From 2593f0c082b9bc8be7e8549da1eb9460941b7749 Mon Sep 17 00:00:00 2001
From: Alessandro Degano <a.degano@gmail.com>
Date: Fri, 4 Aug 2023 11:07:34 +0200
Subject: [PATCH] chore: update YQ everywhere and deploy-renku wants split
 values files.

- deploy-renku now expects two files for the values of the Helm chart to deploy:
one is the secrets that are stored in GH organization, the other is a file passed
to the action, meant to be in the Renku repository itself.

- YQ has been updated to version 4.x everywhere and the commands fixed according
to the need of the new version

- The base Docker image have also been updated

- YQ is now installed in all actions through the Alpine package directly
---
 deploy-renku/Dockerfile                           |  6 ++----
 deploy-renku/entrypoint.sh                        | 14 ++++++++++----
 rollout-renku-version/Dockerfile                  |  9 +++------
 rollout-renku-version/README.md                   |  2 +-
 rollout-renku-version/rollout-renku-deployment.sh |  2 +-
 update-component-version/Dockerfile               | 13 ++++++-------
 update-component-version/update-upstream.sh       |  4 ++--
 update-renku-actions/Dockerfile                   |  2 +-
 8 files changed, 26 insertions(+), 26 deletions(-)

diff --git a/deploy-renku/Dockerfile b/deploy-renku/Dockerfile
index 2b2c4d4..179d9a9 100644
--- a/deploy-renku/Dockerfile
+++ b/deploy-renku/Dockerfile
@@ -1,9 +1,7 @@
-FROM alpine/k8s:1.21.12
+FROM alpine/k8s:1.24.16
 
 # install dependencies
-RUN apk add python3 docker jq && \
-    wget -O /usr/bin/yq "https://github.com/mikefarah/yq/releases/download/3.1.1/yq_linux_amd64" && \
-    chmod a+x /usr/bin/yq && \
+RUN apk add python3 docker jq yq && \
     pip3 install -U pip \
     chartpress==1.0.0 \
     kubernetes \
diff --git a/deploy-renku/entrypoint.sh b/deploy-renku/entrypoint.sh
index 397a001..29a6ca3 100755
--- a/deploy-renku/entrypoint.sh
+++ b/deploy-renku/entrypoint.sh
@@ -12,8 +12,14 @@ echo $DOCKER_PASSWORD | docker login -u $DOCKER_USERNAME --password-stdin
 # set up kube context and values file
 echo "$RENKUBOT_KUBECONFIG" > "$KUBECONFIG" && chmod 400 "$KUBECONFIG"
 
-# set up the values file
-printf "%s" "$RENKU_VALUES" | sed "s/<replace>/${RENKU_RELEASE}/" > $RENKU_VALUES_FILE
+export RENKU_VALUES_FILE="/renku-values.yaml"
+
+# merge the secret and clear value files
+printf "%s" "$RENKU_SECRET_VALUES" > $RENKU_VALUES_FILE
+yq eval-all --inplace '. as $item ireduce ({}; . * $item )' $RENKU_VALUES_FILE $RENKU_CLEAR_VALUES_FILE
+
+# replace the release name
+sed --in-place "s/<replace>/${RENKU_RELEASE}/" $RENKU_VALUES_FILE
 
 # register the GitLab app
 if test -n "$GITLAB_TOKEN" ; then
@@ -26,8 +32,8 @@ if test -n "$GITLAB_TOKEN" ; then
   APP_SECRET=$(echo $gitlab_app | jq -r '.secret')
 
   # gateway gitlab app/secret
-  yq w -i $RENKU_VALUES_FILE "gateway.gitlabClientId" "$APP_ID"
-  yq w -i $RENKU_VALUES_FILE "gateway.gitlabClientSecret" "$APP_SECRET"
+  yq eval --inplace '.gateway.gitlabClientId = "$APP_ID"' $RENKU_VALUES_FILE
+  yq eval --inplace '.gateway.gitlabClientSecret = "$APP_SECRET"' $RENKU_VALUES_FILE
 fi
 
 # create namespace and ignore error in case it already exists
diff --git a/rollout-renku-version/Dockerfile b/rollout-renku-version/Dockerfile
index 28ebd99..3773b63 100644
--- a/rollout-renku-version/Dockerfile
+++ b/rollout-renku-version/Dockerfile
@@ -1,11 +1,8 @@
-FROM python:3.7-alpine3.10
+FROM alpine:3.18
 
 # install dependencies
-RUN apk add --no-cache git bash && \
-    apk add --no-cache --virtual .build-deps gcc g++ make && \
-    wget -O /usr/bin/yq "https://github.com/mikefarah/yq/releases/download/v4.27.5/yq_linux_amd64" && \
-    chmod a+x /usr/bin/yq && \
-    apk del .build-deps
+RUN apk update && \
+    apk add --no-cache git bash yq
 
 COPY rollout-renku-deployment.sh /
 RUN chmod +x /rollout-renku-deployment.sh
diff --git a/rollout-renku-version/README.md b/rollout-renku-version/README.md
index 45e22f7..c214365 100644
--- a/rollout-renku-version/README.md
+++ b/rollout-renku-version/README.md
@@ -1,6 +1,6 @@
 # Action for updating component version
 
-This is a docker action that will update the Renku version (rollout) in the deployments managed by terraform.
+This is a docker action that will update the Renku version (rollout) in the deployments managed by Terraform.
 
