WIP

The following PR add the annotation 'artifacthub.io/changes'. For each semantic
commit will be the annotation extended. Further information can be found in the
documentation of
[Artifacthub.io](https://artifacthub.io/docs/topics/annotations/helm/#supported-annotations).

The CI has been adapted. The binary jq as well as yq in >= v4.0 is required.
Otherwise will not be concatenated the YAML file correctly via the yq expression,
because the `loadstr()` expression is not available in lower versions.

Additionally the relation between the semantic commit and the Artifacthub.io
change log type should be clarified. The current relationshiop can be adapted if
needed.

Furthermore, yq will be installed as part of the CI steps. It would be great if
yq is also available as deb package in >=v4.0. This would reduce the boiler
plate to install yq and maintain the version via renovate.

Regarding the renovate expression. In my environment works this expression, but
I don't know if it also works in this gitea/renovate instance.

.gitea/scripts/add-annotations.sh

@@ -0,0 +1,114 @@
+#!/bin/bash
+
+set -e
+
+CHART_FILE="Chart.yaml"
+if [ ! -f "${CHART_FILE}" ]; then
+  echo "ERROR: ${CHART_FILE} not found!" 1>&2
+  exit 1
+fi
+
+DEFAULT_NEW_TAG="$(git tag --sort=-version:refname | head -n 1)"
+DEFAULT_OLD_TAG="$(git tag --sort=-version:refname | head -n 2 | tail -n 1)"
+
+if [ -z "${1}" ]; then
+  read -p "Enter start tag [${DEFAULT_OLD_TAG}]: " OLD_TAG
+  if [ -z "${OLD_TAG}" ]; then
+    OLD_TAG="${DEFAULT_OLD_TAG}"
+  fi
+
+  while [ -z "$(git tag --list "${OLD_TAG}")" ]; do
+    echo "ERROR: Tag '${OLD_TAG}' not found!" 1>&2
+    read -p "Enter start tag [${DEFAULT_OLD_TAG}]: " OLD_TAG
+    if [ -z "${OLD_TAG}" ]; then
+      OLD_TAG="${DEFAULT_OLD_TAG}"
+    fi
+  done
+else
+  OLD_TAG=${1}
+  if [ -z "$(git tag --list "${OLD_TAG}")" ]; then
+    echo "ERROR: Tag '${OLD_TAG}' not found!" 1>&2
+    exit 1
+  fi
+fi
+
+if [ -z "${2}" ]; then
+  read -p "Enter end tag [${DEFAULT_NEW_TAG}]: " NEW_TAG
+  if [ -z "${NEW_TAG}" ]; then
+    NEW_TAG="${DEFAULT_NEW_TAG}"
+  fi
+
+  while [ -z "$(git tag --list "${NEW_TAG}")" ]; do
+    echo "ERROR: Tag '${NEW_TAG}' not found!" 1>&2
+    read -p "Enter end tag [${DEFAULT_NEW_TAG}]: " NEW_TAG
+    if [ -z "${NEW_TAG}" ]; then
+      NEW_TAG="${DEFAULT_NEW_TAG}"
+    fi
+  done
+else
+  NEW_TAG=${2}
+
+  if [ -z "$(git tag --list "${NEW_TAG}")" ]; then
+    echo "ERROR: Tag '${NEW_TAG}' not found!" 1>&2
+    exit 1
+  fi
+fi
+
+CHANGE_LOG_YAML=$(mktemp)
+echo "[]" > "${CHANGE_LOG_YAML}"
+
+function map_type_to_kind() {
+  case "${1}" in
+    feat)
+      echo "added"
+    ;;
+    fix)
+      echo "fixed"
+    ;;
+    chore|style|test|ci|docs|refac)
+      echo "changed"
+    ;;
+    revert)
+      echo "removed"
+    ;;
+    sec)
+      echo "security"
+    ;;
+    *)
+      echo "skip"
+    ;;
+  esac
+}
+
+COMMIT_TITLES="$(git log --pretty=format:"%s" "${OLD_TAG}..${NEW_TAG}")"
+
+echo "INFO: Generate change log entries from ${OLD_TAG} until ${NEW_TAG}"
+
+while IFS= read -r line; do
+  if [[ "${line}" =~ ^([a-zA-Z]+)(\([^\)]+\))?\:\ (.+)$ ]]; then
+    TYPE="${BASH_REMATCH[1]}"
+    KIND=$(map_type_to_kind "${TYPE}")
+
+    if [ "${KIND}" == "skip" ]; then
+      continue
+    fi
+
+    DESC="${BASH_REMATCH[3]}"
+
+    echo "- ${KIND}: ${DESC}"
+
+    jq --arg kind changed --arg description "$DESC" '. += [ $ARGS.named ]' < ${CHANGE_LOG_YAML} > ${CHANGE_LOG_YAML}.new
+    mv ${CHANGE_LOG_YAML}.new ${CHANGE_LOG_YAML}
+
+  fi
+done <<< "${COMMIT_TITLES}"
+
+if [ -s "${CHANGE_LOG_YAML}" ]; then
+  yq --inplace --input-format json --output-format yml "${CHANGE_LOG_YAML}"
+  yq --no-colors --inplace ".annotations.\"artifacthub.io/changes\" |= loadstr(\"${CHANGE_LOG_YAML}\") | sort_keys(.)" "${CHART_FILE}"
+else
+  echo "ERROR: Changelog file is empty: ${CHANGE_LOG_YAML}" 1>&2
+  exit 1
+fi
+
+rm "${CHANGE_LOG_YAML}"

