Merge pull request #1827 from Altinity/hotfix_helm_release

fix: correctly delete existing helm release artifacts by appending asset ID to URL

Author: alex-zaitsev

.github/workflows/release_chart.yaml

@@ -1,183 +1,183 @@
-name: release_chart
-
-on:
-  release:
-    types:
-    - published
-    - edited
-
-jobs:
-  release_chart:
-    name: Release Chart
-    permissions:
-      contents: write
-    runs-on: ubuntu-latest
-    steps:
-      - name: Checkout
-        uses: actions/checkout@v4
-        with:
-          fetch-depth: 0
-
-      - name: Install chart-releaser
-        run: |
-          wget https://github.com/helm/chart-releaser/releases/download/v1.4.1/chart-releaser_1.4.1_linux_amd64.tar.gz
-          tar -zxf chart-releaser_1.4.1_linux_amd64.tar.gz cr
-          sudo install cr /usr/local/bin/
-          rm -f cr chart-releaser_1.4.1_linux_amd64.tar.gz
-
-      - name: Package Chart
-        run: cr package deploy/helm/clickhouse-operator
-
-      - name: Get Release Assets
-        id: get_assets
-        run: |
-          CHART_PATH=$(ls .cr-release-packages/altinity-clickhouse-operator-*.tgz)
-          ASSET_NAME=$(basename ${CHART_PATH})
-          ASSET_ID=$(curl -s -H "Authorization: Bearer ${{ secrets.GITHUB_TOKEN }}" \
-          "https://api.github.com/repos/${{ github.repository }}/releases/${{ github.event.release.id }}/assets" | \
-          jq -r ".[] | select(.name == \"$ASSET_NAME\") | .id")
-          
-          echo "Asset ID is $ASSET_ID"
-          echo "asset_id=$ASSET_ID" >> $GITHUB_OUTPUT
-
-      - name: Delete Existing Release Artifacts
-        if: steps.get_assets.outputs.asset_id != ''
-        run: |
-          curl -X DELETE -H "Authorization: Bearer ${{ secrets.GITHUB_TOKEN }}" \
-          "https://api.github.com/repos/${{ github.repository }}
-
-      - name: Upload Release Artifacts
-        run: |
-          CHART_PATH=$(ls .cr-release-packages/altinity-clickhouse-operator-*.tgz)
-          curl -X POST \
-            -H "Accept: application/vnd.github+json" \
-            -H "Authorization: Bearer ${{ secrets.GITHUB_TOKEN }}" \
-            -H "Content-Type: application/gzip" \
-            -T "${CHART_PATH}" \
-            "https://uploads.github.com/repos/${GITHUB_REPOSITORY}/releases/${{ github.event.release.id }}/assets?name=$(basename ${CHART_PATH})"
-      - name: Validate Helm Repository Configuration
-        run: |
-          if [ -z "${{ secrets.HELM_GITHUB_TOKEN }}" ]; then
-            echo "ERROR: HELM_GITHUB_TOKEN secret is not set or is empty"
-            echo "Please add HELM_GITHUB_TOKEN to repository secrets with write access to the helm repository"
-            exit 1
-          fi
-          
-          if [ -z "${{ vars.HELM_GITHUB_REPOSITORY }}" ]; then
-            echo "ERROR: HELM_GITHUB_REPOSITORY variable is not set or is empty"
-            echo "Please add HELM_GITHUB_REPOSITORY to repository variables (Settings -> Secrets and variables -> Actions -> Variables)"
-            exit 1
-          fi
-          
-          echo "Configuration validated:"
-          echo "  HELM_GITHUB_REPOSITORY: ${{ vars.HELM_GITHUB_REPOSITORY }}"
-          echo "  HELM_GITHUB_TOKEN: [SET]"
-          
-      - name: Upload Release Artifacts to Helm Repo
-        run: |
-          cr upload \
-            --git-repo=${{ vars.HELM_GITHUB_REPOSITORY }} \
-            --owner=${GITHUB_REPOSITORY_OWNER} \
-            --release-name-template=${{ github.event.release.name }} \
