feat: helm release workflow

.github/actions/docs/push.sh

@@ -0,0 +1,40 @@
+#!/bin/bash
+
+# Copyright 2020 The Kubernetes Authors.
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+#     http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+set -e
+remote_repo="https://${GITHUB_ACTOR}:${GITHUB_TOKEN}@github.com/${GITHUB_REPOSITORY}.git"
+git config --global user.name "$GITHUB_ACTOR"
+git config --global user.email "$GITHUB_ACTOR@users.noreply.github.com"
+
+# clone gh pages, save helm index
+git clone --branch=gh-pages --depth=1 "${remote_repo}" gh-pages
+cd gh-pages
+temp_worktree=$(mktemp -d)
+if [ -f index.yaml ]; then
+  cp --force "index.yaml" "$temp_worktree/index.yaml"
+fi
+git rm -r .
+
+# copy new page content, restore helm index, add cname
+cp -r ../site/* .
+if [ -f $temp_worktree/index.yaml ]; then
+  cp "$temp_worktree/index.yaml" .
+fi
+echo "${CNAME}" > CNAME
+
+# commit & push
+git add .
+git commit -m "Deploy GitHub Pages"
+git push --force "${remote_repo}" gh-pages

.github/workflows/docs.yml

@@ -1,8 +1,10 @@
-name: github pages
+name: Deploy Docs
+
 on:
   push:
     branches:
       - main
+
 jobs:
   deploy:
     runs-on: ubuntu-18.04
@@ -11,12 +13,37 @@ jobs:
         with:
           fetch-depth: 0
 
-      - name: Build
+      - name: Setup Go
+        uses: actions/setup-go@v2
+        with:
+          go-version: ${{ env.GO_VERSION }}
+
+      - name: Find the Go Cache
+        id: go
+        run: |
+          echo "::set-output name=build-cache::$(go env GOCACHE)"
+          echo "::set-output name=mod-cache::$(go env GOMODCACHE)"
+
+      - name: Cache the Go Build Cache
+        uses: actions/cache@v2.1.5
+        with:
+          path: ${{ steps.go.outputs.build-cache }}
+          key: ${{ runner.os }}-build-check-diff-${{ hashFiles('**/go.sum') }}
+          restore-keys: ${{ runner.os }}-build-check-diff-
+
+      - name: Cache Go Dependencies
+        uses: actions/cache@v2.1.5
+        with:
+          path: ${{ steps.go.outputs.mod-cache }}
+          key: ${{ runner.os }}-pkg-${{ hashFiles('**/go.sum') }}
+          restore-keys: ${{ runner.os }}-pkg-
+
+      - name: Build Docs
         run: make docs
 
-      - name: Deploy
-        uses: peaceiris/actions-gh-pages@v3.8.0
-        with:
-          github_token: ${{ secrets.GITHUB_TOKEN }}
-          publish_dir: ./site
-          cname: external-secrets.io
+      # we can not use peaceiris/actions-gh-pages as it would override helm index
+      - name: Deploy Docs
+        env:
+          GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
+          CNAME: external-secrets.io
+        run: .github/actions/docs/push.sh

.github/workflows/helm.yml

@@ -54,3 +54,34 @@ jobs:
 
       - name: Run chart-testing (install)
         run: ct install --config=.github/ci/ct.yaml
+
+  release:
+    runs-on: ubuntu-latest
+    steps:
+      - name: Checkout
+        uses: actions/checkout@v2
+        with:
+          fetch-depth: 0
+
+      - name: Configure Git
+        run: |
+          git config user.name "$GITHUB_ACTOR"
+          git config user.email "$GITHUB_ACTOR@users.noreply.github.com"
+
+      - name: Set up Helm
+        uses: azure/setup-helm@v1.1
+        with:
+          version: v3.4.2
+
+      - name: Generate chart
+        run: |
+          make helm.generate
+
+      - name: Run chart-releaser
+        uses: helm/chart-releaser-action@v1.2.0
+        env:
+          CR_TOKEN: "${{ secrets.GITHUB_TOKEN }}"
+          CR_RELEASE_NAME_TEMPLATE: "helm-chart-{{ .Version }}"
+        with:
+          charts_dir: deploy/charts
+          charts_repo_url: https://charts.external-secrets.io