.gitea/workflows/release-version.yml

@@ -10,53 +10,75 @@ env:
   HELM_VERSION: "3.17.3"
 
 jobs:
-  # generate-chart-publish:
-  #   runs-on: ubuntu-latest
-  #   steps:
-  #     - uses: actions/checkout@v4
-  #     - name: install tools
-  #       run: |
-  #         apt update -y
-  #         apt install -y curl ca-certificates curl gnupg
-  #         # helm
-  #         curl -O https://get.helm.sh/helm-v${{ env.HELM_VERSION }}-linux-amd64.tar.gz
-  #         tar -xzf helm-v${{ env.HELM_VERSION }}-linux-amd64.tar.gz
-  #         mv linux-amd64/helm /usr/local/bin/
-  #         rm -rf linux-amd64 helm-v${{ env.HELM_VERSION }}-linux-amd64.tar.gz
-  #         helm version
-  #         # docker
-  #         install -m 0755 -d /etc/apt/keyrings
-  #         curl -fsSL https://download.docker.com/linux/ubuntu/gpg | gpg --dearmor -o /etc/apt/keyrings/docker.gpg
-  #         chmod a+r /etc/apt/keyrings/docker.gpg
-  #         echo "deb [arch="$(dpkg --print-architecture)" signed-by=/etc/apt/keyrings/docker.gpg] https://download.docker.com/linux/ubuntu "$(. /etc/os-release && echo "$VERSION_CODENAME")" stable" | tee /etc/apt/sources.list.d/docker.list > /dev/null
-  #         apt update -y
-  #         apt install -y python3 python3-pip apt-transport-https docker-ce-cli
-  #         pip install awscli --break-system-packages
+  generate-chart-publish:
+    runs-on: ubuntu-latest
+    steps:
+      - uses: actions/checkout@v4
+      - name: install tools
+        run: |
+          apt update -y
+          apt install -y curl ca-certificates curl gnupg
+          # helm
+          curl -O https://get.helm.sh/helm-v${{ env.HELM_VERSION }}-linux-amd64.tar.gz
+          tar -xzf helm-v${{ env.HELM_VERSION }}-linux-amd64.tar.gz
+          mv linux-amd64/helm /usr/local/bin/
+          rm -rf linux-amd64 helm-v${{ env.HELM_VERSION }}-linux-amd64.tar.gz
+          helm version
+          # docker
+          install -m 0755 -d /etc/apt/keyrings
+          curl -fsSL https://download.docker.com/linux/ubuntu/gpg | gpg --dearmor -o /etc/apt/keyrings/docker.gpg
+          chmod a+r /etc/apt/keyrings/docker.gpg
+          echo "deb [arch="$(dpkg --print-architecture)" signed-by=/etc/apt/keyrings/docker.gpg] https://download.docker.com/linux/ubuntu "$(. /etc/os-release && echo "$VERSION_CODENAME")" stable" | tee /etc/apt/sources.list.d/docker.list > /dev/null
+          apt update -y
+          apt install -y python3 python3-pip apt-transport-https docker-ce-cli
+          pip install awscli --break-system-packages
+          # jq
+          apt install -y jq
 
