ZEISS · felixZdi · Apr 11, 2024 · Mar 27, 2024 · Mar 27, 2024 · Mar 28, 2024
diff --git a/.github/workflows/app_release.yml b/.github/workflows/app_release.yml
@@ -0,0 +1,38 @@
+name: Tag
+
+on:
+  pull_request:
+    branches:
+      - 'main'
+    types:
+      - closed
+    paths:
+      - 'charts/ca-injector/Chart.yaml'
+
+jobs:
+  create_tag:
+    if: |
+      (github.event.pull_request.merged == true) &&
+      contains(github.event.pull_request.labels.*.name, 'helm_app_version_update')
+    runs-on: ubuntu-latest
+    outputs:
+      new_tag: ${{ steps.tag_version.outputs.new_tag }}
+    steps:
+      - uses: actions/checkout@v4
+      - name: Receive version
+        run: |
+          new_app_version=$(sed -n -e 's/^.*appVersion: //p' charts/ca-injector/Chart.yaml)
+          echo "new_app_version=${new_app_version}" >> $GITHUB_ENV
+      - name: create git tag
+        id: tag_version
+        uses: mathieudutour/[email protected]
+        with:
+          github_token: ${{ secrets.GITHUB_TOKEN }}
+          custom_tag: ${{ env.new_app_version }}
+          tag_prefix: ''
+  trigger_docker_build:
+    needs: [create_tag]
+    uses: ./.github/workflows/docker.yml
+    secrets: inherit
+    with:
+      tag: ${{ needs.create_tag.outputs.new_tag }}
diff --git a/.github/workflows/docker.yml b/.github/workflows/docker.yml
@@ -1,13 +1,16 @@
 name: Docker Build
 on:
   schedule:
-    - cron: "0 22 * * 0" # every sunday at 10pm
+    - cron: '0 22 * * 0' # every sunday at 10pm
   push:
     branches:
-      - "main"
-    tags:
-      - "v?[0-9]+.[0-9]+.[0-9]+*"
+      - 'main'
   pull_request:
+  workflow_call:
+    inputs:
+      tag:
+        type: string
+        required: true
 
 jobs:
   build:
@@ -24,8 +27,8 @@ jobs:
           VERSION=noop
           if [ "${{ github.event_name }}" = "schedule" ]; then
             VERSION=edge
-          elif [[ $GITHUB_REF == refs/tags/* ]]; then
-            VERSION=${GITHUB_REF#refs/tags/}
+          elif [[ "${{ github.event_name }}" == "workflow_dispatch" ]]; then
+            VERSION=${{ inputs.tag }}
           elif [[ $GITHUB_REF == refs/heads/* ]]; then
             VERSION=$(echo ${GITHUB_REF#refs/heads/} | sed -r 's#/+#-#g')
             if [ "${{ github.event.repository.default_branch }}" = "$VERSION" ]; then
@@ -35,13 +38,11 @@ jobs:
             VERSION=pr-${{ github.event.number }}
           fi
           TAGS="${REGISTRY}${IMAGE}:${VERSION}"
-          if [[ $VERSION =~ ^v?[0-9]{1,3}\.[0-9]{1,3}\.[0-9]{1,3}$ ]]; then
-            VERSION_STRIP=${VERSION#v}
-            MINOR=${VERSION_STRIP%.*}
+          if [[ $VERSION =~ ^[0-9]{1,3}\.[0-9]{1,3}\.[0-9]{1,3}$ ]]; then
+            TAGS="${REGISTRY}${IMAGE}:${VERSION}"
+            MINOR=${VERSION%.*}
             MAJOR=${MINOR%.*}
-            TAGS="$TAGS,${REGISTRY}${IMAGE}:${MINOR},${REGISTRY}${IMAGE}:${MAJOR},${REGISTRY}${IMAGE}:latest"
-          # elif [ "${{ github.event_name }}" = "push" ]; then
-          #   TAGS="$TAGS,${REGISTRY}${IMAGE}:sha-${GITHUB_SHA::8}"
+            TAGS="$TAGS,${REGISTRY}${IMAGE}:${MINOR},${REGISTRY}${IMAGE}:${MAJOR}"
           fi
           echo "version=${VERSION}" >> $GITHUB_OUTPUT
           echo "tags=${TAGS}" >> $GITHUB_OUTPUT
@@ -50,7 +51,7 @@ jobs:
       - name: Set up GO
         uses: actions/setup-go@v5
         with:
-          go-version: "1.21"
+          go-version: '1.21'
       - name: Build GO app
         run: |
           GOOS=linux CGO_ENABLED=0 go build -o app
@@ -99,8 +100,8 @@ jobs:
         if: ${{ github.event_name != 'pull_request' }}
         with:
           image-ref: ${{ steps.env.outputs.tags }}
-          format: "table"
-          exit-code: "1"
+          format: 'table'
+          exit-code: '1'
           ignore-unfixed: true
-          vuln-type: "os,library"
-          severity: "CRITICAL,HIGH"
+          vuln-type: 'os,library'
+          severity: 'CRITICAL,HIGH'
diff --git a/.github/workflows/version_bump.yml b/.github/workflows/version_bump.yml
@@ -1,9 +1,12 @@
-name: Bump helm app version
+name: Bump version
 
