Make it magical

michi-covalent · michi-covalent · commit 1e7d4472e2fd · 2024-05-01T22:51:10.000Z
Signed-off-by: Michi Mutsuzaki &lt;michi@isovalent.com&gt;
diff --git a/.github/workflows/generate-cilium-chart.yaml b/.github/workflows/generate-cilium-chart.yaml
@@ -0,0 +1,29 @@
+on:
+  pull_request: {}
+
+name: Generate Cilium Helm chart
+
+jobs:
+  build:
+    env:
+      # Just imagine this version comes from somewhere.
+      VERSION: v1.16.0-pre.1
+    name: Generate Cilium Helm chart
+    runs-on: ubuntu-22.04
+    steps:
+      - name: Checkout code
+        uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 # v4.1.1
+
+      # Top level Makefile.defs runs go. struggle.
+      - name: Set up Go
+        uses: actions/setup-go@0c52d547c9bc32b1aa3301fd7a9cb496313a4491 # v5.0.0
+        with:
+          go-version: 1.22.2
+
+      - name: Generate Cilium Helm chart
+        run: |
+          git config user.email "noreply@cilium.io"
+          git config user.name "Cilium Bot"
+          ./magical-script.sh "${VERSION}"
+          helm inspect chart cilium-"${VERSION:1}".tgz
+          git show
diff --git a/magical-script.sh b/magical-script.sh
@@ -0,0 +1,48 @@
+#!/usr/bin/env bash
+
+set -ex
+shopt -s expand_aliases
+
+DOCKER=${DOCKER:-docker}
+
+cosign() {
+  "${DOCKER}" run --rm gcr.io/projectsigstore/cosign:v2.2.4 "$@"
+}
+
+helm() {
+  "${DOCKER}" run --user "$(id -u):$(id -g)" --rm -v "$(pwd)":/apps alpine/helm:3.12.0 "$@"
+}
+
+jq () {
+  "${DOCKER}" run --rm -i ghcr.io/jqlang/jq:1.7.1 "$@"
+}
+
+CWD=$(git rev-parse --show-toplevel)
+version=$1
+semver="${version:1}"
+chart_dir="cilium/install/kubernetes"
+rm -rf cilium
+git clone --depth 1 --branch "$version" https://github.com/cilium/cilium.git
+cd "${chart_dir}" || exit
+grep export < Makefile.digests | while IFS= read -r line; do
+  variable_name=$(echo "$line" | cut -d ' ' -f 2)
+  image=$(echo "$variable_name" | sed -e "s/_DIGEST$//" | tr '[:upper:]' '[:lower:]' | tr '_' '-')
+  digest=$(cosign verify --certificate-github-workflow-repository cilium/cilium \
+    --certificate-oidc-issuer https://token.actions.githubusercontent.com \
+    --certificate-github-workflow-name "Image Release Build" \
+    --certificate-github-workflow-ref "refs/tags/${version}" \
+    --certificate-identity "https://github.com/cilium/cilium/.github/workflows/build-images-releases.yaml@refs/tags/${version}" \
+    "quay.io/cilium/${image}:${version}" 2>/dev/null | jq '.[].critical.image.["docker-manifest-digest"]')
+  echo "export $variable_name := $digest" >> Makefile.digests.tmp
+done
+mv Makefile.digests.tmp Makefile.digests
+# TODO i don't want to have to specify CILIUM_BRANCH. struggle.
+make RELEASE=yes CILIUM_BRANCH=main CILIUM_VERSION="${version}"
+git --no-pager diff
+helm package cilium
+cd -
+helm repo index --merge index.yaml cilium/install/kubernetes
+mv "${chart_dir}"/cilium-"${semver}".tgz "${chart_dir}"/index.yaml "${CWD}"
+./generate_readme.sh > README.md
+git add README.md index.yaml cilium-"${semver}".tgz
+git commit -s -m "Add cilium $version@$(cd cilium; git rev-parse HEAD) ⎈"