-  #     - name: Import GPG key
-  #       id: import_gpg
-  #       uses: https://github.com/crazy-max/ghaction-import-gpg@v6
-  #       with:
-  #         gpg_private_key: ${{ secrets.GPGSIGN_KEY }}
-  #         passphrase: ${{ secrets.GPGSIGN_PASSPHRASE }}
-  #         fingerprint: CC64B1DB67ABBEECAB24B6455FC346329753F4B0
+      # - name: Import GPG key
+      #   id: import_gpg
+      #   uses: https://github.com/crazy-max/ghaction-import-gpg@v6
+      #   with:
+      #     gpg_private_key: ${{ secrets.GPGSIGN_KEY }}
+      #     passphrase: ${{ secrets.GPGSIGN_PASSPHRASE }}
+      #     fingerprint: CC64B1DB67ABBEECAB24B6455FC346329753F4B0
 
-  #     # Using helm gpg plugin as 'helm package --sign' has issues with gpg2: https://github.com/helm/helm/issues/2843
-  #     - name: package chart
-  #       run: |
-  #         echo ${{ secrets.DOCKER_CHARTS_PASSWORD }} | docker login -u ${{ secrets.DOCKER_CHARTS_USERNAME }} --password-stdin
-  #         # FIXME: use upstream after https://github.com/technosophos/helm-gpg/issues/1 is solved
-  #         helm plugin install https://github.com/pat-s/helm-gpg
-  #         helm dependency build
-  #         helm package --version "${GITHUB_REF#refs/tags/v}" ./
-  #         mkdir gitea
-  #         mv gitea*.tgz gitea/
-  #         curl -s -L -o gitea/index.yaml https://dl.gitea.com/charts/index.yaml
-  #         helm repo index gitea/ --url https://dl.gitea.com/charts --merge gitea/index.yaml
-  #         # push to dockerhub
-  #         echo ${{ secrets.DOCKER_CHARTS_PASSWORD }} | helm registry login -u ${{ secrets.DOCKER_CHARTS_USERNAME }} registry-1.docker.io --password-stdin
-  #         helm push gitea/gitea-${GITHUB_REF#refs/tags/v}.tgz oci://registry-1.docker.io/giteacharts
-  #         helm registry logout registry-1.docker.io
+      - name: Add Artifacthub.io annotations
+        env:
+          YQ_VERSION: v4.45.4 # renovate: datasource=github-releases depName=mikefarah/yq
+        run: |
+          # determine operating system
+          OS=$(uname | tr '[:upper:]' '[:lower:]')
+
+          # determine architecture
+          ARCH="$(uname -m)"
+          case "${ARCH}" in
+            x86_64) ARCH=amd64;;
+          esac
+
+          # Download yq
+          curl --silent --fail --location https://github.com/mikefarah/yq/releases/download/${YQ_VERSION}/yq_${OS}_${ARCH}.tar.gz --output /dev/stdout | tar --extract --gzip && mv yq_${OS}_${ARCH} /usr/bin/yq
+
+          NEW_TAG="$(git tag --sort=-version:refname | head -n 1)"
+          OLD_TAG="$(git tag --sort=-version:refname | head -n 2 | tail -n 1)"
+          .gitea/scripts/add-annotations.sh "${OLD_TAG}" "${NEW_TAG}"
+
+      # # Using helm gpg plugin as 'helm package --sign' has issues with gpg2: https://github.com/helm/helm/issues/2843
+      # - name: package chart
+      #   run: |
+      #     echo ${{ secrets.DOCKER_CHARTS_PASSWORD }} | docker login -u ${{ secrets.DOCKER_CHARTS_USERNAME }} --password-stdin
+      #     # FIXME: use upstream after https://github.com/technosophos/helm-gpg/issues/1 is solved
+      #     helm plugin install https://github.com/pat-s/helm-gpg
+      #     helm dependency build
+      #     helm package --version "${GITHUB_REF#refs/tags/v}" ./
+      #     mkdir gitea
+      #     mv gitea*.tgz gitea/
+      #     curl -s -L -o gitea/index.yaml https://dl.gitea.com/charts/index.yaml
+      #     helm repo index gitea/ --url https://dl.gitea.com/charts --merge gitea/index.yaml
+      #     # push to dockerhub
+      #     echo ${{ secrets.DOCKER_CHARTS_PASSWORD }} | helm registry login -u ${{ secrets.DOCKER_CHARTS_USERNAME }} registry-1.docker.io --password-stdin
+      #     helm push gitea/gitea-${GITHUB_REF#refs/tags/v}.tgz oci://registry-1.docker.io/giteacharts
+      #     helm registry logout registry-1.docker.io
 