 ## Sample usage
 
diff --git a/rollout-renku-version/rollout-renku-deployment.sh b/rollout-renku-version/rollout-renku-deployment.sh
index 9c1b90f..8463abc 100644
--- a/rollout-renku-version/rollout-renku-deployment.sh
+++ b/rollout-renku-version/rollout-renku-deployment.sh
@@ -47,7 +47,7 @@ do
     # update renku version and push
     git checkout -b auto-update/${CHART_NAME}-${CHART_VERSION}-${cluster} ${UPSTREAM_BRANCH}
 
-    yq -i '.spec.chart.spec.version = strenv(CHART_VERSION)' $cluster_dir/main/charts/renku.yaml
+    yq eval --inplace '.spec.chart.spec.version = strenv(CHART_VERSION)' $cluster_dir/main/charts/renku.yaml
     sed -i "/Renku version/c\            ### Renku version $CHART_VERSION ($DATE)" $cluster_dir/main/charts/renku.yaml
     sed -i "/Release Notes/c\            See the [Release Notes](https://github.com/${GITHUB_REPOSITORY}/releases/tag/$CHART_VERSION)" $cluster_dir/main/charts/renku.yaml
 
diff --git a/update-component-version/Dockerfile b/update-component-version/Dockerfile
index 1421d13..1856d79 100644
--- a/update-component-version/Dockerfile
+++ b/update-component-version/Dockerfile
@@ -1,12 +1,11 @@
-FROM python:3.7-alpine3.10
+FROM python:3.9-alpine3.18
 
 # install dependencies
-RUN apk add --no-cache git bash && \
-    apk add --no-cache --virtual .build-deps gcc g++ make && \
-    wget -O /usr/bin/yq "https://github.com/mikefarah/yq/releases/download/3.1.1/yq_linux_amd64" && \
-    chmod a+x /usr/bin/yq && \
-    pip install -U pip chartpress==0.3.2 six==1.16.0 && \
-    apk del .build-deps
+RUN apk add --no-cache git bash yq && \
+    pip install -U pip \
+    chartpress==1.0.0 \
+    'ruamel.yaml<0.17.10' \
+    'ruamel.yaml.clib<0.2.4'
 
 COPY update-upstream.sh /
 ENTRYPOINT [ "/update-upstream.sh" ]
diff --git a/update-component-version/update-upstream.sh b/update-component-version/update-upstream.sh
index c15f7c1..5848e84 100755
--- a/update-component-version/update-upstream.sh
+++ b/update-component-version/update-upstream.sh
@@ -21,7 +21,7 @@ CHART_NAME=${CHART_NAME:=$(echo $GITHUB_REPOSITORY | cut -d/ -f2)}
 
 # build this chart to get the version
 chartpress --skip-build $CHART_TAG
-CHART_VERSION=$(yq r helm-chart/${CHART_NAME}/Chart.yaml version)
+CHART_VERSION=$(yq eval '.version' helm-chart/${CHART_NAME}/Chart.yaml)
 
 git clone --depth=1 --branch=${UPSTREAM_BRANCH} https://${GITHUB_TOKEN}@github.com/${UPSTREAM_REPO} upstream-repo
 
@@ -34,7 +34,7 @@ git config --global user.name "$GIT_USER"
 
 # update the chart requirements and push
 git checkout -b auto-update/${CHART_NAME}-${CHART_VERSION} ${UPSTREAM_BRANCH}
-yq w -i helm-chart/renku/requirements.yaml "dependencies.(name==${CHART_NAME}).version" $CHART_VERSION
+yq eval --inplace '.dependencies.[] |= select (.name == env(CHART_NAME)).version=strenv(CHART_VERSION)' helm-chart/renku/requirements.yaml
 
 git add helm-chart/renku/requirements.yaml
 git commit -m "chore: updating ${CHART_NAME} version to ${CHART_VERSION}"
diff --git a/update-renku-actions/Dockerfile b/update-renku-actions/Dockerfile
index d9edf3f..a4b9754 100644
--- a/update-renku-actions/Dockerfile
+++ b/update-renku-actions/Dockerfile
@@ -1,4 +1,4 @@
-FROM alpine:3.15
+FROM alpine:3.18
 
 RUN apk add --no-cache yq
 COPY entrypoint.sh /