From 152116d993394b7261bf334381fde5c0cc7a4012 Mon Sep 17 00:00:00 2001
From: jessebot <jessebot@linux.com>
Date: Sun, 28 Sep 2025 11:19:30 +0200
Subject: [PATCH] add some basic workflows and renovate

---
 .github/renovate-config.json            | 11 +++++
 .github/workflows/cd-helm-release.yml   | 45 +++++++++++++++++++
 .github/workflows/ci-helm-lint-test.yml | 53 +++++++++++++++++++++++
 .github/workflows/helm-docs.yaml        | 26 +++++++++++
 .github/workflows/renovate.yml          | 33 ++++++++++++++
 renovate.json                           | 57 +++++++++++++++++++++++++
 scripts/bump-chart-version.sh           | 32 ++++++++++++++
 7 files changed, 257 insertions(+)
 create mode 100644 .github/renovate-config.json
 create mode 100644 .github/workflows/cd-helm-release.yml
 create mode 100644 .github/workflows/ci-helm-lint-test.yml
 create mode 100644 .github/workflows/helm-docs.yaml
 create mode 100644 .github/workflows/renovate.yml
 create mode 100644 renovate.json
 create mode 100755 scripts/bump-chart-version.sh

diff --git a/.github/renovate-config.json b/.github/renovate-config.json
new file mode 100644
index 0000000..2182e8d
--- /dev/null
+++ b/.github/renovate-config.json
@@ -0,0 +1,11 @@
+{
+    "$schema": "https://docs.renovatebot.com/renovate-schema.json",
+    "onboarding": false,
+    "username": "renovate-release",
+    "gitAuthor": "Renovate Bot <bot@renovateapp.com>",
+    "platform": "github",
+    "repositories": [
+        "jessebot/ghost-helm-chart"
+    ],
+    "allowedPostUpgradeCommands": ["^scripts"]
+}
diff --git a/.github/workflows/cd-helm-release.yml b/.github/workflows/cd-helm-release.yml
new file mode 100644
index 0000000..17a838d
--- /dev/null
+++ b/.github/workflows/cd-helm-release.yml
@@ -0,0 +1,45 @@
+name: Release
+
+on:
+  push:
+    branches:
+      - main
+    paths:
+      - 'charts/**'
+
+permissions:
+  contents: write # allow actions to update gh-pages branch
+
+jobs:
+  release:
+    environment: helm-release
+    permissions:
+      contents: write
+    runs-on: ubuntu-latest
+    steps:
+      - name: Checkout
+        uses: actions/checkout@v4
+        with:
+          fetch-depth: 0
+
+      - name: Configure Git
+        run: |
+          git config user.name "$GITHUB_ACTOR"
+          git config user.email "$GITHUB_ACTOR@users.noreply.github.com"
+
+      - name: Install Helm
+        uses: azure/setup-helm@v3.5
+        id: helm-install
+        with:
+          token: ${{ secrets.GITHUB_TOKEN }}
+
+      - name: Add dependency chart repos
+        run: |
+          helm dep update charts/ghost
+
+      - name: Run chart-releaser
+        id: helm-release
+        uses: helm/chart-releaser-action@v1.7.0
+        env:
+          CR_TOKEN: "${{ secrets.GITHUB_TOKEN }}"
+          CR_GENERATE_RELEASE_NOTES: true
diff --git a/.github/workflows/ci-helm-lint-test.yml b/.github/workflows/ci-helm-lint-test.yml
new file mode 100644
index 0000000..7a64059
--- /dev/null
+++ b/.github/workflows/ci-helm-lint-test.yml
@@ -0,0 +1,53 @@
+name: Lint and Test Chart
+
+on:
+  pull_request:
+    paths:
+      - 'charts/ghost/**'
+
+permissions:
+  contents: read
+
+jobs:
+  lint:
+    name: Lint
+    runs-on: ubuntu-latest
+    steps:
+      - name: Checkout
+        uses: actions/checkout@v4
+        with:
+          fetch-depth: "0"
+
+      - name: Install Helm
+        uses: azure/setup-helm@v4
+
+      - name: Add dependency chart repos
+        run: |
+          helm repo add bitnami https://charts.bitnami.com/bitnami
+
+      - name: Set up chart-testing
+        uses: helm/chart-testing-action@v2.7.0
+
+      - name: Run chart-testing (list-changed)
+        id: list-changed
+        run: |
+          changed=$(ct list-changed --target-branch ${{ github.event.repository.default_branch }})
+          if [[ -n "$changed" ]]; then
+            echo "changed=true" >> "$GITHUB_OUTPUT"
+          fi
+
+      - name: Run chart-testing (lint)
+        id: lint
+        if: steps.list-changed.outputs.changed == 'true'
+        run: ct lint --target-branch ${{ github.event.repository.default_branch }}
+
+      - uses: debianmaster/actions-k3s@master
+        id: k3s
+        with:
+          version: 'latest'
+
+      - name: Run chart-testing (install)
+        id: install
+        if: steps.list-changed.outputs.changed == 'true'
+        run: |
+            ct install --target-branch ${{ github.event.repository.default_branch }}
diff --git a/.github/workflows/helm-docs.yaml b/.github/workflows/helm-docs.yaml
new file mode 100644
index 0000000..11c8082
--- /dev/null
+++ b/.github/workflows/helm-docs.yaml
@@ -0,0 +1,26 @@
+name: Generate helm docs
+
+on:
+  pull_request:
+    paths:
+      - 'charts/ghost/**'
+      
+permissions:
+  contents: write
+  pull-requests: write
+
+jobs:
+  update-docs:
+    name: update-docs
+    runs-on: ubuntu-latest
