Skip to content

feat: Helm chart release syncronization #5187

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Open
wants to merge 1 commit into
base: main
Choose a base branch
from
Open

feat: Helm chart release syncronization #5187

wants to merge 1 commit into from

Conversation

casibbald
Copy link
Collaborator

PR: Unified Helm Chart Release Synchronization

Summary

This PR implements a unified, automated release process that synchronizes Helm chart releases with the main application releases. It removes legacy, conflicting workflows and consolidates release steps into a single, controlled pipeline.

Unified Release Workflow

The new workflow orchestrates all release components in a coordinated manner:

flowchart TD
    A[Push to main] --> B[Release-Please Action]
    B --> C{Release Created?}
    C -->|No| D[Exit - No Release]
    C -->|Yes| E[Validate Versions]
    
    E --> F{Versions Match?}
    F -->|No| G[Fail with Error]
    F -->|Yes| H[Build & Push Images]
    F -->|Yes| I[Publish NPM Package]
    F -->|Yes| J[Run GoReleaser]
    
    H --> K[Package Helm Chart]
    K --> L[Push Chart to OCI Registry]
    L --> M[Sign Chart with Cosign]
    M --> N[Verify Chart Signature]
    
    I --> O[Create Release Summary]
    J --> O
    N --> O
    
    O --> P[Complete - All Components Released]
    
    style E fill:#e1f5fe
    style F fill:#fff3e0
    style O fill:#e8f5e8
    style P fill:#c8e6c9
Loading

Key Validation Steps

  1. Version Synchronization Check: Ensures all components have matching versions:

    • Application version: v0.39.0-rc.2
    • Chart appVersion: v0.39.0-rc.2 (matches app)
    • Chart version: 0.39.0-rc.2 (app version without 'v' prefix)
    • Image tag: v0.39.0-rc.2 (matches app)

  2. Chart Validation: Helm lint and packaging verification before push

  3. Security: Chart signing with Cosign and signature verification

Release Components

The unified workflow releases all components atomically:

  • Application Binaries: Built and released via GoReleaser
  • Container Images: Multi-arch builds pushed to ghcr.io/weaveworks/wego-app
  • Helm Chart: Packaged and pushed to ghcr.io/weaveworks/charts (OCI format)
  • NPM Package: Published to GitHub Packages under @weaveworks scope

Changes

  • Added .github/workflows/unified-release.yaml to orchestrate releases end-to-end:
    • Release-please driven versioning
    • Version synchronization validation (app, chart appVersion, chart version, image tag)
    • Build and push container images
    • Package and push Helm chart (OCI) with signing and verification
    • Publish NPM package
    • Create release summary
  • Updated release-please-config.json:
    • Removed contradictory charts exclusion
    • Added structured YAML extra-file updates for Chart.yaml and values.yaml
    • Disabled separate-pull-requests to ensure atomic, unified releases
    • Removed separate chart package entry (single manifest source)
  • Updated .release-please-manifest.json to a single version entry
  • Updated .github/workflows/prepare-release.yaml:
    • Replaced manual chart updates with informational notice (now automated)
  • Removed legacy workflows:
    • .github/workflows/helm.yaml (disabled and then removed)
    • .github/workflows/release-please.yaml (legacy; removed)
  • Synchronized chart metadata:
    • charts/gitops-server/Chart.yaml version set to match the app version without the v prefix
  • Removed emojis and non-ASCII characters from workflow outputs to comply with repository standards

Scope

  • CI/CD workflows, release configuration, and chart metadata automation only.
  • No application (Go/TS) source code changes.

Motivation

  • Eliminate desynchronization between application and Helm chart releases
  • Support prerelease (RC) flows end-to-end
  • Reduce manual steps and failure risk
  • Provide a single source of truth for release automation

Testing

  • YAML validated via loader
  • Helm chart linted: helm lint charts/gitops-server/
  • grep check for non-ASCII characters in workflows: none found
  • Local validation of version update logic and packaging paths

Risks & Mitigations

  • Risk: First unified release may fail due to environment differences
    • Mitigation: Clear error messages, version validation, and actionable logs
  • Risk: OCI push/signing or NPM publish failures
    • Mitigation: Step isolation; failure does not corrupt versioning

Release Notes

  • Introduces unified release pipeline for synchronized Helm chart and application releases
  • Adds automated version synchronization and validation
  • Deprecates legacy release workflows

@casibbald casibbald requested a review from erikgb September 1, 2025 08:46
@casibbald casibbald force-pushed the helm-chart-release-syncronization branch 2 times, most recently from 9334cdb to 98dc50b Compare September 1, 2025 08:49
@casibbald
feat: implement unified release system for Helm chart synchronization
7527d5d 
- Fix release-please configuration contradictions
- Remove charts from exclude-paths, add structured extra-files
- Disable separate-pull-requests for unified releases
- Create unified-release.yaml workflow with version validation
- Disable legacy helm.yaml and release-please.yaml workflows
- Update chart version to sync with app version (0.39.0-rc.2)
- Remove manual chart updates from prepare-release.yaml
- Add comprehensive documentation for new release system

Resolves Helm chart release synchronization issues:
- Eliminates version misalignment between app and chart
- Supports prerelease versions (RC) automatically
- Provides single source of truth for all releases
- Includes validation and error handling
- Keep messaging clear and consistent
- Keep messaging clear and consistent
@casibbald casibbald force-pushed the helm-chart-release-syncronization branch from 98dc50b to 7527d5d Compare September 1, 2025 08:52
@casibbald casibbald changed the title Helm chart release syncronization feat: Helm chart release syncronization Sep 1, 2025
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@erikgb erikgb Awaiting requested review from erikgb

At least 1 approving review is required to merge this pull request.

Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
1 participant
@casibbald