From 43bbdaf5795e6583522f9bc3c70f192b64fac048 Mon Sep 17 00:00:00 2001 From: "Sam Wang (holyspectral)" Date: Fri, 29 May 2026 14:09:46 -0400 Subject: [PATCH] feat: bump versions using updatecli --- .github/workflows/update-charts.yml | 25 +++ updatecli/updatecli-compose.release.yaml | 6 + .../bump-helm-chart-version.yaml | 190 ++++++++++++++++++ updatecli/values.yaml | 7 + 4 files changed, 228 insertions(+) create mode 100644 .github/workflows/update-charts.yml create mode 100644 updatecli/updatecli-compose.release.yaml create mode 100644 updatecli/updatecli.release.d/bump-helm-chart-version.yaml create mode 100644 updatecli/values.yaml diff --git a/.github/workflows/update-charts.yml b/.github/workflows/update-charts.yml new file mode 100644 index 000000000..d718d0830 --- /dev/null +++ b/.github/workflows/update-charts.yml @@ -0,0 +1,25 @@ +name: Update helm charts +on: + workflow_dispatch: +jobs: + update-helm-charts: + name: Update neuvector charts + runs-on: ubuntu-latest + permissions: + contents: write # for updatecli to update the repository + pull-requests: write # for updatecli to create a PR + steps: + - name: Checkout + uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2 + with: + persist-credentials: false + + - name: Install Updatecli in the runner + uses: updatecli/updatecli-action@e71be7554f3f940bc439cf720b3e4e379823c562 # v3.2.0 + + - name: Update neuvector charts + env: + UPDATECLI_GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} + UPDATECLI_GITHUB_OWNER: ${{ github.repository_owner }} + UPDATECLI_GITHUB_BRANCH: ${{ github.ref_name }} + run: "updatecli compose apply --file updatecli/updatecli-compose.release.yaml" diff --git a/updatecli/updatecli-compose.release.yaml b/updatecli/updatecli-compose.release.yaml new file mode 100644 index 000000000..0848716d8 --- /dev/null +++ b/updatecli/updatecli-compose.release.yaml @@ -0,0 +1,6 @@ +policies: + - name: Update Helm Chart + config: + - "updatecli.release.d" + values: + - values.yaml diff --git a/updatecli/updatecli.release.d/bump-helm-chart-version.yaml b/updatecli/updatecli.release.d/bump-helm-chart-version.yaml new file mode 100644 index 000000000..9f96b8fce --- /dev/null +++ b/updatecli/updatecli.release.d/bump-helm-chart-version.yaml @@ -0,0 +1,190 @@ +name: Update neuvector chart versions + +sources: + # core and crd share exactly the same version + chartVersion: + name: "Get latest neuvector helm version" + kind: yaml + transformers: + - semverinc: patch + spec: + file: charts/core/Chart.yaml + key: $.version + appVersion: + name: "Get latest neuvector version" + kind: githubrelease + transformers: + - trimPrefix: "v" + spec: + owner: '{{ requiredEnv .github.owner }}' + repository: neuvector + token: '{{ requiredEnv .github.token }}' + versionfilter: + kind: "regex" + pattern: "^v5\\.4\\.\\d+$" + monitorVersion: + name: "Get latest prometheus-exporter version" + kind: githubrelease + transformers: + - trimPrefix: "v" + spec: + owner: '{{ requiredEnv .github.owner }}' + repository: prometheus-exporter + token: '{{ requiredEnv .github.token }}' + versionfilter: + kind: "semver" + complianceVersion: + name: "Get latest compliance-config version" + kind: yaml + transformers: + - semverinc: patch + spec: + file: charts/core/values.yaml + key: $.controller.prime.image.tag + adapterVersion: + name: "Get latest adapter version" + kind: githubrelease + transformers: + - trimPrefix: "v" + spec: + owner: '{{ requiredEnv .github.owner }}' + repository: registry-adapter + token: '{{ requiredEnv .github.token }}' + versionfilter: + kind: "semver" + updaterVersion: + name: "Get latest