-            --token=${{ secrets.HELM_GITHUB_TOKEN }} \
-            --package-path=.cr-release-packages \
-            --skip-existing
-      - name: Configure Git
-        run: |
-          git config user.name "$GITHUB_ACTOR"
-          git config user.email "[email protected]"
-      - name: Release Chart to Operator Repo
-        run: |
-          git remote add httpsorigin "https://github.com/${GITHUB_REPOSITORY}.git"
-          git fetch httpsorigin
-          cr index \
-            --git-repo=${GITHUB_REPOSITORY#*/} \
-            --owner=${GITHUB_REPOSITORY_OWNER} \
-            --release-name-template=${{ github.event.release.name }} \
-            --token=${{ secrets.GITHUB_TOKEN }}  \
-            --index-path=index.yaml \
-            --remote=httpsorigin \
-            --push
-      - name: Release Chart to Helm Repo
-        run: |
-          # Validate configuration before attempting to push
-          if [ -z "${{ vars.HELM_GITHUB_REPOSITORY }}" ]; then
-            echo "ERROR: HELM_GITHUB_REPOSITORY variable is not set or is empty"
-            echo "This step requires HELM_GITHUB_REPOSITORY to be set in repository variables"
-            echo "Go to: Settings -> Secrets and variables -> Actions -> Variables"
-            exit 1
-          fi
-          
-          if [ -z "${{ secrets.HELM_GITHUB_TOKEN }}" ]; then
-            echo "ERROR: HELM_GITHUB_TOKEN secret is not set or is empty"
-            echo "This step requires HELM_GITHUB_TOKEN with write access to: ${GITHUB_REPOSITORY_OWNER}/${{ vars.HELM_GITHUB_REPOSITORY }}"
-            echo "Go to: Settings -> Secrets and variables -> Actions -> Secrets"
-            exit 1
-          fi
-          
-          echo "Attempting to push to helm repository: ${GITHUB_REPOSITORY_OWNER}/${{ vars.HELM_GITHUB_REPOSITORY }}"
-          
-          # Test token authentication
-          echo "Testing token authentication..."
-          TOKEN_USER=$(curl -sS -H "Authorization: token ${{ secrets.HELM_GITHUB_TOKEN }}" https://api.github.com/user | jq -r '.login')
-          echo "Token authenticated as user: ${TOKEN_USER}"
-          
-          # Save current directory
-          WORK_DIR=$(pwd)
-          
-          # Create a temporary directory for helm repo operations
-          TEMP_DIR=$(mktemp -d)
-          cd "$TEMP_DIR"
-          
-          # Clone the helm repository WITHOUT token in URL to avoid masking issues
-          echo "Cloning helm repository to temporary directory..."
-          git clone https://github.com/${GITHUB_REPOSITORY_OWNER}/${{ vars.HELM_GITHUB_REPOSITORY }}.git helm-repo || {
-            echo "ERROR: Failed to clone helm repository"
-            echo "Please verify:"
-            echo "  1. Repository exists: ${GITHUB_REPOSITORY_OWNER}/${{ vars.HELM_GITHUB_REPOSITORY }}"
-            exit 1
-          }
-          
-          cd helm-repo
-          
-          # Configure git credentials for push
-          git config user.email "[email protected]"
-          git config user.name "$GITHUB_ACTOR"
-          
-          # Set up authentication using git credential helper
-          git config credential.helper "store --file=.git/credentials"
-          echo "https://x-access-token:${{ secrets.HELM_GITHUB_TOKEN }}@github.com" > .git/credentials
-          
-          # Now use cr index from within the helm repo to avoid history conflicts
-          echo "Generating index.yaml within helm repository context..."
