publish charts for head images (#50779)

* add chart repo for tags

* remove upload chart

* add build publish chart to push workflow

.github/actions/rancher-chart/build/action.yml

@@ -38,11 +38,3 @@ runs:
     - name: Package
       shell: bash
       run: ./scripts/chart/package
-    - name: Upload chart
-      uses: actions/upload-artifact@v4
-      with:
-        name: chart
-        path: ./bin/chart/*
-        if-no-files-found: error
-        retention-days: 4
-        overwrite: true

.github/workflows/push.yml

@@ -73,6 +73,40 @@ jobs:
             secret/data/github/repo/${{ github.repository }}/dockerhub/rancher/credentials password | DOCKER_PASSWORD
       - name: push
         uses: ./.github/actions/push-images
+  build-publish-chart:
+    needs: [push-images]
+    runs-on: org-${{ github.repository_owner_id }}-amd64-k8s
+    container: registry.suse.com/bci/bci-base:15.7
+    permissions:
+      contents: read
+      id-token: write
+    concurrency:
+      group: 'build-chart-tag'
+      # instead of cancelling other runs, wait until they are finished
+      cancel-in-progress: false
+    env:
+      ARCH: amd64
+    steps:
+      - name: install dependencies
+        shell: bash
+        run: zypper install -y git
+      - name: Git safe directory
+        run: git config --global --add safe.directory "$PWD"
+      - name: Checkout code
+        uses: actions/checkout@v4
+      - name: setup and build
+        uses: ./.github/actions/rancher-chart/build
+      - name: Load Secrets from Vault
+        uses: rancher-eio/read-vault-secrets@main
+        with:
+          secrets: |
+            secret/data/github/repo/${{ github.repository }}/optimus-charts-access-key/credentials token | AWS_ACCESS_KEY_ID_CHARTS ;
+            secret/data/github/repo/${{ github.repository }}/optimus-charts-secret-key/credentials token | AWS_SECRET_ACCESS_KEY_CHARTS ;
+            secret/data/github/repo/${{ github.repository }}/chart-dns-invalidator/credentials accessKeyId | AWS_ACCESS_KEY_ID_CACHE_INVALIDATION ;
+            secret/data/github/repo/${{ github.repository }}/chart-dns-invalidator/credentials secretAccessKey | AWS_SECRET_ACCESS_KEY_CACHE_INVALIDATION ;
+            secret/data/github/repo/${{ github.repository }}/chart-optimus-uploader/credentials stagingChartsOptimusBucketName | CHARTS_BUCKET_NAME ;
+      - name: publish
+        uses: ./.github/actions/rancher-chart/publish-aws
   build-installer:
     runs-on: runs-on,runner=4cpu-${{ matrix.os }}-${{ matrix.arch }},image=ubuntu22-full-${{ matrix.arch }},run-id=${{ github.run_id }}
     strategy:

scripts/chart/index

@@ -5,11 +5,17 @@ set -e
 echo "-- chart/index --"
 
 cd $(dirname $0)/../..
-mkdir -p build
-
 repo_index=${1}
 
-echo "Getting current index from ${repo_index}"
-curl -f -H 'Cache-Control: max-age=0,no-cache' -H 'Host: releases.rancher.com' "https://c.storage.googleapis.com/server-charts/${repo_index}/index.yaml?$(date +%s%N)" -o build/index.yaml
+# Do not merge the repo index if it is a release repo.
+# These repos contain only the latest version of the chart.
+if [[ "${repo_index}" =~ "release-" ]]; then
+  helm_v3 repo index ./bin/chart/${repo_index}
+else
+  mkdir -p build
 
-helm_v3 repo index --merge build/index.yaml ./bin/chart/${repo_index}
+  echo "Getting current index from ${repo_index}"
+  curl -f -H 'Cache-Control: max-age=0,no-cache' -H 'Host: releases.rancher.com' "https://c.storage.googleapis.com/server-charts/${repo_index}/index.yaml?$(date +%s%N)" -o build/index.yaml
+
+  helm_v3 repo index --merge build/index.yaml ./bin/chart/${repo_index}
+fi

scripts/version

@@ -53,6 +53,8 @@ case $CHART_VERSION in
         CHART_REPO="latest" ;;
     *-hotfix*) # All hotfix tags
         CHART_REPO="latest" ;;
+    *-head*) # All head tags
+        CHART_REPO="release-$(echo $CHART_VERSION | cut -d '-' -f1)" ;; # release-2.12
     +([0-9]).+([0-9]).+([0-9])) # All release tags
         CHART_REPO="latest" ;;
     *) # Anything else - Future use