fix(ci): improve workflows (#959)

🤖 Split up helm chart workflows

The following patch adapts the CI workflows. The worflows has been splitted into
dedicated parts. For example the `helm template` and `helm unittest` command is
now a seperate step to notice that a change affects the template mechanism but
not the unittest. This was priviously not possible, because both commands were
part of one step.

🤖 Changelog Issue

Additionally has the changelog workflow be improved. The shell commands has
been migrated to a dedicated file named `.gitea/scripts/changelog.sh`. This has
the advantage, that the shellcheck plugin of IDE's support developers by
developing such shell scripts. Furthermore, the used container image has been
replaced by the ubuntu:latest image of the act_runner. This make it more
comfortable in using `curl` or `jq`, because the complete set of features/flags
are
avialable instead of the previously used container image
`docker.io/thegeeklab/git-sv:2.0.5`. Final note to the shell script
`changelog.sh`, this can now be executed locally as well as on ARM-based
act_runners and helps to test the helm chart in own Gitea environments
beforehand.

🤖 Markdown linter

In addition, a new workflow for markdown files has now been introduced. This
checks the `README.md` file for links, ensures that it is properly formatted,
and verifies that the parameters match those in `values.yaml`. Here, too, the
commands have been outsourced to separate jobs so that more precise interaction
is possible in the event of an error.

⚠️ Warning

This patch also requires an adjustment in branch protection. There, the
workflows that must be successful before a merge must be redefined.

Reviewed-on: https://gitea.com/gitea/helm-gitea/pulls/959
Reviewed-by: Lunny Xiao <xiaolunwen@gmail.com>
Co-authored-by: Markus Pesch <markus.pesch@cryptic.systems>
Co-committed-by: Markus Pesch <markus.pesch@cryptic.systems>

.gitea/workflows/changelog.yml

@@ -1,32 +0,0 @@
-name: changelog
-
-on:
-  push:
-    branches:
-      - main
-
-jobs:
-  changelog:
-    runs-on: ubuntu-latest
-    container: docker.io/thegeeklab/git-sv:2.0.5
-    steps:
-      - name: install tools
-        run: |
-          apk add -q --update --no-cache nodejs curl jq sed
-      - uses: actions/checkout@v5
-        with:
-          fetch-depth: 0
-      - name: Generate upcoming changelog
-        run: |
-          git sv rn -o changelog.md
-          export RELEASE_NOTES=$(cat changelog.md)
-          export ISSUE_NUMBER=$(curl -s "https://gitea.com/api/v1/repos/gitea/helm-gitea/issues?state=open&q=Changelog%20for%20upcoming%20version" | jq '.[].number')
-
-          echo $RELEASE_NOTES
-          JSON_DATA=$(echo "" | jq -Rs --arg title 'Changelog for upcoming version' --arg body "$(cat changelog.md)" '{title: $title, body: $body}')
-
-          if [ -z "$ISSUE_NUMBER" ]; then
-            curl -s -X POST "https://gitea.com/api/v1/repos/gitea/helm-gitea/issues" -H "Authorization: token ${{ secrets.ISSUE_RW_TOKEN }}" -H "Content-Type: application/json" -d "$JSON_DATA"
-          else
-            curl -s -X PATCH "https://gitea.com/api/v1/repos/gitea/helm-gitea/issues/$ISSUE_NUMBER" -H "Authorization: token ${{ secrets.ISSUE_RW_TOKEN }}" -H "Content-Type: application/json" -d "$JSON_DATA"
-          fi

.gitea/workflows/commitlint.yml

@@ -1,19 +1,17 @@
-name: commitlint
+name: Rum commitlint
 
 on:
   pull_request:
-    branches:
-      - "*"
-    types:
-      - opened
-      - edited
+    branches: [ '**' ]
+    types: [ "opened", "edited" ]
 
 jobs:
   check-and-test:
+    container: docker.io/commitlint/commitlint:19.9.1
+    name: Execute commitlint
     runs-on: ubuntu-latest
-    container: commitlint/commitlint:19.9.1
     steps:
-      - uses: actions/checkout@v5
-      - name: check PR title
+      - uses: actions/checkout@v5.0.0
+      - name: Check PR title
         run: |
           echo "${{ gitea.event.pull_request.title }}" | commitlint --config .commitlintrc.json

