ci: update apps.yaml with charts (#2270)

Co-authored-by: svcAPLBot <[email protected]>

Author: merll

apps.yaml

@@ -42,6 +42,7 @@ appsInfo:
     license: Apache 2.0
     about: CloudNative PostgreSQL is an open source operator designed to manage PostgreSQL workloads on any supported Kubernetes cluster running in private, public, hybrid, or multi-cloud environments.
     integration: CloudNativePG is used by APL to provide Postgresql database for various applications. In the values you can configure a storageprovider for backups. The backups can be enabled in settings.
+    chartName: cloudnative-pg
   drone:
     title: Drone
     appVersion: 2.7.3
@@ -153,6 +154,7 @@ appsInfo:
     license: Apache 2.0
     about: Istio is an open platform for providing a uniform way to integrate microservices, manage traffic flow across microservices, enforce policies and aggregate telemetry data. Istio's control plane provides an abstraction layer over the underlying cluster management platform.
     integration: APL has security best practices built in, and is designed for intrusion. Istio is used by APL as a service mesh to deliver mTLS enforcement for all traffic that is deemed compromisable, egress control to force teams to choose explicit egress endpoints, and advanced routing capabilities such as weight based load balancing (A/B or blue/green testing). Istio is part of the core of APL and can not be disabled.
+    chartName: istiod
   jaeger:
     title: Jaeger Operator
     dependencies: Open Telemetry (otel)
@@ -186,6 +188,7 @@ appsInfo:
     dependencies: Prometheus
     about: Kiali is a management console for Istio to manage, visualize, validate and troubleshoot the service mesh.
     integration: Kiali can be activated to gain observability insights on its network traffic. Kiali runs in anonymous mode and each authenticated user is given the same authorization, allowing them to see everything.
+    chartName: kiali-operator
   knative:
     title: Knative Operator
     appVersion: 1.18.1
@@ -196,6 +199,7 @@ appsInfo:
     license: Apache 2.0
     about: Knative Serving builds on Kubernetes to support deploying and serving of applications and functions as serverless containers. Serving is easy to get started with and scales to support advanced scenarios.
     integration: Knative serving can be activated to deliver Container-as-a-Service (CaaS) functionality with a scale-to-zero option. It can be compared to Functions-as-a-service (FaaS) but is container oriented, and takes only one manifest to configure an auto scaling service based on a container image of choice. APL offers an on-the-fly Knative service deployment, making it very easy to deploy containerized services without the hassle of providing all the supporting resources involved with Helm charts. Istio Virtual Services are used to route traffic coming in for a public domain to its backing Knative Service, allowing it to set a custom domain.
+    chartName: knative-operator
   kyverno:
     title: Kyverno
     appVersion: 1.11.4
@@ -229,6 +233,7 @@ appsInfo:
     dependencies: Harbor
     about: Tekton Pipelines provides Kubernetes custom resources for declaring CI/CD-style pipelines.
     integration: APL uses Tekton to proivide pre-build pipelines using the git-clone, buildpacks and kaniko tasks to build images from source code and push the created images to Harbor.
+    chartName: tekton-pipelines
   loki:
     title: Loki
     appVersion: 2.9.10
@@ -317,6 +322,7 @@ appsInfo:
     dependencies: Prometheus, Grafana
     about: Trivy Operator continuously scans your Kubernetes cluster for security issues, and generates security reports as Kubernetes Custom Resources. It does it by watching Kubernetes for state changes and automatically triggering scans in response to changes.
     integration: APL installs and configures Trivy Operator to scan all resources deployed by a team and makes results visible in a Grafana dashboard.
+    chartName: trivy-operator
   otel:
     title: Open Telemetry Operator
     appVersion: 0.80.0
@@ -328,6 +334,7 @@ appsInfo:
     dependencies: Prometheus, Grafana, Loki, Tempo
     about: The OpenTelemetry Collector offers a vendor-agnostic implementation on how to receive, process and export telemetry data. In addition, it removes the need to run, operate and maintain multiple agents/collectors in order to support open-source telemetry data formats (e.g. Jaeger, Prometheus, etc.) to multiple open-source or commercial back-ends.
     integration: OpenTelemetry Collector is used to receive telementry data from Istio Envoy access logs and export this data to Tempo.
+    chartName: otel-operator
   velero:
     title: Velero
     appVersion: 1.9.0

ci/src/update-helm-chart-deps.mjs

@@ -7,7 +7,7 @@ import yaml from 'js-yaml'
 import semver from 'semver'
 import { $ } from 'zx'
 
-export function isVersionApplicable(currentVersion, version, allowedUpgradeType) {
+function isVersionApplicable(currentVersion, version, allowedUpgradeType) {
   if (semver.lte(version, currentVersion)) {
     return false // Ignore versions that are <= current version
   }
@@ -22,6 +22,16 @@ export function isVersionApplicable(currentVersion, version, allowedUpgradeType)
   return true // Default: Allow all upgrades
 }
 
+async function loadYamlFile(fileName) {
+  const yamlContent = await fs.readFile(fileName, 'utf8')
+  return yaml.load(yamlContent)
+}
+
+async function writeYamlFile(fileName, data) {
+  const yamlContent = yaml.dump(data, { lineWidth: 1000 })
+  await fs.writeFile(fileName, yamlContent, 'utf8')
+}
+
 async function main() {
   config()
   const env = envalid.cleanEnv(process.env, {
@@ -39,6 +49,7 @@ async function main() {
   // Path to the Chart.yaml file
   const chartFile = '../chart/chart-index/Chart.yaml'
   const chartsDir = '../charts'
+  const appsFile = '../apps.yaml'
 
