search

SpecterOps / Nemesis

An offensive data enrichment pipeline
https://specterops.github.io/Nemesis/
Other
597 stars 59 forks source link

Rework Helm chart release workflow #47

Closed MEhrn00 closed 6 months ago

MEhrn00 commented 6 months ago

This PR reworks the helm-release.yml workflow to better fit the Nemesis repository.

Current issues

The chart-releaser-action being used in the current workflow creates a separate Github release for each Helm chart.

These separate releases should be combined into one single release since they are all apart of the same Nemesis project. The releases are also tied to different git tags that all point to the same commit.

The current workflow is also set to trigger whenever there is a change to the helm branch. Since the helm charts are in an early stage of development, having a new release trigger whenever changes are pushed may not be ideal in the current state.

Changes

This version of the workflow for hosting the Helm charts is currently active on my fork https://github.com/MEhrn00/Nemesis and the releases can be found here. Each release will contain all of the packaged Helm charts bundled together instead of spread out through separate releases. I also have an example where I bumped the version numbers for the nemesis and quickstart charts but put those changes under a single release https://github.com/MEhrn00/Nemesis/releases/tag/v0.1.1. Everything still functions the same from the user side when it comes to using and installing the charts.

Some pre-requisite changes to this repository are needed in order for the workflow to function.

  1. The .github/workflow/helm-release.yml file needs to be present in the main branch. Github actions will not detect that the workflow exists unless it is in the repository's default branch. Having the workflow in the main branch does not mean that the workflow is only triggerable from the main branch. You can specify what branch the workflow should run against when triggering the workflow as long as the workflow file is present in the branch you want to target.
  2. The github-pages environment deployment branches need to be adjusted to specify what branches are allowed to run the workflow. The workflow will not run unless a branch is explicitly allowed even if the workflow file exists in that branch. You can do this by going to Settings -> Environments -> github-pages and adding the necessary branches under "Deployment branches and tags".
  3. The Github pages deployment source needs to be changed from "Deploy from a branch" to "Github Actions". This can be done by going to Settings -> Pages and under "Build and Deployment", change the source from "Deploy from a branch" to "Github Actions".

The old git tags and Github releases can be cleaned up since they are no longer used. The gh-pages branch can also be removed since Github pages will use Github actions for the pages source instead of that branch.

If you need more information or have any questions, feel free to reach out in the Bloodhound Slack or talk to Max Harley about them.

HarmJ0y commented 6 months ago

Thank you for the modifications! We're planning on merging the Helm branch to main early next week, and will note/make the needed modifications at that point.

t94j0 commented 5 months ago

This is really great work. Tested this on my fork yesterday and worked.