.gitea/workflows/helm.yml

@@ -0,0 +1,75 @@
+name: Run Helm tests
+
+on:
+  pull_request:
+    branches: [ '**' ]
+  push:
+    branches: [ '**' ]
+    tags-ignore: [ '**' ]
+  workflow_call: {}
+
+env:
+  # renovate: datasource=github-releases depName=helm-unittest/helm-unittest
+  HELM_UNITTEST_VERSION: "v1.0.1"
+
+jobs:
+  helm-lint:
+    container: docker.io/alpine/helm:3.18.6
+    name: Execute helm lint
+    runs-on: ubuntu-latest
+    steps:
+      - name: Install additional tools
+        run: |
+          apk update
+          apk add --update bash make nodejs
+      - uses: actions/checkout@v5.0.0
+      - name: Install helm chart dependencies
+        run: helm dependency build
+      - name: Execute helm lint
+        run: helm lint
+
+  helm-template:
+    container: docker.io/alpine/helm:3.18.6
+    name: Execute helm template
+    runs-on: ubuntu-latest
+    steps:
+      - name: Install additional tools
+        run: |
+          apk update
+          apk add --update bash make nodejs
+      - uses: actions/checkout@v5.0.0
+      - name: Install helm chart dependencies
+        run: helm dependency build
+      - name: Execute helm template
+        run: helm template --debug gitea-helm .
+
+  helm-unittest:
+    container: docker.io/alpine/helm:3.18.6
+    name: Execute helm unittest
+    runs-on: ubuntu-latest
+    steps:
+      - name: Install additional tools
+        run: |
+          apk update
+          apk add --update bash make nodejs npm yamllint ncurses
+      - uses: actions/checkout@v5.0.0
+      - name: Install helm chart dependencies
+        run: helm dependency build
+      - name: Install helm plugin 'unittest'
+        run: |
+          helm plugin install --version ${{ env.HELM_UNITTEST_VERSION }} https://github.com/helm-unittest/helm-unittest
+          git submodule update --init --recursive
+      - name: Execute helm unittest
+        env:
+          TERM: xterm
+        run: make unittests
+
+
+
+
+      # - name: verify readme
+      #   run: |
+      #     make readme
+      #     git diff --exit-code --name-only README.md
+      # - name: yaml lint
+      #   uses: https://github.com/ibiqlik/action-yamllint@v3

.gitea/workflows/markdown-linters.yml

@@ -0,0 +1,52 @@
+name: Markdown linter
+
+on:
+  pull_request:
+    types: [ "opened", "reopened", "synchronize" ]
+  push:
+    branches: [ '**' ]
+    tags-ignore: [ '**' ]
+  workflow_dispatch: {}
+
+jobs:
+  readme-link:
+    container:
+      image: docker.io/library/node:24.9.0-alpine
+    name: Execute npm run readme:link
+    runs-on: ubuntu-latest
+    steps:
+    - uses: actions/checkout@v5.0.0
+    - name: Execute npm run readme:link
+      run: |
+        npm install
+        npm run readme:link
+
+  readme-lint:
+    container:
+      image: docker.io/library/node:24.9.0-alpine
+    name: Execute npm run readme:lint
+    runs-on: ubuntu-latest
+    steps:
+    - uses: actions/checkout@v5.0.0
+    - name: Execute npm run readme:lint
+      run: |
+        npm install
+        npm run readme:lint
+
+  readme-parameters:
+    container:
+      image: docker.io/library/node:24.9.0-alpine
+    name: Execute npm run readme:parameters
+    runs-on: ubuntu-latest
+    steps:
+    - name: Install tooling
+      run: |
+        apk update
+        apk add git
+    - uses: actions/checkout@v5.0.0
+    - name: Execute npm run readme:parameters
+      run: |
+        npm install
+        npm run readme:parameters
+    - name: Compare diff
+      run: git diff --exit-code --name-only README.md

.gitea/workflows/release-version.yml

@@ -2,14 +2,13 @@ name: generate-chart
 
 on:
   push:
-    tags:
-      - "*"
+    tags: [ '**' ]
 
 jobs:
   generate-chart-publish:
     runs-on: ubuntu-latest
     steps:
-      - uses: actions/checkout@v5
+      - uses: actions/checkout@v5.0.0
         with:
           fetch-depth: 0
 
@@ -65,11 +64,11 @@ jobs:
           OLD_TAG="$(git tag --sort=-version:refname | head --lines 2 | tail --lines 1)"
           .gitea/scripts/add-annotations.sh "${OLD_TAG}" "${NEW_TAG}"
 
-      - name: Print Chart.yaml
+      - name: Print Chart.yaml on stdout
         run: cat Chart.yaml
 
       # Using helm gpg plugin as 'helm package --sign' has issues with gpg2: https://github.com/helm/helm/issues/2843
-      - name: package chart
+      - name: Package Helm chart
         run: |
           echo ${{ secrets.DOCKER_CHARTS_PASSWORD }} | docker login -u ${{ secrets.DOCKER_CHARTS_USERNAME }} --password-stdin
           # FIXME: use upstream after https://github.com/technosophos/helm-gpg/issues/1 is solved
@@ -85,7 +84,7 @@ jobs:
           helm push gitea/gitea-${GITHUB_REF#refs/tags/v}.tgz oci://registry-1.docker.io/giteacharts
           helm registry logout registry-1.docker.io
 
-      - name: aws credential configure
+      - name: Configure AWS credentials
         uses: https://github.com/aws-actions/configure-aws-credentials@v5
         with:
           aws-access-key-id: ${{ secrets.AWS_KEY_ID }}
@@ -97,14 +96,14 @@ jobs:
           aws s3 sync gitea/ s3://${{ secrets.AWS_S3_BUCKET}}/charts/
 
   release-gitea:
+    container: docker.io/thegeeklab/git-sv:2.0.5
     needs: generate-chart-publish
     runs-on: ubuntu-latest
-    container: docker.io/thegeeklab/git-sv:2.0.5
     steps:
-      - name: install tools
+      - name: Install packages via apt
         run: |
           apk add -q --update --no-cache nodejs
-      - uses: actions/checkout@v5
+      - uses: actions/checkout@v5.0.0
         with:
           fetch-tags: true
           fetch-depth: 0

.gitea/workflows/test-pr.yml

@@ -1,46 +0,0 @@
-name: check-and-test
-
-on:
-  pull_request:
-    branches:
-      - "*"
-  push:
-    branches:
-      - main
-      - v13
-
-env:
-  # renovate: datasource=github-releases depName=helm-unittest/helm-unittest
-  HELM_UNITTEST_VERSION: "v1.0.1"
-
-jobs:
-  check-and-test:
-    runs-on: ubuntu-latest
-    container: alpine/helm:3.18.6
-    steps:
-      - name: install tools
-        run: |
-          apk update
-          apk add --update bash make nodejs npm yamllint ncurses
-      - uses: actions/checkout@v5
-      - name: install chart dependencies
-        run: helm dependency build
-      - name: lint
-        run: helm lint
-      - name: template
-        run: helm template --debug gitea-helm .
-      - name: prepare unit test environment
-        run: |
-          helm plugin install --version ${{ env.HELM_UNITTEST_VERSION }} https://github.com/helm-unittest/helm-unittest
-          git submodule update --init --recursive
-      - name: unit tests
-        env:
-          TERM: xterm
-        run: |
-          make unittests
-      - name: verify readme
-        run: |
-          make readme
-          git diff --exit-code --name-only README.md
-      - name: yaml lint
-        uses: https://github.com/ibiqlik/action-yamllint@v3

.gitea/workflows/update-changelog.yml

@@ -0,0 +1,29 @@
+name: Update changelog
+
+on:
+  push:
+    branches: [ "main" ]
+  workflow_dispatch: {}
+
+jobs:
+  changelog:
+    runs-on: ubuntu-latest
+    steps:
+      - name: Install packages via apt-get
+        run: |
+          apt-get update &&
+          apt-get install --yes curl jq
+      - uses: actions/checkout@v5.0.0
+        with:
+          fetch-depth: 0
+      - name: Install git-sv
+        env:
+          GIT_SV_VERSION: v2.0.4 # renovate: datasource=github-releases depName=thegeeklab/git-sv
+        run: |
+          curl --fail --location --output /usr/local/bin/git-sv --silent --show-error https://github.com/thegeeklab/git-sv/releases/download/${GIT_SV_VERSION}/git-sv-linux-$(dpkg --print-architecture)
+          chmod +x /usr/local/bin/git-sv
+          git-sv --version
+      - name: Update changelog issue
+        env:
+          ISSUE_RW_TOKEN: ${{ secrets.ISSUE_RW_TOKEN }}
+        run: .gitea/scripts/update-changelog.sh