Update CI workflow with update

.github/workflows/chart-ci.yml

@@ -36,10 +36,15 @@ jobs:
 
       - name: Extract and add Helm repositories
         run: |
-          yq eval '.dependencies[] | "\(.name) \(.repository)"' ${{ inputs.chart-dir }}/Chart.yaml | \
-          while read -r name repo; do
-            helm repo add "$name" "$repo"
+          yq eval -r '
+            .dependencies[]
+            | select(.repository != "oci://*")
+            | "\(.name) \(.repository)"
+            ' "${{ inputs.chart-dir }}/Chart.yaml" \
+          | while read -r name repo; do
+              helm repo add "$name" "$repo"
           done
+
           helm repo update
 
       - name: Install chart dependencies
@@ -180,7 +185,7 @@ jobs:
           path: ${{ inputs.chart-dir }}
 
       - name: Build Trivy Vulnerability report
-        uses: aquasecurity/trivy-action@0.29.0
+        uses: aquasecurity/trivy-action@0.35.0
         env:
           TRIVY_HELM_KUBE_VERSION: ${{ inputs.kubernetes-version }}
           TRIVY_HELM_SET_FILE: ${{ inputs.chart-values }}
@@ -198,7 +203,7 @@ jobs:
           sarif_file: 'trivy-vuln-results.sarif' 
 
       - name: Run Trivy Vulnerability scan
-        uses: aquasecurity/trivy-action@0.29.0
+        uses: aquasecurity/trivy-action@0.35.0
         env:
           TRIVY_HELM_KUBE_VERSION: ${{ inputs.kubernetes-version }}
           TRIVY_HELM_SET_FILE: ${{ inputs.chart-values }}
@@ -271,57 +276,88 @@ jobs:
         with:
           fetch-depth: 0
 
-      - name: Configure Git
+      # ### Release steps specific to `feature` branch ###
+      - name: Add release suffix - SNAPSHOT
+        if: github.ref != 'refs/heads/main' &&  github.ref != 'refs/heads/dev'
         run: |
-          git config user.name "$GITHUB_ACTOR"
-          git config user.email "$GITHUB_ACTOR@users.noreply.github.com"
-
-          # Fix for "chart-cr" action bug https://github.com/helm/chart-releaser-action/issues/171#issuecomment-2372464055
-          git fetch --tags
-          latest_tag=$(git tag --sort=-creatordate | head -n 1 || true)
-          echo "latest_tag=$latest_tag" >> "$GITHUB_OUTPUT"
-
-      - name: Download packaged Chart
-        uses: actions/download-artifact@v4
-        with:
-          name: packaged-chart
-          path: ${{ inputs.chart-dir }}
-
-      - name: Install Helm
-        uses: azure/setup-helm@v4.3.1
-        env:
-          GITHUB_TOKEN: "${{ secrets.GITHUB_TOKEN }}"
-
-      - name: Extract and add Helm repositories
-        run: |
-          yq eval '.dependencies[] | "\(.name) \(.repository)"' ${{ inputs.chart-dir }}/Chart.yaml | \
-          while read -r name repo; do
-            helm repo add "$name" "$repo"
-          done
-          helm repo update
+          VERSION_SUFFIX="-snapshot-$(git rev-parse --short ${{ github.sha }})" \
+          yq -i '.version |= . + env(VERSION_SUFFIX)' ${{ inputs.chart-dir }}/Chart.yaml
 
       ### Release steps specific to `dev` branch ###
       - name: Add release suffix - DEV
         if: github.ref == 'refs/heads/dev'
         run: |
-          VERSION_SUFFIX="-dev.$(git rev-parse --short ${{ github.sha }})" \
+          VERSION_SUFFIX="-dev-$(git rev-parse --short ${{ github.sha }})" \
           yq -i '.version |= . + env(VERSION_SUFFIX)' ${{ inputs.chart-dir }}/Chart.yaml
 
-      - name: Run chart-releaser - DEV
-        if: github.ref == 'refs/heads/dev'
-        uses: helm/chart-releaser-action@v1.7.0
-        env:
-          CR_TOKEN: "${{ secrets.GITHUB_TOKEN }}"
-        with:
-          skip_existing: true
-          mark_as_latest: false
+      - name: Package chart
+        run: |
+          helm package ${{ inputs.chart-dir }} -d .cr-release-packages/
+
+      # ### Prepare release variables ###
+      - name: Prepare release variables
+        id: prepare-release
+        run: |
+          git fetch origin gh-pages
+          name=$(git show origin/gh-pages:index.yaml | yq e '.entries | keys | .[0]' 2>/dev/null || echo " ??? ")
 