-          
-          # Copy the package to a local directory within helm repo
-          mkdir -p .cr-release-packages
-          cp "$WORK_DIR"/.cr-release-packages/*.tgz .cr-release-packages/ || {
-            echo "ERROR: No chart packages found in .cr-release-packages"
-            exit 1
-          }
-          
-          # Generate index with cr (this will handle the gh-pages branch automatically)
-          cr index \
-            --git-repo=${{ vars.HELM_GITHUB_REPOSITORY }} \
-            --owner=${GITHUB_REPOSITORY_OWNER} \
-            --release-name-template=${{ github.event.release.name }} \
-            --token=${{ secrets.HELM_GITHUB_TOKEN }} \
-            --package-path=.cr-release-packages \
-            --index-path=index.yaml \
-            --push || {
-            echo "ERROR: Failed to generate or push index to helm repository"
-            echo "Debug: Current directory is $(pwd)"
-            echo "Debug: Git remotes:"
-            git remote -v
-            echo "Debug: Git status:"
-            git status
-            exit 1
-          }
-          
-          echo "Successfully updated helm repository index"
-          
-          # Cleanup
-          cd /
-          rm -rf "$TEMP_DIR"
+name: release_chart
+
+on:
+  release:
+    types:
+    - published
+    - edited
+
+jobs:
+  release_chart:
+    name: Release Chart
+    permissions:
+      contents: write
+    runs-on: ubuntu-latest
+    steps:
+      - name: Checkout
+        uses: actions/checkout@v4
+        with:
+          fetch-depth: 0
+
+      - name: Install chart-releaser
+        run: |
+          wget https://github.com/helm/chart-releaser/releases/download/v1.4.1/chart-releaser_1.4.1_linux_amd64.tar.gz
+          tar -zxf chart-releaser_1.4.1_linux_amd64.tar.gz cr
+          sudo install cr /usr/local/bin/
+          rm -f cr chart-releaser_1.4.1_linux_amd64.tar.gz
+
+      - name: Package Chart
+        run: cr package deploy/helm/clickhouse-operator
+
+      - name: Get Release Assets
+        id: get_assets
+        run: |
+          CHART_PATH=$(ls .cr-release-packages/altinity-clickhouse-operator-*.tgz)
+          ASSET_NAME=$(basename ${CHART_PATH})
+          ASSET_ID=$(curl -s -H "Authorization: Bearer ${{ secrets.GITHUB_TOKEN }}" \
+          "https://api.github.com/repos/${{ github.repository }}/releases/${{ github.event.release.id }}/assets" | \
+          jq -r ".[] | select(.name == \"$ASSET_NAME\") | .id")
+          
+          echo "Asset ID is $ASSET_ID"
+          echo "asset_id=$ASSET_ID" >> $GITHUB_OUTPUT
+
+      - name: Delete Existing Release Artifacts
+        if: steps.get_assets.outputs.asset_id != ''
+        run: |
+          curl -X DELETE -H "Authorization: Bearer ${{ secrets.GITHUB_TOKEN }}" \
+          "https://api.github.com/repos/${{ github.repository }}/releases/${{ github.event.release.id }}/assets/${{ steps.get_assets.outputs.asset_id }}"
+
+      - name: Upload Release Artifacts
+        run: |
+          CHART_PATH=$(ls .cr-release-packages/altinity-clickhouse-operator-*.tgz)
+          curl -X POST \
+            -H "Accept: application/vnd.github+json" \
+            -H "Authorization: Bearer ${{ secrets.GITHUB_TOKEN }}" \
+            -H "Content-Type: application/gzip" \
+            -T "${CHART_PATH}" \
+            "https://uploads.github.com/repos/${GITHUB_REPOSITORY}/releases/${{ github.event.release.id }}/assets?name=$(basename ${CHART_PATH})"
+      - name: Validate Helm Repository Configuration
+        run: |
+          if [ -z "${{ secrets.HELM_GITHUB_TOKEN }}" ]; then
+            echo "ERROR: HELM_GITHUB_TOKEN secret is not set or is empty"
+            echo "Please add HELM_GITHUB_TOKEN to repository secrets with write access to the helm repository"
+            exit 1
+          fi
+          
+          if [ -z "${{ vars.HELM_GITHUB_REPOSITORY }}" ]; then
+            echo "ERROR: HELM_GITHUB_REPOSITORY variable is not set or is empty"
+            echo "Please add HELM_GITHUB_REPOSITORY to repository variables (Settings -> Secrets and variables -> Actions -> Variables)"
+            exit 1
+          fi
+          
+          echo "Configuration validated:"
+          echo "  HELM_GITHUB_REPOSITORY: ${{ vars.HELM_GITHUB_REPOSITORY }}"
+          echo "  HELM_GITHUB_TOKEN: [SET]"
+          
+      - name: Upload Release Artifacts to Helm Repo
+        run: |
+          cr upload \
+            --git-repo=${{ vars.HELM_GITHUB_REPOSITORY }} \
+            --owner=${GITHUB_REPOSITORY_OWNER} \
+            --release-name-template=${{ github.event.release.name }} \
+            --token=${{ secrets.HELM_GITHUB_TOKEN }} \
