diff --git a/.github/workflows/chart-ci.yml b/.github/workflows/chart-ci.yml index 345cb1f6d..d5ce7c532 100644 --- a/.github/workflows/chart-ci.yml +++ b/.github/workflows/chart-ci.yml @@ -4,15 +4,62 @@ on: pull_request: paths: - 'charts/**' + - 'config/initializers/version.rb' - '.github/workflows/chart-ci.yml' push: branches: - main paths: - 'charts/**' + - 'config/initializers/version.rb' - '.github/workflows/chart-ci.yml' jobs: + version-sync: + name: Verify Helm ↔ Rails version sync + runs-on: ubuntu-latest + steps: + - name: Checkout + uses: actions/checkout@v4 + + - name: Check version alignment + shell: bash + run: | + set -euo pipefail + + RAILS_VERSION=$(grep -oP '"\K[0-9]+\.[0-9]+\.[0-9]+(-[a-zA-Z0-9.]+)?' config/initializers/version.rb | head -n 1 || true) + if [ -z "$RAILS_VERSION" ]; then + echo "::error::Could not extract a version string from config/initializers/version.rb — ensure it contains a quoted semver like VERSION = \"1.2.3\"" + exit 1 + fi + CHART_VERSION=$(sed -n 's/^version: //p' charts/sure/Chart.yaml | head -n 1) + APP_VERSION=$(sed -n 's/^appVersion: "\{0,1\}\([^"]*\)"\{0,1\}/\1/p' charts/sure/Chart.yaml | head -n 1) + + echo "Rails version (version.rb): $RAILS_VERSION" + echo "Helm chart version (Chart.yaml): $CHART_VERSION" + echo "Helm appVersion (Chart.yaml): $APP_VERSION" + + ERRORS=0 + + if [ "$RAILS_VERSION" != "$CHART_VERSION" ]; then + echo "::error::Chart version ($CHART_VERSION) does not match Rails version ($RAILS_VERSION)" + ERRORS=$((ERRORS + 1)) + fi + + if [ "$RAILS_VERSION" != "$APP_VERSION" ]; then + echo "::error::Chart appVersion ($APP_VERSION) does not match Rails version ($RAILS_VERSION)" + ERRORS=$((ERRORS + 1)) + fi + + if [ "$ERRORS" -gt 0 ]; then + echo "" + echo "To fix: ensure version in config/initializers/version.rb matches" + echo "both 'version' and 'appVersion' in charts/sure/Chart.yaml" + exit 1 + fi + + echo "All versions are in sync." + helm-checks: runs-on: ubuntu-latest steps: diff --git a/.github/workflows/chart-release.yml b/.github/workflows/chart-release.yml index 5fb71d32d..23fac9b88 100644 --- a/.github/workflows/chart-release.yml +++ b/.github/workflows/chart-release.yml @@ -28,33 +28,23 @@ jobs: run: | set -euo pipefail + # Read the canonical version from the Rails app (single source of truth) + APP_SEMVER=$(grep -oP '"\K[0-9]+\.[0-9]+\.[0-9]+(-[a-zA-Z0-9.]+)?' config/initializers/version.rb | head -n 1 || true) + if [ -z "$APP_SEMVER" ]; then + echo "::error::Could not extract version from config/initializers/version.rb" + exit 1 + fi + echo "App version from version.rb: $APP_SEMVER" + if [ "${{ github.event_name }}" = "workflow_dispatch" ]; then - BASE_STABLE_TAG="$(git tag --list 'v*' --sort=-v:refname | { grep -Ev 'alpha|beta|rc' || true; } | head -n 1)" - if [ -z "$BASE_STABLE_TAG" ]; then - echo "::error::No stable app tag found for chart appVersion" + # Use