diff --git a/cr.yaml b/.github/cr.yaml similarity index 100% rename from cr.yaml rename to .github/cr.yaml diff --git a/ct.yaml b/.github/ct.yaml similarity index 72% rename from ct.yaml rename to .github/ct.yaml index 4aa3503..aeefaf5 100644 --- a/ct.yaml +++ b/.github/ct.yaml @@ -1,8 +1,7 @@ # See https://github.com/helm/chart-testing#configuration chart-dirs: charts -check-version-increment: true -debug: false -helm-extra-args: --timeout 900s +check-version-increment: false +debug: true remote: origin target-branch: main upgrade: true diff --git a/.github/updatecli/helm-dependencies.yaml b/.github/updatecli/helm-dependencies.yaml new file mode 100644 index 0000000..aa5c013 --- /dev/null +++ b/.github/updatecli/helm-dependencies.yaml @@ -0,0 +1,83 @@ +sources: + elasticsearch: + kind: helmchart + spec: + url: https://charts.bitnami.com/bitnami + name: elasticsearch + versionFilter: + kind: semver + pattern: '*' # replace with CI/CD updatecli + sourceid: elasticsearch + minio: + kind: helmchart + spec: + url: https://charts.bitnami.com/bitnami + name: minio + versionFilter: + kind: semver + pattern: '*' # replace with CI/CD updatecli + sourceid: minio + opensearch: + kind: helmchart + spec: + url: https://opensearch-project.github.io/helm-charts/ + name: opensearch + versionFilter: + kind: semver + pattern: '*' # replace with CI/CD updatecli + sourceid: opensearch + rabbitmq: + kind: helmchart + spec: + url: https://charts.bitnami.com/bitnami + name: rabbitmq + versionFilter: + kind: semver + pattern: '*' # replace with CI/CD updatecli + sourceid: rabbitmq + redis: + kind: helmchart + spec: + url: https://charts.bitnami.com/bitnami + name: redis + versionFilter: + kind: semver + pattern: '*' # replace with CI/CD updatecli + sourceid: redis +conditions: {} +targets: + elasticsearch: + name: bump chart dependencies + kind: yaml + spec: + file: charts/opencti/Chart.yaml + key: $.dependencies[0].version + sourceid: elasticsearch + minio: + name: bump chart dependencies + kind: yaml + spec: + file: charts/opencti/Chart.yaml + key: $.dependencies[1].version + sourceid: minio + opensearch: + name: bump chart dependencies + kind: yaml + spec: + file: charts/opencti/Chart.yaml + key: $.dependencies[2].version + sourceid: opensearch + rabbitmq: + name: bump chart dependencies + kind: yaml + spec: + file: charts/opencti/Chart.yaml + key: $.dependencies[3].version + sourceid: rabbitmq + redis: + name: bump chart dependencies + kind: yaml + spec: + file: charts/opencti/Chart.yaml + key: $.dependencies[4].version + sourceid: redis diff --git a/.github/workflows/check-opencti-major-dependencies.yaml b/.github/workflows/check-opencti-major-dependencies.yaml new file mode 100644 index 0000000..39672a1 --- /dev/null +++ b/.github/workflows/check-opencti-major-dependencies.yaml @@ -0,0 +1,60 @@ +name: Check OpenCTI major dependencies releases + +on: + workflow_dispatch: + schedule: + - cron: '0 0 1 * *' # first day of month + +jobs: + check-and-update-major-dependencies: + runs-on: ubuntu-latest + steps: + - name: Checkout repository + uses: actions/checkout@v4 + with: + fetch-depth: 0 + + - name: Prepare updatecli configuration + id: dependencies + run: | + # get name dependencies + dependencies=($(yq eval -o=json '.dependencies[] | .name' charts/opencti/Chart.yaml | xargs)) + + # replace version + for dependency in "${dependencies[@]}"; do + yq eval -i ".sources.${dependency}.spec.versionFilter.pattern = \"*\"" .github/updatecli/helm-dependencies.yaml + done + + - name: Install updatecli + uses: updatecli/updatecli-action@v2 + + - name: Update dependencies + run: | + updatecli apply --config .github/updatecli/helm-dependencies.yaml --commit=false 2>&1 | tee > tmp-major-output.log + awk '/TARGETS/{flag=1;next}/ACTIONS/{flag=0}flag' tmp-major-output.log > major-output.log + env: + GITHUB_TOKEN: "${{ secrets.GITHUB_TOKEN }}" + + - name: Update README.md Helm Chart + uses: losisin/helm-docs-github-action@v1 + with: + chart-search-root: charts/opencti + + - name: Get current date + id: date + run: | + echo "date=$(date -I)" >> $GITHUB_OUTPUT + + - name: Create PR with changes + uses: peter-evans/create-pull-request@v6 + with: + add-paths: charts/opencti + token: ${{ secrets.PAT_GITHUB }} + commit-message: "fix: update mayor dependencies version" + signoff: false + branch: fix/upgrade-opencti-major-dependencies-${{ steps.date.outputs.date }} + delete-branch: true + title: '[opencti] upgrade major dependencies (${{ steps.date.outputs.date }})' + body-path: major-output.log + labels: | + auto-pr-bump-version diff --git a/.github/workflows/check-opencti-minor-dependencies.yaml b/.github/workflows/check-opencti-minor-dependencies.yaml new file mode 100644 index 0000000..ab9a1c4 --- /dev/null +++ b/.github/workflows/check-opencti-minor-dependencies.yaml @@ -0,0 +1,61 @@ +name: Check OpenCTI minor dependencies releases + +on: + workflow_dispatch: + schedule: + - cron: '0 0 * * 1' # every monday + +jobs: + check-and-update-minor-dependencies: + runs-on: ubuntu-latest + steps: + - name: Checkout repository + uses: actions/checkout@v4 + with: + fetch-depth: 0 + + - name: Prepare updatecli configuration + id: dependencies + run: | + # get name dependencies + dependencies=($(yq eval -o=json '.dependencies[] | .name' charts/opencti/Chart.yaml | xargs)) + + # replace version + for dependency in "${dependencies[@]}"; do + version="~$(yq eval -r ".dependencies[] | select(.name == \"${dependency}\") | .version" charts/opencti/Chart.yaml | cut -d'.' -f1)" + yq eval -i ".sources.