chore(ci): Add releaser

Author: vmercierfr

.github/workflows/release.yaml

@@ -0,0 +1,65 @@
+---
+name: build
+run-name: building and publishing new release
+on:  # yamllint disable-line rule:truthy
+  push:
+    # run only against tags
+    tags:
+      - "*"
+permissions:
+  contents: write  # allows the action to create a Github release
+  id-token: write  # This is required for requesting the AWS JWT
+
+jobs:
+  build-publish:
+    runs-on: ubuntu-latest
+    steps:
+      - name: Checkout repository
+        uses: actions/checkout@v4
+        with:
+          fetch-depth: 0
+
+      - name: Configure AWS credentials
+        uses: aws-actions/configure-aws-credentials@v4
+        with:
+          aws-region: us-east-1  # ECR Public can only be logged into from the us-east-1 region
+          role-to-assume: arn:aws:iam::202662887508:role/ecr-postgresql-partition-manager
+          role-session-name: githubActions
+
+      - name: Login to Amazon ECR
+        id: login-ecr-public
+        uses: aws-actions/amazon-ecr-login@v2
+        with:
+          registry-type: public
+
+      - run: git fetch --force --tags
+
+      - uses: actions/setup-go@v5
+        with:
+          go-version: stable
+
+      - name: Set up QEMU for ARM64 build
+        uses: docker/setup-qemu-action@v3
+
+      - uses: goreleaser/goreleaser-action@v5
+        with:
+          distribution: goreleaser
+          version: latest
+          args: release --clean
+        env:
+          GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
+
+      - name: Configure AWS credentials for helm chart
+        uses: aws-actions/configure-aws-credentials@v4
+        with:
+          aws-region: us-east-1  # ECR Public can only be logged into from the us-east-1 region
+          role-to-assume: arn:aws:iam::202662887508:role/ecr-postgresql-partition-manager-chart
+          role-session-name: githubActions
+
+      - name: Login to Amazon ECR for helm chart
+        uses: aws-actions/amazon-ecr-login@v2
+        with:
+          registry-type: public
+
+      - name: Helm release
+        run: make helm-release

Makefile

@@ -4,6 +4,9 @@ BUILD_DATE=$(shell date -u +'%Y-%m-%dT%H:%M:%SZ')
 GIT_COMMIT_SHA=$(shell git rev-parse HEAD)
 BINARY=postgresql-partition-manager
 ARCHITECTURE=$(shell uname -m)
+HELM_CHART_NAME=postgresql-partition-manager-chart
+RELEASE_VERSION=$(shell jq .tag dist/metadata.json)
+AWS_ECR_PUBLIC_ORGANIZATION=qonto
 
 all: build
 
@@ -31,6 +34,10 @@ bats-test:
 helm-test:
 	helm unittest configs/helm
 
+.PHONY: helm-release
+helm-release:
+	./scripts/helm-release.sh $(HELM_CHART_NAME) configs/helm $(RELEASE_VERSION) $(AWS_ECR_PUBLIC_ORGANIZATION)
+
 .PHONY: kubeconform-test
 kubeconform-test:
 	./scripts/kubeconform-test.sh configs/helm

scripts/helm-release.sh

@@ -0,0 +1,70 @@
+#!/bin/bash
+
+# Build and release helm chart if the version does not already exists in the specified AWS ECR public repository
+
+CHART_NAME=$1
+CHART_DIRECTORY=$2
+RELEASE_VERSION=$3
+REPOSITORY=$4
+
+usage() {
+    echo "Usage: $0 <chart_name> <chart_directory> <release_version> <AWS_ECR_public_repository>"
+    exit 1
+}
+
+check_parameters() {
+    if [ -z $CHART_NAME ];
+    then
+        echo "ERROR: Chart name must be specified"
+        usage
+    fi
+
+    if [ -z $CHART_DIRECTORY ];
+    then
+        echo "ERROR: Chart directory must be specified"
+        usage
+    fi
+
+    if [ -z $RELEASE_VERSION ];
+    then
+        echo "ERROR: Release version must be specified"
+        usage
+    fi
+
+    if [ -z $REPOSITORY ];
+    then
+        echo "ERROR: Repository must be specified"
+        usage
+    fi
+}
+
+check_version_exists() {
+    AWS_ERROR=$(aws ecr-public describe-images --region us-east-1 --repository-name ${CHART_NAME} --image-ids imageTag=${RELEASE_VERSION} --output json 2>&1 > /dev/null)
+    AWS_EXIT_CODE=$?
+    if [ $AWS_EXIT_CODE -eq 0 ];
+    then
+        echo "Release ${RELEASE_VERSION} already exists in AWS ECR"
+        exit 0
+    elif [ ! $AWS_EXIT_CODE -eq 254 ];
+    then
+        echo "Unexpected error while checking if ${RELEASE_VERSION} version exists: exit code ${AWS_EXIT_CODE}"
+        echo ${AWS_ERROR}
+        exit 1
+    fi
+}
+
+build() {
+    helm package ${CHART_DIRECTORY} --app-version ${RELEASE_VERSION} --version ${RELEASE_VERSION}
+}
+
+publish() {
+    helm push ${CHART_NAME}-${RELEASE_VERSION}.tgz oci://public.ecr.aws/${REPOSITORY}
+}
+
+check_parameters
+check_version_exists
+
+set -x
+
+build
+publish