CLOUDP-277319: Added helm automation job #2 (#1870)

igor-karpukhin · web-flow · commit 5f3c8cd9aaa5 · 2024-10-28T09:52:08.000+01:00
Added helm automation job
diff --git a/.github/workflows/update-helm.yaml b/.github/workflows/update-helm.yaml
@@ -1,6 +1,5 @@
 name: Helm update
 
-
 on:
   workflow_call:
   workflow_dispatch:
@@ -9,6 +8,10 @@ jobs:
   verify-helm-changes:
     name: Verify if AKO helm charts needs updates
     runs-on: ubuntu-latest
+    environment: release
+    permissions:
+      contents: write
+      pull-requests: write
     steps:
       - name: Checkout AKO repo
         uses: actions/checkout@v4
@@ -18,15 +21,24 @@ jobs:
         with:
           enable-cache: 'true'
 
-      - name: Configure git
-        run: |
-          git config --global user.email "41898282+github-actions[bot]@users.noreply.github.com"
-          git config --global user.name "github-actions[bot]"
+      - name: Generate GitHub App Token
+        id: generate_token
+        uses: actions/create-github-app-token@v1
+        with:
+          app-id: ${{ secrets.AKO_RELEASER_APP_ID }}
+          private-key: ${{ secrets.AKO_RELEASER_RSA_KEY }}
+          owner: ${{ github.repository_owner }}
+          repositories: |
+            mongodb-atlas-kubernetes
+            helm-charts
 
-      - name: Checkout Helm Repo
-        run: |
-          git clone https://github.com/mongodb/helm-charts.git ./helm-charts-cloned
-          ls -lah
+      - name: Checkout Helm charts repo
+        uses: actions/checkout@v4
+        with:
+            repository: mongodb/helm-charts
+            token: ${{ steps.generate_token.outputs.token }}
+            path: helm-charts-cloned
+            persist-credentials: true
 
       - name: Verify if CRDs were changed
         id: crd-check
@@ -44,17 +56,29 @@ jobs:
 
       - name: Create PR for helm-charts repo
         env:
-          GH_TOKEN: ${{ secrets.GITHUB_TOKEN }}
+            GH_TOKEN: ${{ steps.generate_token.outputs.token }}
         run: |
           cd ./helm-charts-cloned
 
           if [[ -n $(git status --porcelain) ]]; then
-            BRANCH_NAME=CRD-RBAC-changes-${{ github.run_id }}
-            COMMIT_MSG="[autogenerated] update CRDs and RBAC ${{ github.run_id }}"
+            jobname=${{ github.run_id }}
+            if [[ -n "${{ github.event.pull_request.title }}" ]]; then
+              jobname="${{ github.event.pull_request.title }}"
+            fi
+            
+            BRANCH_NAME=CRD-RBAC-changes-"${jobname}"
+            COMMIT_MSG="[autogenerated] update CRDs and RBAC ${jobname}"
             echo "Changes detected. Creating PR"
+          
+            git config --local user.email "akobot@ako-team-fake.mongodb.com"
+            git config --local user.name "ako-releaser"
+          
             git checkout -b "${BRANCH_NAME}"
             git add .
             git commit -m "${COMMIT_MSG}"
-            gh pr create -B main -H "${BRANCH_NAME}" --title "${COMMIT_MSG}" --body "${COMMIT_MSG}"
+          
+            git push origin "${BRANCH_NAME}"
+
+            gh pr create --base main --head "${BRANCH_NAME}" --title "${COMMIT_MSG}" --body "${COMMIT_MSG}"
           fi
           echo "Nothing to commit"
diff --git a/Makefile b/Makefile
@@ -11,7 +11,7 @@ DOCKER_SBOM_PLUGIN_VERSION=0.6.1
 # To re-generate a bundle for another specific version without changing the standard setup, you can:
 # - use the VERSION as arg of the bundle target (e.g make bundle VERSION=0.0.2)
 # - use environment variables to overwrite this value (e.g export VERSION=0.0.2)
-VERSION ?= $(shell git describe --tags --dirty --broken | cut -c 2-)
+VERSION ?= $(shell git describe --always --tags --dirty --broken | cut -c 2-)
 
 # NEXT_VERSION represents a version that is higher than anything released
 # VERSION default value does not play well with the run target which might end up failing
