Merge branch 'jenkinsci:main' into main

Crypto-TII · Feb 9, 2024 · 5e371ea · 5e371ea
2 parents 3e8c45c + 2e461a6
commit 5e371ea
Show file tree

Hide file tree

Showing 58 changed files with 5,160 additions and 3,857 deletions.
diff --git a/.github/PULL_REQUEST_TEMPLATE.md b/.github/PULL_REQUEST_TEMPLATE.md
@@ -12,7 +12,7 @@ If you modified files in the `./charts/jenkins/` directory, please also include
 
 ```[tasklist]
 ### Submitter checklist
-- [ ] I bumped the "version" key in `./charts/jenkins/Chart.yml`.
+- [ ] I bumped the "version" key in `./charts/jenkins/Chart.yaml`.
 - [ ] I added a new changelog entry to `./charts/jenkins/CHANGELOG.md`.
 - [ ] I followed the [technical requirements](https://github.com/jenkinsci/helm-charts/blob/main/CONTRIBUTING.md#technical-requirements).
 ```

diff --git a/.github/dependabot.yml b/.github/dependabot.yml
diff --git a/.github/renovate-config.json5 b/.github/renovate-config.json5
@@ -0,0 +1,81 @@
+{
+  $schema: "https://docs.renovatebot.com/renovate-schema.json",
+  onboarding: false,
+  requireConfig: "ignored",
+  platform: "github",
+  repositories: ["jenkinsci/helm-charts"],
+  // eslint-disable-next-line
+  allowedPostUpgradeCommands: ["^\.github\/renovate-postupgrade\.sh {{{depName}}} {{{newVersion}}}$"],
+  prConcurrentLimit: 0,
+  semanticCommits: "enabled",
+  enabledManagers: [
+    "helm-values",
+    "github-actions",
+    "regex",
+  ],
+  packageRules: [
+    {
+      matchDepNames: ["jenkins/inbound-agent"],
+      versioning: "regex:^(?<major>\\d+)?\\.(?<minor>\\w+?)?_(?<patch>\\w+)?-(?<build>\\d+)?$",
+    },
+    {
+      matchDepNames: ["jenkins/jenkins"],
+      versioning: "regex:^(?<major>\\d+?)\\.(?<minor>\\d+?)\\.(?<patch>\\d+?)(-(?<compatibility>\\w+))?$",
+    },
+    {
+      matchFileNames: ["charts/jenkins/**"],
+      postUpgradeTasks: {
+        commands: [
+          ".github/renovate-postupgrade.sh {{{depName}}} {{{newVersion}}}",
+        ],
+        fileFilters: ["charts/jenkins/**"],
+        executionMode: "branch",
+      },
+    },
+  ],
+  customManagers: [
+    {
+      customType: "regex",
+      fileMatch: ["(^|/)\\.github/workflows/[^/]+\\.ya?ml$", "(^|/)\\.github/[^/]+\\.sh$"],
+      matchStrings: [
+        "# renovate: datasource=(?<datasource>.*?) depName=(?<depName>.*?)( versioning=(?<versioning>.*?))?\\s+?[\\w\\s-]*?version:? (?<currentValue>.*)\\s",
+        "# renovate: datasource=(?<datasource>.*?) depName=(?<depName>.*?)( versioning=(?<versioning>.*?))?\\sENV .*?_VERSION=(?<currentValue>.*)\\s",
+      ],
+    },
+    {
+      customType: "regex",
+      fileMatch: [
+        "^charts/jenkins/Chart.yaml$",
+        "^charts/jenkins/values.yaml$",
+      ],
+      matchStrings: [
+        "appVersion: (?<currentValue>.*?)\\s",
+        'repository: \\"jenkins/jenkins\\"\\s*?# tag: \\"(?<currentValue>.*?)\\"',
+      ],
+      depNameTemplate: "jenkins/jenkins",
+      datasourceTemplate: "docker",
+    },
+    {
+      customType: "regex",
+      fileMatch: ["^charts/jenkins/values.yaml$"],
+      matchStringsStrategy: "recursive",
+      matchStrings: [
+        "installPlugins:[\\s\\w:.-]*?(?:\\r*\\n){2}",
+        "- (?<depName>.*?):(?<currentValue>.*?)\\s",
+      ],
+      datasourceTemplate: "jenkins-plugins",