   #     - name: aws credential configure
   #       uses: https://github.com/aws-actions/configure-aws-credentials@v4
@@ -69,28 +91,28 @@ jobs:
   #       run: |
   #         aws s3 sync gitea/ s3://${{ secrets.AWS_S3_BUCKET}}/charts/
 
-  release-gitea:
-    # needs: generate-chart-publish
-    runs-on: ubuntu-latest
-    container: docker.io/thegeeklab/git-sv:2.0.1
-    steps:
-      - name: install tools
-        run: |
-          apk add -q --update --no-cache nodejs
-      - uses: actions/checkout@v4
-        with:
-          fetch-tags: true
-          fetch-depth: 0
+  # release-gitea:
+  #   # needs: generate-chart-publish
+  #   runs-on: ubuntu-latest
+  #   container: docker.io/thegeeklab/git-sv:2.0.1
+  #   steps:
+  #     - name: install tools
+  #       run: |
+  #         apk add -q --update --no-cache nodejs
+  #     - uses: actions/checkout@v4
+  #       with:
+  #         fetch-tags: true
+  #         fetch-depth: 0
 
-      - name: Create changelog
-        run: |
-          git sv current-version
-          git sv release-notes -t ${GITHUB_REF#refs/tags/} -o CHANGELOG.md
-          sed -i '1,2d' CHANGELOG.md # remove version
-          cat CHANGELOG.md
+  #     - name: Create changelog
+  #       run: |
+  #         git sv current-version
+  #         git sv release-notes -t ${GITHUB_REF#refs/tags/} -o CHANGELOG.md
+  #         sed -i '1,2d' CHANGELOG.md # remove version
+  #         cat CHANGELOG.md
 
-      - name: Release
-        uses: https://github.com/akkuman/gitea-release-action@v1
-        with:
-          body_path: CHANGELOG.md
-          token: "${{ secrets.RELEASE_TOKEN }}"
+  #     - name: Release
+  #       uses: https://github.com/akkuman/gitea-release-action@v1
+  #       with:
+  #         body_path: CHANGELOG.md
+  #         token: "${{ secrets.RELEASE_TOKEN }}"

Chart.lock

@@ -1,15 +1,15 @@
 dependencies:
 - name: postgresql
   repository: oci://registry-1.docker.io/bitnamicharts
-  version: 16.7.2
+  version: 16.7.4
 - name: postgresql-ha
   repository: oci://registry-1.docker.io/bitnamicharts
-  version: 16.0.3
+  version: 16.0.6
 - name: valkey-cluster
   repository: oci://registry-1.docker.io/bitnamicharts
-  version: 3.0.5
+  version: 3.0.10
 - name: valkey
   repository: oci://registry-1.docker.io/bitnamicharts
-  version: 3.0.4
-digest: sha256:9f184e842e4e04f7a1a3791ed92ab2ce085c4cf8f9dc9ce9a70b45b8af4c3c3c
-generated: "2025-05-10T03:23:40.55670864Z"
+  version: 3.0.9
+digest: sha256:aeafc605b86db0ff3999cd808af1c9ca3a6a749aae0d42f2fdae89803b3bb60a
+generated: "2025-05-25T00:23:17.804516988Z"

Chart.yaml

@@ -36,20 +36,20 @@ dependencies:
   # https://github.com/bitnami/charts/blob/main/bitnami/postgresql
   - name: postgresql
     repository: oci://registry-1.docker.io/bitnamicharts
-    version: 16.7.2
+    version: 16.7.4
     condition: postgresql.enabled
   # https://github.com/bitnami/charts/blob/main/bitnami/postgresql-ha/Chart.yaml
   - name: postgresql-ha
     repository: oci://registry-1.docker.io/bitnamicharts
-    version: 16.0.3
+    version: 16.0.6
     condition: postgresql-ha.enabled
   # https://github.com/bitnami/charts/blob/main/bitnami/valkey-cluster/Chart.yaml
   - name: valkey-cluster
     repository: oci://registry-1.docker.io/bitnamicharts
-    version: 3.0.5
+    version: 3.0.10
     condition: valkey-cluster.enabled
   # https://github.com/bitnami/charts/blob/main/bitnami/valkey/Chart.yaml
   - name: valkey
     repository: oci://registry-1.docker.io/bitnamicharts
-    version: 3.0.4
+    version: 3.0.9
     condition: valkey.enabled