   // Specify allowed upgrade types: 'minor', 'patch', or leave undefined for all
   const allowedUpgradeType = env.CI_UPDATE_TYPE
@@ -51,30 +62,39 @@ async function main() {
 
   try {
     // Read the Chart.yaml file
-    const chartContent = await fs.readFile(chartFile, 'utf8')
-    const chart = yaml.load(chartContent)
+    const chart = await loadYamlFile(chartFile)
     const dependencyErrors = {}
     const fixedChartVersions = {}
 
-    if (!chart.dependencies || !Array.isArray(chart.dependencies)) {
+    if (!Array.isArray(chart.dependencies) || chart.dependencies.length === 0) {
       console.error('No dependencies found in Chart.yaml')
       process.exit(1)
     }
 
+    const apps = await loadYamlFile(appsFile)
+    const appsInfo = apps.appsInfo
+    if (!appsInfo || Object.keys(appsInfo).length === 0) {
+      console.error('No app information found in apps.yaml')
+      process.exit(1)
+    }
+    // Mapping to look up / update apps info by chart
+    const chartApps = Object.fromEntries(
+      Object.entries(appsInfo).map(([appName, appInfo]) => [appInfo.chartName || appName, appInfo])
+    )
+
     for (const dependency of chart.dependencies) {
       const currentDependencyVersion = dependency.version
-      if (dependencyNameFilter.length != 0 && !dependencyNameFilter.includes(dependency.name)) {
+      if (dependencyNameFilter.length !== 0 && !dependencyNameFilter.includes(dependency.name)) {
         console.log(
           `Skipping updates for dependency: ${dependency.name} due to dependencyNameFilter: ${dependencyNameFilter} `,
         )
         continue
       }
 
       console.log(`Pre-check for dependency ${dependency.name}`)
+      const dependencyFileName = `${chartsDir}/${dependency.alias || dependency.name}/Chart.yaml`
       try {
-        const dependencyFileName = `${chartsDir}/${dependency.alias || dependency.name}/Chart.yaml`
-        const dependencyFile = await fs.readFile(dependencyFileName, 'utf8')
-        const dependencyChart = yaml.load(dependencyFile)
+        const dependencyChart = await loadYamlFile(dependencyFileName)
         if (dependencyChart.version !== currentDependencyVersion) {
           console.error(`Skipping update, indexed version of dependency ${dependency.name} is not consistent with chart version.`)
           dependencyErrors[dependency.name] = 'Indexed version of dependency is not consistent with chart version.'
@@ -143,8 +163,7 @@ async function main() {
         }
 
         // Write the updated Chart.yaml file
-        const updatedChart = yaml.dump(chart)
-        await fs.writeFile(chartFile, updatedChart, 'utf8')
+        await writeYamlFile(chartFile, chart)
         // Fetch and unpack the new chart version
         const tempDir = `./tmp/charts/${dependency.name}`
         await $`mkdir -p ${tempDir}`
@@ -159,6 +178,35 @@ async function main() {
           await $`tar -xzvf ${tempDir}/${dependency.name}-${latestVersion}.tgz -C ${chartsDir}`
         }
 
+        const appInfo = chartApps[dependency.name]
+        // By default create a draft PR only if appInfo is not found for chart
+        let setPrDraft = Boolean(!appInfo)
+        if (appInfo) {
+          console.log(`Chart ${dependency.name} assigned to app – looking up new version`)
+          try {
+            const dependencyChart = await loadYamlFile(dependencyFileName)
+            const updatedAppVersion = dependencyChart?.appVersion
+            if (updatedAppVersion) {
+              appInfo.appVersion = updatedAppVersion.replace(/^v/, '')
+              try {
+                await writeYamlFile(appsFile, apps)
+                await $`git add ${appsFile}`
+              } catch (error) {
+                console.error(`Error updating app version for ${dependency.name}:`, error)
+                setPrDraft = true
+              }
+            } else {
+              console.info(`Updated app version not found in chart ${dependency.name}`)
+              setPrDraft = true
+            }
+          } catch (error) {
+            console.error(`Error checking dependency app version ${dependency.name}:`, error)
+            setPrDraft = true
+          }
+        } else {
+          console.log(`No app found for ${dependency.name}`)
+        }
+
         if (ciCreateFeatureBranch) {
           await $`git add ${chartFile}`
           await $`git add ${chartsDir}`
@@ -171,7 +219,20 @@ async function main() {
         if (ciCreateGithubPr) {
           // Create a pull request
           const prBody = `This PR updates the dependency **${dependency.name}** to version **${latestVersion}**.`
-          await $`gh pr create --title ${commitMessage} --body "${prBody}" --base ${baseBranch} --head ${branchName}`
+          const args = [
+            '--title',
+            commitMessage,
+            '--body',
+            prBody,
+            '--base',
+            baseBranch,
+            '--head',
+            branchName,
+          ]
+          if (setPrDraft) {
+            args.push('--draft')
+          }
+          await $`gh pr create ${args}`
         }
       } catch (error) {
         console.error('Error updating dependencies:', error)
@@ -203,8 +264,7 @@ async function main() {
         }
       }
       // Write the updated Chart.yaml file
-      const updatedChart = yaml.dump(chart)
-      await fs.writeFile(chartFile, updatedChart, 'utf8')
+      await writeYamlFile(chartFile, chart)
     }
   } catch (error) {
     console.error('Error updating dependencies:', error)