.github/workflows/release.yml

@@ -0,0 +1,78 @@
+name: Create Release
+
+on:
+  workflow_dispatch:
+    inputs:
+      version:
+        description: 'version to release, e.g. v1.5.13'
+        required: true
+        default: 'v0.1.0'
+
+env:
+  GHCR_USERNAME: ${{ secrets.GHCR_USERNAME }}
+
+jobs:
+  release:
+    name: Create Release
+    runs-on: ubuntu-latest
+    steps:
+      - name: Checkout
+        uses: actions/checkout@v2
+        with:
+          fetch-depth: 0
+
+      - name: Create Release
+        uses: softprops/action-gh-release@v1
+        with:
+          tag_name: ${{ github.event.inputs.version }}
+        env:
+          GITHUB_TOKEN: "${{ secrets.GITHUB_TOKEN }}"
+
+      - name: Build Changelog
+        id: build_changelog
+        uses: mikepenz/release-changelog-builder-action@v1.8.0
+        with:
+          configuration: "changelog.json"
+          toTag: ${{ github.event.inputs.version }}
+          commitMode: true
+        env:
+          GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
+
+      - name: create changelog file
+        env:
+          VERSION: ${{ github.event.inputs.version }}
+          CHANGELOG: ${{ steps.build_changelog.outputs.changelog }}
+        run: |
+          echo "Image: \`ghcr.io/${GITHUB_REPOSITORY}:${VERSION}\`" >> .changelog
+          echo "${CHANGELOG}" >> .changelog
+
+      - name: Update Release
+        uses: softprops/action-gh-release@v1
+        with:
+          tag_name: ${{ github.event.inputs.version }}
+          body_path: .changelog
+        env:
+          GITHUB_TOKEN: "${{ secrets.GITHUB_TOKEN }}"
+
+  promote:
+    name: Promote Container Image
+    runs-on: ubuntu-latest
+    steps:
+      - name: Checkout
+        uses: actions/checkout@v2
+        with:
+          fetch-depth: 0
+
+      - name: Login to Docker
+        uses: docker/login-action@v1
+        if: env.GHCR_USERNAME != ''
+        with:
+          registry: ghcr.io
+          username: ${{ secrets.GHCR_USERNAME }}
+          password: ${{ secrets.GHCR_TOKEN }}
+
+      - name: Promote Container Image
+        if: env.GHCR_USERNAME != ''
+        run: make docker.promote
+        env:
+          RELEASE_TAG: ${{ github.event.inputs.version }}

RELEASE.md

@@ -0,0 +1,18 @@
+# Release Process
+
+ESO and the ESO Helm Chart have two distinct lifecycles and can be released independently. Helm Chart releases are named `external-secrets-x.y.z`.
+
+The external-secrets project is released on a as-needed basis. Feel free to open a issue to request a release.
+
+## Release ESO
+
+1. Run `Create Release` Action to create a new release, pass in the desired version number to release.
+2. GitHub Release, Changelog will be created by the `release.yml` workflow which also promotes the container image.
+3. (optional) update Helm Chart
+4. Announce the new release in the `#external-secrets` Kubernetes Slack
+
+## Release Helm Chart
+
+1. Update `version` and/or `appVersion` in `Chart.yaml`
+2. push and merge PR
+3. CI picks up the new chart version and creates a new GitHub Release for it

changelog.json

@@ -0,0 +1,18 @@
+{
+  "categories": [],
+  "ignore_labels": [],
+  "sort": "ASC",
+  "template": "## Changes\n\n${{UNCATEGORIZED}}",
+  "pr_template": "- ${{TITLE}}",
+  "empty_template": "- no changes",
+  "label_extractor": [],
+  "transformers": [],
+  "max_tags_to_fetch": 200,
+  "max_pull_requests": 200,
+  "max_back_track_time_days": 365,
+  "exclude_merge_branches": [],
+  "tag_resolver": {
+    "method": "semver"
+  },
+  "base_branches": []
+}

docs/guides-getting-started.md

@@ -15,7 +15,6 @@ Uncomment the relevant line in the next steps to enable this.
 
 ### Option 1: Install from chart repository
 
-**Note:** No chart repository is yet available. See [Issue #105](https://github.com/external-secrets/external-secrets/issues/105) for details.
 ``` bash
 helm repo add external-secrets https://charts.external-secrets.io