add some basic workflows and renovate

.github/renovate-config.json

@@ -0,0 +1,11 @@
+{
+    "$schema": "https://docs.renovatebot.com/renovate-schema.json",
+    "onboarding": false,
+    "username": "renovate-release",
+    "gitAuthor": "Renovate Bot <bot@renovateapp.com>",
+    "platform": "github",
+    "repositories": [
+        "jessebot/ghost-helm-chart"
+    ],
+    "allowedPostUpgradeCommands": ["^scripts"]
+}

.github/workflows/cd-helm-release.yml

@@ -0,0 +1,45 @@
+name: Release
+
+on:
+  push:
+    branches:
+      - main
+    paths:
+      - 'charts/**'
+
+permissions:
+  contents: write # allow actions to update gh-pages branch
+
+jobs:
+  release:
+    environment: helm-release
+    permissions:
+      contents: write
+    runs-on: ubuntu-latest
+    steps:
+      - name: Checkout
+        uses: actions/checkout@v4
+        with:
+          fetch-depth: 0
+
+      - name: Configure Git
+        run: |
+          git config user.name "$GITHUB_ACTOR"
+          git config user.email "$GITHUB_ACTOR@users.noreply.github.com"
+
+      - name: Install Helm
+        uses: azure/setup-helm@v3.5
+        id: helm-install
+        with:
+          token: ${{ secrets.GITHUB_TOKEN }}
+
+      - name: Add dependency chart repos
+        run: |
+          helm dep update charts/ghost
+
+      - name: Run chart-releaser
+        id: helm-release
+        uses: helm/chart-releaser-action@v1.7.0
+        env:
+          CR_TOKEN: "${{ secrets.GITHUB_TOKEN }}"
+          CR_GENERATE_RELEASE_NOTES: true

.github/workflows/ci-helm-lint-test.yml

@@ -0,0 +1,53 @@
+name: Lint and Test Chart
+
+on:
+  pull_request:
+    paths:
+      - 'charts/ghost/**'
+
+permissions:
+  contents: read
+
+jobs:
+  lint:
+    name: Lint
+    runs-on: ubuntu-latest
+    steps:
+      - name: Checkout
+        uses: actions/checkout@v4
+        with:
+          fetch-depth: "0"
+
+      - name: Install Helm
+        uses: azure/setup-helm@v4
+
+      - name: Add dependency chart repos
+        run: |
+          helm repo add bitnami https://charts.bitnami.com/bitnami
+
+      - name: Set up chart-testing
+        uses: helm/chart-testing-action@v2.7.0
+
+      - name: Run chart-testing (list-changed)
+        id: list-changed
+        run: |
+          changed=$(ct list-changed --target-branch ${{ github.event.repository.default_branch }})
+          if [[ -n "$changed" ]]; then
+            echo "changed=true" >> "$GITHUB_OUTPUT"
+          fi
+
+      - name: Run chart-testing (lint)
+        id: lint
+        if: steps.list-changed.outputs.changed == 'true'
+        run: ct lint --target-branch ${{ github.event.repository.default_branch }}
+
+      - uses: debianmaster/actions-k3s@master
+        id: k3s
+        with:
+          version: 'latest'
+
+      - name: Run chart-testing (install)
+        id: install
+        if: steps.list-changed.outputs.changed == 'true'
+        run: |
+            ct install --target-branch ${{ github.event.repository.default_branch }}

.github/workflows/helm-docs.yaml

@@ -0,0 +1,26 @@
+name: Generate helm docs
+
+on:
+  pull_request:
+    paths:
+      - 'charts/ghost/**'
+      
+permissions:
+  contents: write
+  pull-requests: write
+
+jobs:
+  update-docs:
+    name: update-docs
+    runs-on: ubuntu-latest
+    steps:
+      - name: Checkout
+        uses: actions/checkout@v4
+        with:
+          ref: ${{ github.event.pull_request.head.ref }}
+
+      - name: Render helm docs inside the README.md and push changes back to PR branch
+        uses: netfoundry/helm-docs-action@v1
+        with:
+          working-dir: charts/ghost
+          git-push: "true"