+      versioningTemplate: "regex:^(?<major>\\d+)?\\.(?<minor>\\w+?)?(\\.(?<patch>\\d+?))?$",
+    },
+    {
+      customType: "regex",
+      fileMatch: ["^charts/jenkins/Chart.yaml$"],
+      matchStringsStrategy: "recursive",
+      matchStrings: [
+        "artifacthub\\.io\\/images: \\|[\\s\\w:.\\/-]*(?:artifacthub)",
+        "image: (?<depName>.*?):(?<currentValue>.*?)\\s",
+      ],
+      datasourceTemplate: "docker",
+      versioningTemplate: "regex:^(?<major>\\d+)?\\.(?<minor>\\w+?)?(_|\\.)(?<patch>\\w+)?(-(?<build>\\d+))?.*",
+    },
+  ],
+}
diff --git a/.github/renovate-entrypoint.sh b/.github/renovate-entrypoint.sh
@@ -0,0 +1,34 @@
+#!/bin/bash
+
+# renovate: datasource=github-tags depName=mikefarah/yq
+export YQ_VERSION=v4.40.5
+
+# renovate: datasource=github-tags depName=helm/helm
+export HELM_VERSION=v3.14.0
+
+# renovate: datasource=github-tags depName=helm-unittest/helm-unittest
+export HELM_UNITTEST_VERSION=v0.3.6
+
+# renovate: datasource=github-tags depName=jenkins-x-plugins/jx-release-version
+export JENKINS_JX_VERSION=v2.7.3
+
+apt update
+
+apt install -y curl git
+
+curl -fsSL -o /tmp/helm.tar.gz https://get.helm.sh/helm-${HELM_VERSION}-linux-amd64.tar.gz
+mkdir -p /tmp/helm && tar -xf /tmp/helm.tar.gz -C /tmp/helm
+mv /tmp/helm/linux-amd64/helm /usr/local/bin/helm
+chmod a+x /usr/local/bin/helm
+
+runuser -u ubuntu -- helm plugin install https://github.com/helm-unittest/helm-unittest --version ${HELM_UNITTEST_VERSION}
+
+curl -fsSL -o /usr/local/bin/yq https://github.com/mikefarah/yq/releases/download/${YQ_VERSION}/yq_linux_amd64
+chmod a+x /usr/local/bin/yq
+
+curl -fsSL -o /tmp/jx-release.tar.gz https://github.com/jenkins-x-plugins/jx-release-version/releases/download/${JENKINS_JX_VERSION}/jx-release-version-linux-amd64.tar.gz
+mkdir -p /tmp/jx && tar -xf /tmp/jx-release.tar.gz -C /tmp/jx
+mv /tmp/jx/jx-release-version /usr/local/bin/jx-release-version
+chmod a+x /usr/local/bin/jx-release-version
+
+runuser -u ubuntu renovate
diff --git a/.github/renovate-postupgrade.sh b/.github/renovate-postupgrade.sh
@@ -0,0 +1,10 @@
+#!/bin/bash
+
+CHARTVERSION="$(jx-release-version -previous-version=from-file:charts/jenkins/Chart.yaml)"
+export CHARTVERSION
+export DEPNAME="$1"
+export NEWVERSION="$2"
+
+helm unittest --strict -f 'unittests/*.yaml' charts/jenkins -u
+yq eval '.version = env(CHARTVERSION)' -i charts/jenkins/Chart.yaml
+sed -i "/git commit to be able to get more details./a \\\n## ${CHARTVERSION}\n\nUpdate \`${DEPNAME}\` to version \`${NEWVERSION}\`" charts/jenkins/CHANGELOG.md
diff --git a/.github/workflows/lint-test.yaml b/.github/workflows/lint-test.yaml
@@ -3,6 +3,9 @@ name: Lint and Test Charts
 
 on: pull_request
 
+permissions:
+  contents: read
+
 jobs:
   lint-test:
     runs-on: ubuntu-latest
@@ -11,31 +14,34 @@ jobs:
       matrix:
         kubernetes_version:
           # See https://kubernetes.io/releases/ for EOL dates
+          - "kindest/node:v1.29.0"
+          - "kindest/node:v1.28.0"
           - "kindest/node:v1.27.2"
           - "kindest/node:v1.26.4"
-          - "kindest/node:v1.25.9"
-          - "kindest/node:v1.24.13"
       fail-fast: false
 
     steps:
       - name: Checkout
-        uses: actions/checkout@v3
+        uses: actions/checkout@v4
         with:
           fetch-depth: 0
 