 on:
-  push:
-    tags:
-      - "v?[0-9]+.[0-9]+.[0-9]+*"
+  pull_request:
+    branches:
+      - 'main'
+
+    types:
+      - closed
 
 permissions:
   contents: write
@@ -13,12 +16,52 @@ jobs:
   bump_version:
     runs-on: ubuntu-latest
     steps:
+      - name: Install semver
+        run: |
+          pip install semver
       - uses: actions/checkout@v4
-      - name: Bump appVersion
+      - name: Bump helm version
+        if: |
+          (github.event.pull_request.merged == true) &&
+          (contains(github.event.pull_request.labels.*.name, 'helm-patch') ||
+          contains(github.event.pull_request.labels.*.name, 'helm-minor') ||
+          contains(github.event.pull_request.labels.*.name, 'helm-major'))
+        run: |
+          label_names='${{ toJSON(github.event.pull_request.labels) }}'
+          relevant_labels=$(echo $label_names |  jq '[.[] | select((.name == "helm-patch") or (.name == "helm-minor") or (.name == "helm-major"))]')
+          length=$(echo $relevant_labels | jq 'length')
+          if [ $length != 1 ]; then echo "More than one or none label has been defined. Exiting." && exit 1;fi
+
+          version_bump_type=$(echo $relevant_labels | jq -r '.[] | .name')
+          version_bump_type=${version_bump_type#"helm-"}
+
+          current_version=$(sed -n -e 's/^.*version: //p' charts/ca-injector/Chart.yaml)
+          new_version=$(python -m semver bump $version_bump_type $current_version)
+
+          sed -i "s/version:.*/version: $new_version/g" charts/ca-injector/Chart.yaml
+      - name: Bump App version
+        if: |
+          (github.event.pull_request.merged == true) &&
+          (contains(github.event.pull_request.labels.*.name, 'app-patch') ||
+          contains(github.event.pull_request.labels.*.name, 'app-minor') ||
+          contains(github.event.pull_request.labels.*.name, 'app-major'))
         run: |
-          sed -i 's/appVersion:.*/appVersion: ${{ github.ref_name }}/g' charts/ca-injector/Chart.yaml
+          label_names='${{ toJSON(github.event.pull_request.labels) }}'
+          relevant_labels=$(echo $label_names |  jq '[.[] | select((.name == "app-patch") or (.name == "app-minor") or (.name == "app-major"))]')
+          length=$(echo $relevant_labels | jq 'length')
+          if [ $length != 1 ]; then echo "More than one or none label has been defined. Exiting." && exit 1;fi
+          version_bump_type=$(echo $relevant_labels | jq -r '.[] | .name')
+          version_bump_type=${version_bump_type#"app-"}
+
+          current_version=$(sed -n -e 's/^.*appVersion: //p' charts/ca-injector/Chart.yaml)
+          new_version=$(python -m semver bump $version_bump_type $current_version)
+
+          sed -i "s/appVersion:.*/appVersion: $new_version/g" charts/ca-injector/Chart.yaml
+
+          echo "PR_LABELS=helm_app_version_update" >> $GITHUB_ENV
+
       - name: Create Pull Request
         uses: peter-evans/create-pull-request@v6
         with:
-          title: "Add app version ${{ github.ref_name }}"
-          base: main
+          title: 'Bump Helm Chart versions'
+          labels: ${{ env.PR_LABELS }}
diff --git a/README.md b/README.md
@@ -67,3 +67,30 @@ in your helm chart's appropriate annotations section.
 `ca.crt` can be changed by configuration `caBundle.crt` in any of the typical
 ways (config files at `/etc/ca-injector.yaml`, `$HOME/.config/ca-injector.yaml`,
 or environment variable `CAINJECTOR_CABUNDLE_CRT`).
+
+
+## Release
+
+### App
+To trigger a new tagged docker build, create a PR with label 'helm_app_version_update'. The app Version within the helm chart will be used as reference for the container tag. 
+This will be done automatically by below mentioned workflow.
+
+### Helm
+In case the appVersion is increased, the helm Chart version should also be increased.
+In case the helm Chart version is increased, the appVersion does not have to be increased as well.
+
+
+Option 1: 
+Manually set version and/or appVersion within Helm Chart. The Helm release workflow will create a new release in case the helm Chart version has changed.
+
+Option 2:
+Add one or two(app and helm) of the following labels to your PR:
+- app-major
+- app-minor
+- app-patch
+- helm-major
+- helm-minor
+- helm-patch
+
+According to the label, appVersion and/or helm version will be bumped and a PullRequest will be created. The Pull request will include label 'helm_app_version_update' to trigger above mentioned workflow. After this PR has benn closed, the Helm release workflow will create a new release in case the helm Chart version has changed.
+
diff --git a/charts/ca-injector/Chart.yaml b/charts/ca-injector/Chart.yaml
@@ -15,10 +15,10 @@ type: application
 # This is the chart version. This version number should be incremented each time you make changes
 # to the chart and its templates, including the app version.
 # Versions are expected to follow Semantic Versioning (https://semver.org/)
-version: 0.1.0
+version: 0.1.1
 
 # This is the version number of the application being deployed. This version number should be
 # incremented each time you make changes to the application. Versions are not expected to
 # follow Semantic Versioning. They should reflect the version the application is using.
 # It is recommended to use it with quotes.
-appVersion: v0.1.11
+appVersion: 0.1.12