.github/workflows/renovate.yml

@@ -0,0 +1,33 @@
+name: Renovate
+on:
+  workflow_dispatch:
+  schedule:
+    # This should be every hour
+    - cron: '55 * * * *'
+  push:
+    branches:
+      - main
+    paths:
+      - ".github/renovate-config.json"
+      - ".github/workflows/renovate.yml"
+      - "renovate.json"
+      - "scripts/**"
+jobs:
+  renovate:
+    runs-on: ubuntu-latest
+    steps:
+      - name: Get token
+        id: app-token
+        uses: actions/create-github-app-token@v2
+        with:
+          private-key: ${{ secrets.PRIVATE_KEY }}
+          app-id: ${{ secrets.APP_ID }}
+
+      - name: Checkout
+        uses: actions/checkout@v4.2.2
+
+      - name: Self-hosted Renovate
+        uses: renovatebot/github-action@v42.0.6
+        with:
+          token: '${{ steps.app-token.outputs.token }}'
+          configurationFile: .github/renovate-config.json

renovate.json

@@ -0,0 +1,57 @@
+{
+    "$schema": "https://docs.renovatebot.com/renovate-schema.json",
+    "extends": ["config:recommended", ":disableDependencyDashboard"],
+    "customManagers": [
+        {
+            "customType": "regex",
+            "datasourceTemplate": "docker",
+            "fileMatch": ["(^|/)Chart\\.yaml$"],
+            "matchStrings": [
+                "#\\s*renovate: image=(?<depName>.*?)\\s+appVersion:\\s*[\"']?(?<currentValue>[\\w+\\.\\-]*)"
+            ]
+        }
+    ],
+    "packageRules": [
+        {
+            "description": "Fix subchart archives for helm chart",
+            "matchManagers": ["helmv3"],
+            "postUpdateOptions": ["helmUpdateSubChartArchives"]
+        },
+        {
+            "description": "Fix version in Chart.yaml after helmv3 dep patch updates",
+            "matchManagers": ["helmv3"],
+            "matchUpdateTypes": ["patch"],
+            "bumpVersion": "patch"
+        },
+        {
+            "description": "Fix version in Chart.yaml after helmv3 dep minor updates",
+            "matchManagers": ["helmv3"],
+            "matchUpdateTypes": ["minor"],
+            "bumpVersion": "minor"
+        },
+        {
+            "description": "Fix version in Chart.yaml after helmv3 dep major updates",
+            "matchManagers": ["helmv3"],
+            "matchUpdateTypes": ["major"],
+            "bumpVersion": "major"
+        },
+        {
+            "description": "Bump helm chart versions by a patch when updating values files. This can be removed when https://github.com/renovatebot/renovate/issues/8231 is implemented and enabled.",
+            "matchManagers": ["helm-values", "regex"],
+            "postUpgradeTasks": {
+                "commands": [
+                    "scripts/bump-chart-version.sh '{{{updateType}}}'"
+                ],
+                "fileFilters": ["**/Chart.yaml"],
+                "executionMode": "branch"
+            }
+        },
+        { 
+            "matchManagers": ["github-actions"],
+            "matchPackageNames": ["renovatebot/github-action"],
+            "matchUpdateTypes": ["patch", "minor"],
+            "automerge": true,
+            "ignoreTests": true
+        }
+    ]
+}

scripts/bump-chart-version.sh

@@ -0,0 +1,32 @@
+#!/usr/bin/env bash
+# thanks to original comment: https://github.com/renovatebot/renovate/issues/8231#issuecomment-1978929997
+# converted to discussion: https://github.com/renovatebot/renovate/discussions/28861#discussioncomment-9326722
+
+set -euo pipefail
+
+update_type="$1"
+
+version=$(grep "^version:" "charts/ghost/Chart.yaml" | awk '{print $2}')
+
+if [[ ! $version ]]; then
+  echo "No valid version was found"
+  exit 1
+fi
+
+major=$(echo "$version" | cut -d. -f1)
+minor=$(echo "$version" | cut -d. -f2)
+patch=$(echo "$version" | cut -d. -f3)
+
+if [[ "$update_type" =~ (major|replacement) ]]; then
+  major=$(( major + 1 ))
+  minor=0
+  patch=0
+elif [[ "$update_type" =~ 'minor' ]]; then
+  minor=$(( minor + 1 ))
+  patch=0
+else
+  patch=$(( patch + 1 ))
+fi
+
+echo "Bumping version for ghost chart from $version to $major.$minor.$patch"
+sed -i "s/^version:.*/version: ${major}.${minor}.${patch}/g" "charts/ghost/Chart.yaml"