       - name: Set up Helm
         uses: azure/setup-helm@v3
         with:
+          # renovate: datasource=github-tags depName=helm/helm
           version: v3.12.0
 
       - name: Set up Python
-        uses: actions/setup-python@v4
+        uses: actions/setup-python@v5
         with:
+          # renovate: datasource=docker depName=python
           python-version: 3.11.4
 
       - name: Set up chart-testing
         uses: helm/chart-testing-action@v2
         with:
+          # renovate: datasource=github-tags depName=helm/chart-testing
           version: v3.8.0
 
       - name: Run chart-testing (list-changed)
@@ -50,13 +56,14 @@ jobs:
         if: steps.list-changed.outputs.changed == 'true'
         run: |
           helm env
-          helm plugin install https://github.com/quintush/helm-unittest --version 0.2.11
+          # renovate: datasource=github-tags depName=helm-unittest/helm-unittest
+          helm plugin install https://github.com/helm-unittest/helm-unittest --version v0.3.6
 
       - name: Run chart-testing (lint)
         run: ct lint --config ct.yaml
 
       - name: Create kind cluster
-        uses: helm/kind-action@v1.7.0
+        uses: helm/kind-action@v1.8.0
         if: steps.list-changed.outputs.changed == 'true'
         with:
           node_image: ${{ matrix.kubernetes_version }}

diff --git a/.github/workflows/linter.yml b/.github/workflows/linter.yml
@@ -2,21 +2,24 @@ name: Lint Code Base
 
 on: pull_request
 
+permissions:
+  contents: read
+
 jobs:
   build:
     name: Lint Code Base
     runs-on: ubuntu-latest
     steps:
       - name: Checkout Code
-        uses: actions/checkout@v3
+        uses: actions/checkout@v4
         with:
           fetch-depth: 0
       - name: Lint Code Base
-        uses: github/super-linter@v4
+        uses: super-linter/super-linter@v6.0.0
         env:
           VALIDATE_ALL_CODEBASE: true
-          VALIDATE_JSCPD: false
-          VALIDATE_KUBERNETES_KUBEVAL: false
+          VALIDATE_KUBERNETES_KUBECONFORM: false
+          VALIDATE_GITLEAKS: false
           VALIDATE_YAML: false
           DEFAULT_BRANCH: main
           GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
diff --git a/.github/workflows/release.yaml b/.github/workflows/release.yaml
@@ -4,13 +4,18 @@ on:
   push:
     branches:
       - main
+    paths:
+      - 'charts/**'
+
+permissions:
+  contents: write
 
 jobs:
   release:
     runs-on: ubuntu-latest
     steps:
       - name: Checkout
-        uses: actions/checkout@v3
+        uses: actions/checkout@v4
         with:
           fetch-depth: 0
 
@@ -24,7 +29,95 @@ jobs:
         with:
           version: v3.12.0
 
+      - name: Retrieve version from Chart.yaml
+        id: chart_version
+        run: |
+          echo "version=$(yq '.version' charts/jenkins/Chart.yaml)" >> "${GITHUB_OUTPUT}"
+
+      - name: Extract version changelog
+        id: version_changelog
+        env:
+          VERSION: ${{ steps.chart_version.outputs.version }}
+        run: |
+          changelog=$(awk -v version="${VERSION}" '
+          /^(##|###) [0-9]+.[0-9]+.[0-9]+/ {
+              if (p) { exit };
+              if ($2 == version) {
+                  p = 1; next
+              }
+          } p
+          ' charts/jenkins/CHANGELOG.md)
+
+          delimiter="$(openssl rand -hex 8)"
+          # shellcheck disable=SC2129
+          echo "changelog<<${delimiter}" >> "${GITHUB_OUTPUT}"
+          echo "${changelog}" >> "${GITHUB_OUTPUT}"
+          echo "${delimiter}" >> "${GITHUB_OUTPUT}"
+
+      - name: Annotate Chart.yaml with current version changelog
+        if: steps.version_changelog.outputs.changelog != ''
+        env:
+          CHANGELOG: ${{ steps.version_changelog.outputs.changelog }}
+        run: |
+          # Changelog sanitation
+          # shellcheck disable=SC2016
+          proper_changelog=$(echo "${CHANGELOG}" \
+          | grep -v '^$' `# remove empty lines` \
+          | grep -v '^|' `# remove table lines` \
+          | iconv -c -f utf8 -t ascii `# remove non ascii characters like emoji` \
+          | sed 's/^/- /' `# add a dash in front of every line` \
+          | sed 's/  / /') # double spaces
+
+          # Add new line to ensure scalar value in Chart.yaml
+          printf -v change '%s\n' "${proper_changelog}"
+
+          # Update chart annotations using strenv operator (https://mikefarah.gitbook.io/yq/operators/string-operators#string-blocks-bash-and-newlines)
+          CHANGE="${change}" yq --inplace ".annotations.\"artifacthub.io/changes\" = strenv(CHANGE)" charts/jenkins/Chart.yaml
+
+      - name: Show updated Chart.yaml
+        run: |
+          yq charts/jenkins/Chart.yaml
+
       - name: Run chart-releaser
-        uses: helm/[email protected]
+        id: chart_releaser
+        uses: helm/[email protected]
         env:
           CR_TOKEN: "${{ secrets.GITHUB_TOKEN }}"
+
+      - name: Retrieve release info
+        id: release_info
+        if: steps.chart_releaser.outputs.changed_charts != ''
+        env:
+          LAST_TAG: "jenkins-${{ steps.chart_version.outputs.version }}"
+          REPOSITORY: ${{ github.repository }}
+        run: |
+          release=$(curl -L "https://api.github.com/repos/${REPOSITORY}/releases/tags/${LAST_TAG}")
+
+          echo "id=$(echo "${release}" | jq '.id')" >> "${GITHUB_OUTPUT}"
+
+          delimiter="$(openssl rand -hex 8)"
+          # shellcheck disable=SC2129
+          echo "body<<${delimiter}" >> "${GITHUB_OUTPUT}"
+          echo "${release}" | jq --raw-output '.body' >> "${GITHUB_OUTPUT}"
+          echo "${delimiter}" >> "${GITHUB_OUTPUT}"
+
+      - name: Update release description
+        id: update_release
+        if: steps.chart_releaser.outputs.changed_charts != ''
+        uses: actions/github-script@v7
+        env:
+          ID: ${{ steps.release_info.outputs.id }}
+          BODY: ${{steps.release_info.outputs.body}}
+          CHANGELOG: ${{steps.version_changelog.outputs.changelog}}
+        with:
+          script: |
+            try {
+              await github.rest.repos.updateRelease({
+                release_id: process.env.ID,
+                owner: context.repo.owner,
+                repo: context.repo.repo,
+                body: process.env.BODY + "\r\n\r\n## Changelog" + process.env.CHANGELOG,
+              });
+            } catch (error) {
+              core.setFailed(error.message);
+            }
diff --git a/.github/workflows/renovate.yaml b/.github/workflows/renovate.yaml
@@ -0,0 +1,33 @@
+name: Renovate
+on:
+  schedule:
+    - cron: "0/15 * * * *"
+  workflow_dispatch:
+
+permissions:
+  contents: write
+  pull-requests: write
+
+jobs:
+  renovate:
+    runs-on: ubuntu-latest
+    steps:
+      - name: Get token
+        id: get_token
+        uses: tibdex/github-app-token@v2
+        with:
+          app_id: ${{ secrets.JENKINS_DEPENDENCY_UPDATER_APP_ID }}
+          private_key: ${{ secrets.JENKINS_DEPENDENCY_UPDATER_PRIVATE_KEY }}
+
+      - name: Checkout
+        uses: actions/checkout@v4
+
+      - name: Self-hosted Renovate
+        uses: renovatebot/[email protected]
+        with:
+          token: "${{ steps.get_token.outputs.token }}"
+          docker-cmd-file: .github/renovate-entrypoint.sh
+          docker-user: root
+          configurationFile: .github/renovate-config.json5
+        env:
+          LOG_LEVEL: 'debug'