From ca903c9cf3235174bc76c371a908d82727aa59c9 Mon Sep 17 00:00:00 2001
From: justusbunsi <sk.bunsenbrenner@gmail.com>
Date: Fri, 13 Oct 2023 16:04:27 +0000
Subject: [PATCH] Fix `helm dependency build` once and for all (#535)

### Description of the change

We are affected by a regression of a Helm bug from May 2023. I've tested
the Helm versions 3.13.1, 3.13.0 and 3.12.3. Both 3.13.x are affected.
3.12.3 works. So let's downgrade and drop the docker login in PR builds.

I've also switched the `apt install helm` with an official `alpine/helm`
image I am using at work. Pinning the helm version and receiving updates
helps us identifying such issues in the future.

For the release workflow I was a bit more reluctant with changes, since
I cannot easily test them. That's why I just pinned the Helm version.

Renovate will provide one PR changing both files because it's the same
dependency (alpine/helm) from the same datasource (docker).

https://github.com/helm/helm/issues/12062

### Applicable issues

- implicitly fixes #527

Reviewed-on: https://gitea.com/gitea/helm-chart/pulls/535
Reviewed-by: pat-s <pat-s@noreply.gitea.com>
Co-authored-by: justusbunsi <sk.bunsenbrenner@gmail.com>
Co-committed-by: justusbunsi <sk.bunsenbrenner@gmail.com>
---
 .gitea/workflows/release-version.yml |  6 ++++-
 .gitea/workflows/test-pr.yml         | 33 ++++++++++------------------
 renovate.json5                       | 10 +++++++++
 3 files changed, 27 insertions(+), 22 deletions(-)

diff --git a/.gitea/workflows/release-version.yml b/.gitea/workflows/release-version.yml
index 3fa25c3..9e0d02f 100644
--- a/.gitea/workflows/release-version.yml
+++ b/.gitea/workflows/release-version.yml
@@ -5,6 +5,10 @@ on:
     tags:
       - "*"
 
+env:
+  # renovate: datasource=docker depName=alpine/helm
+  HELM_VERSION: "3.12.3"
+
 jobs:
   generate-chart-publish:
     runs-on: ubuntu-latest
@@ -23,7 +27,7 @@ jobs:
           chmod a+r /etc/apt/keyrings/docker.gpg
           echo "deb [arch="$(dpkg --print-architecture)" signed-by=/etc/apt/keyrings/docker.gpg] https://download.docker.com/linux/debian "$(. /etc/os-release && echo "$VERSION_CODENAME")" stable" | tee /etc/apt/sources.list.d/docker.list > /dev/null
           apt update -y
-          apt install -y python helm python3-pip apt-transport-https docker-ce-cli
+          apt install -y python helm=${{ env.HELM_VERSION }}-1 python3-pip apt-transport-https docker-ce-cli
           pip install awscli
 
       - name: Import GPG key
diff --git a/.gitea/workflows/test-pr.yml b/.gitea/workflows/test-pr.yml
index c8b36a7..6b8b0f2 100644
--- a/.gitea/workflows/test-pr.yml
+++ b/.gitea/workflows/test-pr.yml
@@ -3,38 +3,29 @@ name: check-and-test
 on:
   - pull_request
 
+env:
+  # renovate: datasource=github-releases depName=helm-unittest/helm-unittest
+  HELM_UNITTEST_VERSION: "0.3.3"
+
 jobs:
   check-and-test:
     runs-on: ubuntu-latest
+    container: alpine/helm:3.12.3
     steps:
-      - uses: actions/checkout@v4
       - name: install tools
         run: |
-          apt update -y
-          apt install -y curl make
-          # helm
-          curl https://baltocdn.com/helm/signing.asc | gpg --dearmor | tee /usr/share/keyrings/helm.gpg > /dev/null
-          echo "deb [arch=$(dpkg --print-architecture) signed-by=/usr/share/keyrings/helm.gpg] https://baltocdn.com/helm/stable/debian/ all main" | tee /etc/apt/sources.list.d/helm-stable-debian.list
-          # docker
-          install -m 0755 -d /etc/apt/keyrings
-          curl -fsSL https://download.docker.com/linux/debian/gpg | gpg --dearmor -o /etc/apt/keyrings/docker.gpg
-          chmod a+r /etc/apt/keyrings/docker.gpg
-          echo "deb [arch="$(dpkg --print-architecture)" signed-by=/etc/apt/keyrings/docker.gpg] https://download.docker.com/linux/debian "$(. /etc/os-release && echo "$VERSION_CODENAME")" stable" | tee /etc/apt/sources.list.d/docker.list > /dev/null
-          apt update -y
-          apt install -y helm python3-pip docker-ce-cli
-          pip install yamllint
-          # login to docker
-          echo ${{ secrets.DOCKER_PASSWORD_PUBLIC }} | docker login -u ${{ secrets.DOCKER_USERNAME_PUBLIC }} --password-stdin
-      - name: dependency update
-        run: helm dependency update
+          apk update
+          apk add --update make nodejs npm yamllint
+      - uses: actions/checkout@v4
+      - name: install chart dependencies
+        run: helm dependency build
       - name: lint
         run: helm lint
       - name: template
-        run: |
-          helm template --debug gitea-helm .
+        run: helm template --debug gitea-helm .
       - name: unit tests
         run: |
-          helm plugin install --version 0.3.3 https://github.com/helm-unittest/helm-unittest
+          helm plugin install --version ${{ env.HELM_UNITTEST_VERSION }} https://github.com/helm-unittest/helm-unittest
           make unittests
       - name: verify readme
         run: |
diff --git a/renovate.json5 b/renovate.json5
index e8bcaaf..bb49f4b 100644
--- a/renovate.json5
+++ b/renovate.json5
@@ -1,6 +1,16 @@
 {
   $schema: "https://docs.renovatebot.com/renovate-schema.json",
   extends: ["gitea>gitea/renovate-config"],
+  customManagers: [
+      {
+        description: 'Gitea-version of https://docs.renovatebot.com/presets-regexManagers/#regexmanagersgithubactionsversions',
+        customType: 'regex',
+        fileMatch: ['.gitea/workflows/.+\\.ya?ml$'],
+        matchStrings: [
+          '# renovate: datasource=(?<datasource>[a-z-.]+?) depName=(?<depName>[^\\s]+?)(?: (?:lookupName|packageName)=(?<packageName>[^\\s]+?))?(?: versioning=(?<versioning>[a-z-0-9]+?))?\\s+[A-Za-z0-9_]+?_VERSION\\s*:\\s*["\']?(?<currentValue>.+?)["\']?\\s',
+        ],
+      },
+    ],
   packageRules: [
     {
       description: "Automerge minor + patch dependency updates weekly",