From b2ec62a3d1d8fd91d45205767914af00d71ab2d7 Mon Sep 17 00:00:00 2001
From: Krisztian Litkey <krisztian.litkey@intel.com>
Date: Fri, 16 Feb 2024 09:35:27 +0200
Subject: [PATCH] WiP: test publishing unstable charts to image registry.

---
 .github/workflows/package-helm.yaml | 31 +++++++++++++++++------------
 scripts/build/helm-publisher.sh     | 29 ++++++++++++---------------
 2 files changed, 31 insertions(+), 29 deletions(-)

diff --git a/.github/workflows/package-helm.yaml b/.github/workflows/package-helm.yaml
index 42969102e..526d36127 100644
--- a/.github/workflows/package-helm.yaml
+++ b/.github/workflows/package-helm.yaml
@@ -11,6 +11,9 @@ env:
   CHARTS_DIR: deployment/helm/
   IS_RELEASE: ${{ startsWith(github.ref, 'refs/tags/v') && 'true' || 'false' }}
   UNSTABLE_CHARTS: unstable-helm-charts
+  REGISTRY: ghcr.io
+  REGISTRY_USER: ${{ github.repository_owner }}
+  REGISTRY_PATH: ${{ github.repository }}
 
 jobs:
   release:
@@ -50,6 +53,7 @@ jobs:
     if: ${{ github.env.IS_RELEASE != 'true' }}
     permissions:
       contents: write
+      packages: write
     runs-on: ubuntu-latest
     steps:
       - name: Deep Checkout
@@ -61,6 +65,7 @@ jobs:
         uses: azure/setup-helm@v4.0.0
 
       - name: Package Unstable Helm Charts
+        id: package-charts
         run: |
           # Derive unstable chart version: use latest tag +1 patch + -unstable
           # Image tag is 'unstable'.
@@ -69,40 +74,40 @@ jobs:
           patch=${majminpatch##*.}
           CHART_VERSION="${majmin}.$((patch+1))-unstable"
           APP_VERSION=unstable
+          echo "CHART_VERSION=$CHART_VERSION" >> $GITHUB_OUTPUT
           # Package charts
           find "$CHARTS_DIR" -name values.yaml | xargs -I '{}' \
               sed -e s"/pullPolicy:.*/pullPolicy: IfNotPresent/" -i '{}'
           helm package --version "$CHART_VERSION" --app-version $APP_VERSION "$CHARTS_DIR"/*
           find "$CHARTS_DIR" -name values.yaml | xargs -I '{}' \
               git checkout '{}'
-          # Create empty worktree, and populate it with unstable charts.
-          git worktree add --orphan ../$UNSTABLE_CHARTS
+          mkdir ../$UNSTABLE_CHARTS
           find . -name '*.tgz' -print | while read SRC_FILE; do
             DEST_FILE=$(echo $SRC_FILE | sed 's/v/helm-chart-v/g')
             mv -v $SRC_FILE ../$UNSTABLE_CHARTS/$DEST_FILE
           done
-          # Commit unstable charts to empty worktree.
-          pushd ../$UNSTABLE_CHARTS
-          git config user.name "Github Actions"
-          git config user.email "no-reply@github.com"
-          git add *helm-chart*.tgz
-          git commit -s -m "$UNSTABLE_CHARTS: package $CHART_VERSION."
+
+      - name: Log in to registry
+        run: |
+          echo "${{ secrets.GITHUB_TOKEN }}" | \
+              helm registry login ${{ env.REGISTRY }}/${{ env.REGISTRY_PATH }} -u ${{ env.REGISTRY_USER }} --password-stdin
 
       - name: Push Unstable Helm Charts
-        shell: bash
         env:
-          GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
+          CHART_VERSION: ${{ steps.package-charts.outputs.CHART_VERSION }}
+        shell: bash         
         run: |
           # We only publish unstable Helm charts from main. Therefore cleaning up any
           # old unstable chart instances happens by forcibly overwriting the dedicated
           # branch with the new content.
           pushd ../$UNSTABLE_CHARTS
-          git push --force https://${GITHUB_ACTOR}:${GITHUB_TOKEN}@github.com/${GITHUB_REPOSITORY}.git refs/heads/$UNSTABLE_CHARTS
+          for i in ./*.tgz; do
+              helm --push $i oci://${{ env.REGISTRY }}/${{ env.REGISTRY_PATH }}
+          done
           popd
-          git worktree remove --force ../$UNSTABLE_CHARTS
 
       - name: Update Helm Repo Index
-        run: ./scripts/build/helm-publisher.sh --unstable
+        run: ./scripts/build/helm-publisher.sh --unstable ../$UNSTABLE_CHARTS
         shell: bash
 
       - name: Push Updated Helm Repo Index
diff --git a/scripts/build/helm-publisher.sh b/scripts/build/helm-publisher.sh
index a575d021b..60eeff29c 100755
--- a/scripts/build/helm-publisher.sh
+++ b/scripts/build/helm-publisher.sh
@@ -8,7 +8,7 @@ updates=""
 git checkout gh-pages
 
 # Check if Helm release assets were found
-if [ "$@" != "--unstable" ]; then
+if [ "$1" != "--unstable" ]; then
     # Verify if the release assets include Helm chart packages. If they do,
     # we can proceed with updating the index.yaml file, otherwise throw an error.
     charts_urls=$(echo "$browser_download_url" | grep '.*helm-chart-.*.tgz')
@@ -34,21 +34,18 @@ if [ "$@" != "--unstable" ]; then
        exit 1
     fi
 else
-    UNSTABLE_CHARTS=unstable-helm-charts
-    git worktree add ../$UNSTABLE_CHARTS origin/$UNSTABLE_CHARTS
-    for chart in ../$UNSTABLE_CHARTS/*-unstable.tgz; do
-        if [ ! -e "$chart" ]; then
-            continue
-        fi
-        chart="${chart##*/}"
-        cp ../$UNSTABLE_CHARTS/$chart .
-        base_url=https://github.com/${GITHUB_REPOSITORY}/raw/unstable-helm-charts/
-        if ! helm repo index . --url "$base_url" --merge "$index_file"; then
-            echo "Failed to update "$index_file" for: $base_url"
-        fi
-        rm $chart
-        updates=true
-    done
+    UNSTABLE_CHARTS="$2"
+    if [ -z "$UNSTABLE_CHARTS" -o ! -d "$UNSTABLE_CHARTS" ]; then
+        echo "Failed to update $index_file, chart directory not given or non-existent"
+        exit 1
+    fi
+    pushd $UNSTABLE_CHARTS
+    base_url="oci://$REGISTRY/$REGISTRY_PATH"
+    if ! helm repo index . --url "$base_url" --merge "$index_file"; then
+        echo "Failed to update "$index_file" for: $base_url"
+    fi
+    popd
+    updates=true
     commit_msg="Update Helm index for unstable Helm charts"
 fi