+    steps:
+      - name: Checkout
+        uses: actions/checkout@v4
+        with:
+          ref: ${{ github.event.pull_request.head.ref }}
+
+      - name: Render helm docs inside the README.md and push changes back to PR branch
+        uses: netfoundry/helm-docs-action@v1
+        with:
+          working-dir: charts/ghost
+          git-push: "true"
diff --git a/.github/workflows/renovate.yml b/.github/workflows/renovate.yml
new file mode 100644
index 0000000..9309ef3
--- /dev/null
+++ b/.github/workflows/renovate.yml
@@ -0,0 +1,33 @@
+name: Renovate
+on:
+  workflow_dispatch:
+  schedule:
+    # This should be every hour
+    - cron: '55 * * * *'
+  push:
+    branches:
+      - main
+    paths:
+      - ".github/renovate-config.json"
+      - ".github/workflows/renovate.yml"
+      - "renovate.json"
+      - "scripts/**"
+jobs:
+  renovate:
+    runs-on: ubuntu-latest
+    steps:
+      - name: Get token
+        id: app-token
+        uses: actions/create-github-app-token@v2
+        with:
+          private-key: ${{ secrets.PRIVATE_KEY }}
+          app-id: ${{ secrets.APP_ID }}
+
+      - name: Checkout
+        uses: actions/checkout@v4.2.2
+
+      - name: Self-hosted Renovate
+        uses: renovatebot/github-action@v42.0.6
+        with:
+          token: '${{ steps.app-token.outputs.token }}'
+          configurationFile: .github/renovate-config.json
diff --git a/renovate.json b/renovate.json
new file mode 100644
index 0000000..e7be5b1
--- /dev/null
+++ b/renovate.json
@@ -0,0 +1,57 @@
+{
+    "$schema": "https://docs.renovatebot.com/renovate-schema.json",
+    "extends": ["config:recommended", ":disableDependencyDashboard"],
+    "customManagers": [
+        {
+            "customType": "regex",
+            "datasourceTemplate": "docker",
+            "fileMatch": ["(^|/)Chart\\.yaml$"],
+            "matchStrings": [
+                "#\\s*renovate: image=(?<depName>.*?)\\s+appVersion:\\s*[\"']?(?<currentValue>[\\w+\\.\\-]*)"
+            ]
+        }
+    ],
+    "packageRules": [
+        {
+            "description": "Fix subchart archives for helm chart",
+            "matchManagers": ["helmv3"],
+            "postUpdateOptions": ["helmUpdateSubChartArchives"]
+        },
+        {
+            "description": "Fix version in Chart.yaml after helmv3 dep patch updates",
+            "matchManagers": ["helmv3"],
+            "matchUpdateTypes": ["patch"],
+            "bumpVersion": "patch"
+        },
+        {
+            "description": "Fix version in Chart.yaml after helmv3 dep minor updates",
+            "matchManagers": ["helmv3"],
+            "matchUpdateTypes": ["minor"],
+            "bumpVersion": "minor"
+        },
+        {
+            "description": "Fix version in Chart.yaml after helmv3 dep major updates",
+            "matchManagers": ["helmv3"],
+            "matchUpdateTypes": ["major"],
+            "bumpVersion": "major"
+        },
+        {
+            "description": "Bump helm chart versions by a patch when updating values files. This can be removed when https://github.com/renovatebot/renovate/issues/8231 is implemented and enabled.",
+            "matchManagers": ["helm-values", "regex"],
+            "postUpgradeTasks": {
+                "commands": [
+                    "scripts/bump-chart-version.sh '{{{updateType}}}'"
+                ],
+                "fileFilters": ["**/Chart.yaml"],
+                "executionMode": "branch"
+            }
+        },
+        { 
+            "matchManagers": ["github-actions"],
+            "matchPackageNames": ["renovatebot/github-action"],
+            "matchUpdateTypes": ["patch", "minor"],
+            "automerge": true,
+            "ignoreTests": true
+        }
+    ]
+}
diff --git a/scripts/bump-chart-version.sh b/scripts/bump-chart-version.sh
new file mode 100755
index 0000000..f425fc9
--- /dev/null
+++ b/scripts/bump-chart-version.sh
@@ -0,0 +1,32 @@
+#!/usr/bin/env bash
+# thanks to original comment: https://github.com/renovatebot/renovate/issues/8231#issuecomment-1978929997
+# converted to discussion: https://github.com/renovatebot/renovate/discussions/28861#discussioncomment-9326722
+
+set -euo pipefail
+
+update_type="$1"
+
+version=$(grep "^version:" "charts/ghost/Chart.yaml" | awk '{print $2}')
+
+if [[ ! $version ]]; then
+  echo "No valid version was found"
+  exit 1
+fi
+
+major=$(echo "$version" | cut -d. -f1)
+minor=$(echo "$version" | cut -d. -f2)
+patch=$(echo "$version" | cut -d. -f3)
+
+if [[ "$update_type" =~ (major|replacement) ]]; then
+  major=$(( major + 1 ))
+  minor=0
+  patch=0
+elif [[ "$update_type" =~ 'minor' ]]; then
+  minor=$(( minor + 1 ))
+  patch=0
+else
+  patch=$(( patch + 1 ))
+fi
+
+echo "Bumping version for ghost chart from $version to $major.$minor.$patch"
+sed -i "s/^version:.*/version: ${major}.${minor}.${patch}/g" "charts/ghost/Chart.yaml"