      - name: Create PR with changes
+        uses: peter-evans/create-pull-request@v6
+        with:
+          add-paths: charts/opencti
+          token: ${{ secrets.PAT_GITHUB }}
+          commit-message: "fix: update minor dependencies version"
+          signoff: false
+          branch: fix/upgrade-opencti-minor-dependencies-${{ steps.date.outputs.date }}
+          delete-branch: true
+          title: '[opencti] upgrade minor dependencies (${{ steps.date.outputs.date }})'
+          body-path: minor-output.log
+          labels: |
+            auto-pr-bump-version
diff --git a/.github/workflows/check-changes.yaml → .github/workflows/check-opencti-release.yaml b/.github/workflows/check-changes.yaml → .github/workflows/check-opencti-release.yaml
@@ -3,10 +3,10 @@ name: Check OpenCTI new releases
 on:
   workflow_dispatch:
   schedule:
-    - cron: '0 0 * * *'
+    - cron: '0 0 * * *' # every day
 
 jobs:
-  check-and-release:
+  check-and-update-opencti:
     runs-on: ubuntu-latest
     steps:
       - name: Checkout repository
@@ -17,7 +17,7 @@ jobs:
       - name: Get latest release
         id: latest_release
         run: |
-          latest_release=$(curl -s https://api.github.com/repos/opencti-platform/opencti/tags | jq -r '.[0].name')
+          latest_release=$(curl -s https://api.github.com/repos/opencti-platform/opencti/releases | jq -r '.[0].name' | cut -d' ' -f 2)
           echo "latest_release=$latest_release" >> $GITHUB_OUTPUT
 
       - name: Get current release
@@ -29,7 +29,9 @@ jobs:
       - name: Check if release changed
         id: check_changes
         run: |
-          if [ ${{ steps.latest_release.outputs.latest_release }} != ${{ steps.current_release.outputs.current_release }} ]; then
+          if [ -z ${{ steps.latest_release.outputs.latest_release }} ]; then
+            echo "release_changed=false" >> $GITHUB_OUTPUT
+          elif [ ${{ steps.latest_release.outputs.latest_release }} != ${{ steps.current_release.outputs.current_release }} ]; then
             echo "release_changed=true" >> $GITHUB_OUTPUT
           fi
 
@@ -62,4 +64,3 @@ jobs:
             Changelog: https://github.com/OpenCTI-Platform/opencti/releases/tag/${{ steps.latest_release.outputs.latest_release }}
           labels: |
             auto-pr-bump-version
-          team-reviewers: devops-ia
diff --git a/.github/workflows/lint-test.yaml b/.github/workflows/lint-test.yaml
@@ -11,10 +11,9 @@ jobs:
         with:
           fetch-depth: 0
 
+      # default install latest (stable)
       - name: Set up Helm
         uses: azure/setup-helm@v4
-        with:
-          version: v3.13.0
 
       - uses: actions/setup-python@v5
         with:
@@ -27,14 +26,14 @@ jobs:
       - name: Run chart-testing (list-changed)
         id: list-changed
         run: |
-          changed=$(ct list-changed --config ct.yaml)
+          changed=$(ct list-changed --config .github/ct.yaml)
           if [[ -n "${changed}" ]]; then
             echo "changed=true" >> "$GITHUB_OUTPUT"
           fi
 
       - name: Run chart-testing (lint)
         if: steps.list-changed.outputs.changed == 'true'
-        run: ct lint --config ct.yaml
+        run: ct lint --config .github/ct.yaml
 
       # TODO: uncomment when we've self-managed nodes
       # - name: Create kind cluster

diff --git a/.github/workflows/release.yaml b/.github/workflows/release.yaml
@@ -60,7 +60,7 @@ jobs:
         uses: helm/[email protected]
         with:
           charts_dir: charts
-          config: cr.yaml
+          config: .github/cr.yaml
         env:
           CR_TOKEN: "${{ secrets.GITHUB_TOKEN }}"
           CR_SKIP_EXISTING: true