${dependency}.spec.versionFilter.pattern = \"${version}\"" .github/updatecli/helm-dependencies.yaml + done + + - name: Install updatecli + uses: updatecli/updatecli-action@v2 + + - name: Update dependencies + run: | + updatecli apply --config .github/updatecli/helm-dependencies.yaml --commit=false 2>&1 | tee > tmp-minor-output.log + awk '/TARGETS/{flag=1;next}/ACTIONS/{flag=0}flag' tmp-minor-output.log > minor-output.log + env: + GITHUB_TOKEN: "${{ secrets.GITHUB_TOKEN }}" + + - name: Update README.md Helm Chart + uses: losisin/helm-docs-github-action@v1 + with: + chart-search-root: charts/opencti + + - name: Get current date + id: date + run: | + echo "date=$(date -I)" >> $GITHUB_OUTPUT + + - name: Create PR with changes + uses: peter-evans/create-pull-request@v6 + with: + add-paths: charts/opencti + token: ${{ secrets.PAT_GITHUB }} + commit-message: "fix: update minor dependencies version" + signoff: false + branch: fix/upgrade-opencti-minor-dependencies-${{ steps.date.outputs.date }} + delete-branch: true + title: '[opencti] upgrade minor dependencies (${{ steps.date.outputs.date }})' + body-path: minor-output.log + labels: | + auto-pr-bump-version diff --git a/.github/workflows/check-changes.yaml b/.github/workflows/check-opencti-release.yaml similarity index 84% rename from .github/workflows/check-changes.yaml rename to .github/workflows/check-opencti-release.yaml index 8963b7e..6dbc6bc 100644 --- a/.github/workflows/check-changes.yaml +++ b/.github/workflows/check-opencti-release.yaml @@ -3,10 +3,10 @@ name: Check OpenCTI new releases on: workflow_dispatch: schedule: - - cron: '0 0 * * *' + - cron: '0 0 * * *' # every day jobs: - check-and-release: + check-and-update-opencti: runs-on: ubuntu-latest steps: - name: Checkout repository @@ -17,7 +17,7 @@ jobs: - name: Get latest release id: latest_release run: | - latest_release=$(curl -s https://api.github.com/repos/opencti-platform/opencti/tags | jq -r '.[0].name') + latest_release=$(curl -s https://api.github.com/repos/opencti-platform/opencti/releases | jq -r '.[0].name' | cut -d' ' -f 2) echo "latest_release=$latest_release" >> $GITHUB_OUTPUT - name: Get current release @@ -29,7 +29,9 @@ jobs: - name: Check if release changed id: check_changes run: | - if [ ${{ steps.latest_release.outputs.latest_release }} != ${{ steps.current_release.outputs.current_release }} ]; then + if [ -z ${{ steps.latest_release.outputs.latest_release }} ]; then + echo "release_changed=false" >> $GITHUB_OUTPUT + elif [ ${{ steps.latest_release.outputs.latest_release }} != ${{ steps.current_release.outputs.current_release }} ]; then echo "release_changed=true" >> $GITHUB_OUTPUT fi @@ -62,4 +64,3 @@ jobs: Changelog: https://github.com/OpenCTI-Platform/opencti/releases/tag/${{ steps.latest_release.outputs.latest_release }} labels: | auto-pr-bump-version - team-reviewers: devops-ia diff --git a/.github/workflows/lint-test.yaml b/.github/workflows/lint-test.yaml index c384c26..476128d 100644 --- a/.github/workflows/lint-test.yaml +++ b/.github/workflows/lint-test.yaml @@ -11,10 +11,9 @@ jobs: with: fetch-depth: 0 + # default install latest (stable) - name: Set up Helm uses: azure/setup-helm@v4 - with: - version: v3.13.0 - uses: actions/setup-python@v5 with: @@ -27,14 +26,14 @@ jobs: - name: Run chart-testing (list-changed) id: list-changed run: | - changed=$(ct list-changed --config ct.yaml) + changed=$(ct list-changed --config .github/ct.yaml) if [[ -n "${changed}" ]]; then echo "changed=true" >> "$GITHUB_OUTPUT" fi - name: Run chart-testing (lint) if: steps.list-changed.outputs.changed == 'true' - run: ct lint --config ct.yaml + run: ct lint --config .github/ct.yaml # TODO: uncomment when we've self-managed nodes # - name: Create kind cluster diff --git a/.github/workflows/release.yaml b/.github/workflows/release.yaml index 1a0341a..faa4b5a 100644 --- a/.github/workflows/release.yaml +++ b/.github/workflows/release.yaml @@ -60,7 +60,7 @@ jobs: uses: helm/chart-releaser-action@v1.6.0 with: charts_dir: charts - config: cr.yaml + config: .github/cr.yaml env: CR_TOKEN: "${{ secrets.GITHUB_TOKEN }}" CR_SKIP_EXISTING: true