the app version as the chart version (monorepo: versions stay in sync) + TAG_NAME="chart-v${APP_SEMVER}" + + if git rev-parse "refs/tags/${TAG_NAME}" >/dev/null 2>&1; then + echo "::error::Tag ${TAG_NAME} already exists. Bump the version in config/initializers/version.rb and charts/sure/Chart.yaml first." exit 1 fi - LATEST_CHART_TAG="$(git tag --list 'chart-v*' --sort=-v:refname | head -n 1)" - if [ -n "$LATEST_CHART_TAG" ]; then - BASE_CHART_VERSION="${LATEST_CHART_TAG#chart-v}" - else - BASE_CHART_VERSION="$(sed -n 's/^version: //p' charts/sure/Chart.yaml | head -n 1)" - BASE_CHART_VERSION="${BASE_CHART_VERSION:-0.0.0}" - fi - MAJOR="$(echo "$BASE_CHART_VERSION" | cut -d. -f1)" - MINOR="$(echo "$BASE_CHART_VERSION" | cut -d. -f2)" - PATCH="$(echo "$BASE_CHART_VERSION" | cut -d. -f3 | sed 's/[^0-9].*$//')" - PATCH="${PATCH:-0}" - - NEXT_PATCH=$((PATCH + 1)) - TAG_NAME="chart-v${MAJOR}.${MINOR}.${NEXT_PATCH}" - while git rev-parse "refs/tags/${TAG_NAME}" >/dev/null 2>&1; do - NEXT_PATCH=$((NEXT_PATCH + 1)) - TAG_NAME="chart-v${MAJOR}.${MINOR}.${NEXT_PATCH}" - done - CHART_VERSION="${MAJOR}.${MINOR}.${NEXT_PATCH}" - git config user.name "${GITHUB_ACTOR}" git config user.email "${GITHUB_ACTOR}@users.noreply.github.com" if ! git tag "$TAG_NAME"; then @@ -67,20 +57,13 @@ jobs: fi else TAG_NAME="${GITHUB_REF_NAME}" - BASE_STABLE_TAG="$(git tag --list 'v*' --sort=-v:refname | grep -Ev 'alpha|beta|rc' | head -n 1 || true)" fi CHART_VERSION="${TAG_NAME#chart-v}" - if [ -z "${BASE_STABLE_TAG:-}" ]; then - echo "::warning::No stable app tag found; falling back to CHART_VERSION (${CHART_VERSION}) for appVersion" - fi - - APP_VERSION="${BASE_STABLE_TAG:-${CHART_VERSION}}" - echo "tag_name=$TAG_NAME" >> "$GITHUB_OUTPUT" echo "chart_version=$CHART_VERSION" >> "$GITHUB_OUTPUT" - echo "app_version=$APP_VERSION" >> "$GITHUB_OUTPUT" + echo "app_version=$APP_SEMVER" >> "$GITHUB_OUTPUT" publish_chart: needs: prepare_release diff --git a/charts/sure/values.yaml b/charts/sure/values.yaml index 4e9b9a302..3ecd95f94 100644 --- a/charts/sure/values.yaml +++ b/charts/sure/values.yaml @@ -9,7 +9,8 @@ fullnameOverride: "" image: repository: ghcr.io/we-promise/sure - tag: "0.6.6" + # Defaults to Chart.appVersion when empty + tag: "" pullPolicy: IfNotPresent # Optional: imagePullSecrets to pull from private registries imagePullSecrets: [] @@ -34,7 +35,7 @@ rails: enabled: false values: SECRET_KEY_BASE: "" - # Active Record encryption keys — required if simplefin.encryption.enabled=true + # Active Record encryption keys ACTIVE_RECORD_ENCRYPTION_PRIMARY_KEY: "" ACTIVE_RECORD_ENCRYPTION_DETERMINISTIC_KEY: "" ACTIVE_RECORD_ENCRYPTION_KEY_DERIVATION_SALT: "" @@ -51,7 +52,7 @@ rails: settings: SELF_HOSTED: "true" ONBOARDING_STATE: "open" - AI_DEBUG_MODE: "" + AI_DEBUG_MODE: "false" # Database: CloudNativePG (operator chart dependency) and a Cluster CR (optional) cloudnative-pg: