feat: add Artifacthub annotation 'artifacthub.io/changes' (#881)

The following PR add the annotation 'artifacthub.io/changes'. For each semantic
commit will be the annotation extended. Further information can be found in the
documentation of
[Artifacthub.io](https://artifacthub.io/docs/topics/annotations/helm/#supported-annotations).

The CI has been adapted. The binary jq as well as yq in >= v4.0 is required.
Otherwise will not be concatenated the YAML file correctly via the yq expression,
because the `loadstr()` expression is not available in lower versions.

Additionally the relation between the semantic commit and the Artifacthub.io
change log type should be clarified. The current relationshiop can be adapted if
needed.

Furthermore, yq will be installed as part of the CI steps. It would be great if
yq is also available as deb package in >=v4.0. This would reduce the boiler
plate to install yq and maintain the version via renovate.

Regarding the renovate expression. In my environment works this expression, but
I don't know if it also works in this gitea/renovate instance.

Reviewed-on: https://gitea.com/gitea/helm-gitea/pulls/881
Reviewed-by: pat-s <pat-s@noreply.gitea.com>
Co-authored-by: Markus Pesch <markus.pesch@cryptic.systems>
Co-committed-by: Markus Pesch <markus.pesch@cryptic.systems>

.gitea/workflows/release-version.yml

@@ -5,33 +5,51 @@ on:
     tags:
       - "*"
 
-env:
-  # renovate: datasource=docker depName=alpine/helm
-  HELM_VERSION: "3.18.2"
-
 jobs:
   generate-chart-publish:
     runs-on: ubuntu-latest
     steps:
       - uses: actions/checkout@v4
-      - name: install tools
+        with:
+          fetch-depth: 0
+
+      - name: Install packages via apt
         run: |
-          apt update -y
-          apt install -y curl ca-certificates curl gnupg
-          # helm
-          curl -O https://get.helm.sh/helm-v${{ env.HELM_VERSION }}-linux-amd64.tar.gz
-          tar -xzf helm-v${{ env.HELM_VERSION }}-linux-amd64.tar.gz
-          mv linux-amd64/helm /usr/local/bin/
-          rm -rf linux-amd64 helm-v${{ env.HELM_VERSION }}-linux-amd64.tar.gz
+          apt update --yes
+          apt install --yes curl ca-certificates curl gnupg jq
+
+      - name: Install helm
+        env:
+          # renovate: datasource=docker depName=alpine/helm
+          HELM_VERSION: "3.18.2"
+        run: |
+          curl --fail --location --output /dev/stdout --silent --show-error https://get.helm.sh/helm-v${HELM_VERSION}-linux-$(dpkg --print-architecture).tar.gz | tar --extract --gzip --file /dev/stdin
+          mv linux-$(dpkg --print-architecture)/helm /usr/local/bin/
+          rm --force --recursive linux-$(dpkg --print-architecture) helm-v${HELM_VERSION}-linux-$(dpkg --print-architecture).tar.gz
           helm version
-          # docker
+
+      - name: Install yq
+        env:
+          YQ_VERSION: v4.45.4 # renovate: datasource=github-releases depName=mikefarah/yq
+        run: |
+          curl --fail --location --output /dev/stdout --silent --show-error https://github.com/mikefarah/yq/releases/download/${YQ_VERSION}/yq_linux_$(dpkg --print-architecture).tar.gz | tar --extract --gzip --file /dev/stdin
+          mv yq_linux_$(dpkg --print-architecture) /usr/local/bin
+          rm --force --recursive yq_linux_$(dpkg --print-architecture) yq_linux_$(dpkg --print-architecture).tar.gz
+          yq --version
+
+      - name: Install docker-ce via apt
+        run: |
           install -m 0755 -d /etc/apt/keyrings
-          curl -fsSL https://download.docker.com/linux/ubuntu/gpg | gpg --dearmor -o /etc/apt/keyrings/docker.gpg
+          curl --fail --location --silent --show-error https://download.docker.com/linux/ubuntu/gpg | gpg --dearmor -o /etc/apt/keyrings/docker.gpg
           chmod a+r /etc/apt/keyrings/docker.gpg
           echo "deb [arch="$(dpkg --print-architecture)" signed-by=/etc/apt/keyrings/docker.gpg] https://download.docker.com/linux/ubuntu "$(. /etc/os-release && echo "$VERSION_CODENAME")" stable" | tee /etc/apt/sources.list.d/docker.list > /dev/null
-          apt update -y
-          apt install -y python3 python3-pip apt-transport-https docker-ce-cli
+          apt update --yes
+          apt install --yes python3 python3-pip apt-transport-https docker-ce-cli
+
+      - name: Install awscli
+        run: |
           pip install awscli --break-system-packages
+          aws --version
 
       - name: Import GPG key
         id: import_gpg
@@ -41,6 +59,15 @@ jobs:
           passphrase: ${{ secrets.GPGSIGN_PASSPHRASE }}
           fingerprint: CC64B1DB67ABBEECAB24B6455FC346329753F4B0
 
+      - name: Add Artifacthub.io annotations
+        run: |
+          NEW_TAG="$(git tag --sort=-version:refname | head --lines 1)"
+          OLD_TAG="$(git tag --sort=-version:refname | head --lines 2 | tail --lines 1)"
+          .gitea/scripts/add-annotations.sh "${OLD_TAG}" "${NEW_TAG}"
+
+      - name: Print Chart.yaml
+        run: cat Chart.yaml
+
       # Using helm gpg plugin as 'helm package --sign' has issues with gpg2: https://github.com/helm/helm/issues/2843
       - name: package chart
         run: |
@@ -51,7 +78,7 @@ jobs:
           helm package --version "${GITHUB_REF#refs/tags/v}" ./
           mkdir gitea
           mv gitea*.tgz gitea/
-          curl -s -L -o gitea/index.yaml https://dl.gitea.com/charts/index.yaml
+          curl --fail --location --output gitea/index.yaml --silent --show-error https://dl.gitea.com/charts/index.yaml
           helm repo index gitea/ --url https://dl.gitea.com/charts --merge gitea/index.yaml
           # push to dockerhub
           echo ${{ secrets.DOCKER_CHARTS_PASSWORD }} | helm registry login -u ${{ secrets.DOCKER_CHARTS_USERNAME }} registry-1.docker.io --password-stdin