+            --package-path=.cr-release-packages \
+            --skip-existing
+      - name: Configure Git
+        run: |
+          git config user.name "$GITHUB_ACTOR"
+          git config user.email "[email protected]"
+      - name: Release Chart to Operator Repo
+        run: |
+          git remote add httpsorigin "https://github.com/${GITHUB_REPOSITORY}.git"
+          git fetch httpsorigin
+          cr index \
+            --git-repo=${GITHUB_REPOSITORY#*/} \
+            --owner=${GITHUB_REPOSITORY_OWNER} \
+            --release-name-template=${{ github.event.release.name }} \
+            --token=${{ secrets.GITHUB_TOKEN }}  \
+            --index-path=index.yaml \
+            --remote=httpsorigin \
+            --push
+      - name: Release Chart to Helm Repo
+        run: |
+          # Validate configuration before attempting to push
+          if [ -z "${{ vars.HELM_GITHUB_REPOSITORY }}" ]; then
+            echo "ERROR: HELM_GITHUB_REPOSITORY variable is not set or is empty"
+            echo "This step requires HELM_GITHUB_REPOSITORY to be set in repository variables"
+            echo "Go to: Settings -> Secrets and variables -> Actions -> Variables"
+            exit 1
+          fi
+          
+          if [ -z "${{ secrets.HELM_GITHUB_TOKEN }}" ]; then
+            echo "ERROR: HELM_GITHUB_TOKEN secret is not set or is empty"
+            echo "This step requires HELM_GITHUB_TOKEN with write access to: ${GITHUB_REPOSITORY_OWNER}/${{ vars.HELM_GITHUB_REPOSITORY }}"
+            echo "Go to: Settings -> Secrets and variables -> Actions -> Secrets"
+            exit 1
+          fi
+          
+          echo "Attempting to push to helm repository: ${GITHUB_REPOSITORY_OWNER}/${{ vars.HELM_GITHUB_REPOSITORY }}"
+          
+          # Test token authentication
+          echo "Testing token authentication..."
+          TOKEN_USER=$(curl -sS -H "Authorization: token ${{ secrets.HELM_GITHUB_TOKEN }}" https://api.github.com/user | jq -r '.login')
+          echo "Token authenticated as user: ${TOKEN_USER}"
+          
+          # Save current directory
+          WORK_DIR=$(pwd)
+          
+          # Create a temporary directory for helm repo operations
+          TEMP_DIR=$(mktemp -d)
+          cd "$TEMP_DIR"
+          
+          # Clone the helm repository WITHOUT token in URL to avoid masking issues
+          echo "Cloning helm repository to temporary directory..."
+          git clone https://github.com/${GITHUB_REPOSITORY_OWNER}/${{ vars.HELM_GITHUB_REPOSITORY }}.git helm-repo || {
+            echo "ERROR: Failed to clone helm repository"
+            echo "Please verify:"
+            echo "  1. Repository exists: ${GITHUB_REPOSITORY_OWNER}/${{ vars.HELM_GITHUB_REPOSITORY }}"
+            exit 1
+          }
+          
+          cd helm-repo
+          
+          # Configure git credentials for push
+          git config user.email "[email protected]"
+          git config user.name "$GITHUB_ACTOR"
+          
+          # Set up authentication using git credential helper
+          git config credential.helper "store --file=.git/credentials"
+          echo "https://x-access-token:${{ secrets.HELM_GITHUB_TOKEN }}@github.com" > .git/credentials
+          
+          # Now use cr index from within the helm repo to avoid history conflicts
+          echo "Generating index.yaml within helm repository context..."
+          
+          # Copy the package to a local directory within helm repo
+          mkdir -p .cr-release-packages
+          cp "$WORK_DIR"/.cr-release-packages/*.tgz .cr-release-packages/ || {
+            echo "ERROR: No chart packages found in .cr-release-packages"
+            exit 1
+          }
+          
+          # Generate index with cr (this will handle the gh-pages branch automatically)
+          cr index \
+            --git-repo=${{ vars.HELM_GITHUB_REPOSITORY }} \
+            --owner=${GITHUB_REPOSITORY_OWNER} \
+            --release-name-template=${{ github.event.release.name }} \
+            --token=${{ secrets.HELM_GITHUB_TOKEN }} \
+            --package-path=.cr-release-packages \
+            --index-path=index.yaml \
+            --push || {
+            echo "ERROR: Failed to generate or push index to helm repository"
+            echo "Debug: Current directory is $(pwd)"
+            echo "Debug: Git remotes:"
+            git remote -v
+            echo "Debug: Git status:"
+            git status
+            exit 1
+          }
+          
+          echo "Successfully updated helm repository index"
+          
+          # Cleanup
+          cd /
+          rm -rf "$TEMP_DIR"