-      ### Release steps specific to `main` branch ###
-      - name: Run chart-releaser - MAIN
+          VERSION=$(yq '.version' ${{ inputs.chart-dir }}/Chart.yaml)
+
+          TAG_NAME="${name}-${VERSION}" 
+
+          echo "TAG_NAME=$TAG_NAME" >> $GITHUB_OUTPUT
+          echo "VERSION=$VERSION" >> $GITHUB_OUTPUT
+
+      # ### Release steps specific to `feature` or `dev` branch ###
+      - name: Create GitHub pre-release + tag
+        if: github.ref != 'refs/heads/main'
+        env:
+          GH_TOKEN: ${{ secrets.GITHUB_TOKEN }}
+        run: |
+          gh release create "${{ steps.prepare-release.outputs.TAG_NAME }}" \
+            .cr-release-packages/*.tgz \
+            --prerelease \
+            --title "${{ steps.prepare-release.outputs.TAG_NAME }}" \
+            --target ${{ github.sha}} \
+            --notes "Version from ${{ github.ref_name }}" \
+            -F CHANGELOG.md
+
+      # ### Release steps specific to `main` branch ###
+      - name: Create GitHub release + tag
         if: github.ref == 'refs/heads/main'
-        uses: helm/chart-releaser-action@v1.7.0
         env:
-          CR_TOKEN: "${{ secrets.GITHUB_TOKEN }}"
-        with:
-          skip_existing: true
-          mark_as_latest: true
+          GH_TOKEN: ${{ secrets.GITHUB_TOKEN }}
+        run: |
+          gh release create "${{ steps.prepare-release.outputs.TAG_NAME }}" \
+            .cr-release-packages/*.tgz \
+            --latest \
+            --target ${{ github.sha}} \
+            --title "${{ steps.prepare-release.outputs.TAG_NAME }}" \
+            --notes "Version from ${{ github.ref_name }}" \
+            -F CHANGELOG.md
+
+      - name: Update index.yaml on gh-pages
+        env:
+          CR_TOKEN: ${{ secrets.GITHUB_TOKEN }}
+        run: |
+          git config user.name "$GITHUB_ACTOR"
+          git config user.email "$GITHUB_ACTOR@users.noreply.github.com"
+
+          # Get gh-pages 
+          git fetch origin gh-pages
+          mkdir -p .cr-index
+          git show origin/gh-pages:index.yaml > .cr-index/index.yaml 2>/dev/null || echo "apiVersion: v1\nentries: {}" > .cr-index/index.yaml
+
+          echo "Merge index.yaml with new chart version..."
+          helm repo index .cr-index \
+            --url https://${{ github.repository_owner }}.github.io/${{ github.event.repository.name }} \
+            --merge .cr-index/index.yaml
+
+          args=(-o "${{ github.repository_owner }}" -r "${{ github.event.repository.name }}" --push)
+
+          echo "Installing chart-releaser on $install_dir..."
+          curl -sSLo cr.tar.gz "https://github.com/helm/chart-releaser/releases/download/v1.8.1/chart-releaser_1.8.1_linux_amd64.tar.gz"
+          tar -xzf cr.tar.gz -C "/usr/local/bin/"
+          rm -f cr.tar.gz
+
+          cr index "${args[@]}"

.github/workflows/ci.yml

@@ -1,3 +1,4 @@
+---
 name: CI
 
 # Controls when the workflow will run
@@ -7,7 +8,7 @@ on:
     branches-ignore:
       - "main"
   pull_request:
-    branches: [ "main", "dev" ]
+    branches: ["main", "dev"]
 
   # Allows you to run this workflow manually from the Actions tab
   workflow_dispatch:
@@ -25,4 +26,11 @@ jobs:
       - uses: actions/checkout@v4
       - name: yaml-lint
         uses: ibiqlik/action-yamllint@v3.1.1
-
+        with:
+          config_data: |
+            extends: default
+            rules:
+              trailing-spaces:
+                level: warning
+              line-length: disable # don't bother me with this rule    
+              comments-indentation: disable  # don't bother me with this rule