updater version" + kind: githubrelease + transformers: + - trimPrefix: "v" + spec: + owner: '{{ requiredEnv .github.owner }}' + repository: updater + token: '{{ requiredEnv .github.token }}' + versionfilter: + kind: "semver" + +scms: + default: + kind: github + spec: + user: "{{ .github.author }}" + email: "{{ .github.email }}" + directory: "/tmp/helm-charts" + owner: "{{ requiredEnv .github.owner }}" + repository: "neuvector-helm" + token: "{{ requiredEnv .github.token }}" + username: "{{ requiredEnv .github.user }}" + branch: "{{ requiredEnv .github.branch }}" + commitusingapi: true + commitmessage: + type: "chore" + title: "update neuvector helm charts" + hidecredit: true + footers: "Signed-off-by: NeuVector bot " + +actions: + default: + title: 'chore: helm chart {{ source "chartVersion" }} release' + kind: github/pullrequest + scmid: default + spec: + automerge: false + mergemethod: squash + description: | + Automatic Helm chart {{ source "chartVersion" }} update. + This PR has been created by the automation used to automatically update the Helm charts when neuvector is released or helm chart content is updated. + REMEMBER IF YOU WANT TO MERGE IN A SINGLE COMMIT CHANGES AND VERSION BUMP, YOU MUST SQUASH THE COMMIT BEFORE MERGING THIS PR! + draft: false + labels: + - "chore" + +targets: + update_core_version: + scmid: default + name: update Helm chart version + kind: yaml + sourceid: chartVersion + spec: + file: charts/core/Chart.yaml + key: $.version + update_core_appversion: + scmid: default + name: update Helm chart appVersion + kind: yaml + sourceid: appVersion + spec: + file: charts/core/Chart.yaml + key: $.appVersion + update_nv_tag: + scmid: default + name: update NV tag + kind: yaml + sourceid: appVersion + spec: + file: charts/core/values.yaml + key: $.tag + update_compliance_config_tag: + scmid: default + name: update compliance tag + kind: yaml + sourceid: complianceVersion + spec: + file: charts/core/values.yaml + key: $.controller.prime.image.tag + update_adapter_tag: + scmid: default + name: update adapter tag + kind: yaml + sourceid: adapterVersion + spec: + file: charts/core/values.yaml + key: $.cve.adapter.image.tag + update_updater_tag: + scmid: default + name: update updater tag + kind: yaml + sourceid: updaterVersion + spec: + file: charts/core/values.yaml + key: $.cve.updater.image.tag + update_crd_version: + scmid: default + name: update Helm chart version + kind: yaml + sourceid: chartVersion + spec: + file: charts/crd/Chart.yaml + key: $.version + update_crd_appversion: + scmid: default + name: update Helm chart appVersion + kind: yaml + sourceid: appVersion + spec: + file: charts/crd/Chart.yaml + key: $.appVersion + update_monitor_version: + scmid: default + name: update Helm chart version + kind: yaml + sourceid: chartVersion + spec: + file: charts/monitor/Chart.yaml + key: $.version + update_monitor_appversion: + scmid: default + name: update Helm chart appVersion + kind: yaml + sourceid: monitorVersion + spec: + file: charts/monitor/Chart.yaml + key: $.appVersion + update_monitor_tag: + scmid: default + name: update prometheus exporter tag + kind: yaml + sourceid: monitorVersion + spec: + file: charts/monitor/values.yaml + key: $.exporter.image.tag diff --git a/updatecli/values.yaml b/updatecli/values.yaml new file mode 100644 index 000000000..a7777638c --- /dev/null +++ b/updatecli/values.yaml @@ -0,0 +1,7 @@ +github: + owner: "UPDATECLI_GITHUB_OWNER" + token: "UPDATECLI_GITHUB_TOKEN" + branch: "UPDATECLI_GITHUB_BRANCH" + author: "NeuVector bot" + user: "UPDATECLI_GITHUB_OWNER" + email: "neuvector-bot@users.noreply.github.com"