From a5ae4eea76bdf230bfd0aa223511fa469a68bc1e Mon Sep 17 00:00:00 2001 From: Hasal Dharmagunawradana <107778591+hesxo@users.noreply.github.com> Date: Wed, 1 Apr 2026 23:28:44 +0530 Subject: [PATCH 1/2] Enhance release workflow with concurrency and error handling Added concurrency control and improved error handling in the release workflow. Signed-off-by: Hasal Dharmagunawradana <107778591+hesxo@users.noreply.github.com> --- .github/workflows/release.yml | 37 +++++++++++++++++++---------------- 1 file changed, 20 insertions(+), 17 deletions(-) diff --git a/.github/workflows/release.yml b/.github/workflows/release.yml index 017687cc1..4e2c5de14 100644 --- a/.github/workflows/release.yml +++ b/.github/workflows/release.yml @@ -1,4 +1,5 @@ name: release + on: create: tags: @@ -7,20 +8,20 @@ on: branches: - main +concurrency: + group: release-${{ github.ref }} + cancel-in-progress: true + permissions: read-all -# Note the only differences between release and canary-release jobs are: -# - only canary passes --overwrite flag -# - the VERSION make variable passed to 'make dist checksum' is expected to -# be "canary" if the job is triggered by a push to "main" branch. If the -# job is triggered by a tag push, VERSION should be the tag ref. jobs: release: if: startsWith(github.ref, 'refs/tags/v') && github.repository == 'helm/helm' runs-on: ubuntu-latest-16-cores + timeout-minutes: 30 steps: - name: Checkout source code - uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # pin@v6.0.2 + uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd with: fetch-depth: 0 @@ -28,28 +29,29 @@ jobs: run: cat ".github/env" >> "$GITHUB_ENV" - name: Setup Go - uses: actions/setup-go@7a3fe6cf4cb3a834922a1244abfce67bcef6a0c5 # pin@6.2.0 + uses: actions/setup-go@7a3fe6cf4cb3a834922a1244abfce67bcef6a0c5 with: go-version: '${{ env.GOLANG_VERSION }}' check-latest: true + - name: Run unit tests run: make test-coverage + - name: Build Helm Binaries run: | - set -eu -o pipefail - + set -euo pipefail make build-cross VERSION="${{ github.ref_name }}" make dist checksum VERSION="${{ github.ref_name }}" - name: Set latest version run: | - set -eu -o pipefail + set -euo pipefail mkdir -p _dist_versions - # Push the latest semver tag, excluding prerelease tags LATEST_VERSION="$(git tag | sort -r --version-sort | grep '^v[0-9]' | grep -v '-' | head -n1)" echo "LATEST_VERSION=${LATEST_VERSION}" + if [[ "${LATEST_VERSION}" != v4.* ]]; then echo "Error: Latest version ${LATEST_VERSION} is not a v4 release" exit 1 @@ -59,7 +61,7 @@ jobs: echo "${LATEST_VERSION}" > _dist_versions/helm4-latest-version - name: Upload Binaries - uses: bacongobbler/azure-blob-storage-upload@50f7d898b7697e864130ea04c303ca38b5751c50 # pin@3.0.0 + uses: bacongobbler/azure-blob-storage-upload@50f7d898b7697e864130ea04c303ca38b5751c50 env: AZURE_STORAGE_CONNECTION_STRING: "${{ secrets.AZURE_STORAGE_CONNECTION_STRING }}" AZURE_STORAGE_CONTAINER_NAME: "${{ secrets.AZURE_STORAGE_CONTAINER_NAME }}" @@ -70,7 +72,7 @@ jobs: extra_args: '--pattern helm-*' - name: Upload Version tag files - uses: bacongobbler/azure-blob-storage-upload@50f7d898b7697e864130ea04c303ca38b5751c50 # pin@3.0.0 + uses: bacongobbler/azure-blob-storage-upload@50f7d898b7697e864130ea04c303ca38b5751c50 env: AZURE_STORAGE_CONNECTION_STRING: "${{ secrets.AZURE_STORAGE_CONNECTION_STRING }}" AZURE_STORAGE_CONTAINER_NAME: "${{ secrets.AZURE_STORAGE_CONTAINER_NAME }}" @@ -82,16 +84,17 @@ jobs: canary-release: runs-on: ubuntu-latest-16-cores + timeout-minutes: 30 if: github.ref == 'refs/heads/main' && github.repository == 'helm/helm' steps: - name: Checkout source code - uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # pin@v6.0.2 + uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd - name: Add variables to environment file run: cat ".github/env" >> "$GITHUB_ENV" - name: Setup Go - uses: actions/setup-go@7a3fe6cf4cb3a834922a1244abfce67bcef6a0c5 # pin@6.2.0 + uses: actions/setup-go@7a3fe6cf4cb3a834922a1244abfce67bcef6a0c5 with: go-version: '${{ env.GOLANG_VERSION }}' check-latest: true @@ -101,15 +104,15 @@ jobs: - name: Build Helm Binaries run: | + set -euo pipefail make build-cross make dist checksum VERSION="canary" - name: Upload Binaries - uses: bacongobbler/azure-blob-storage-upload@50f7d898b7697e864130ea04c303ca38b5751c50 # pin@3.0.0 + uses: bacongobbler/azure-blob-storage-upload@50f7d898b7697e864130ea04c303ca38b5751c50 with: source_dir: _dist container_name: ${{ secrets.AZURE_STORAGE_CONTAINER_NAME }} connection_string: ${{ secrets.AZURE_STORAGE_CONNECTION_STRING }} extra_args: '--pattern helm-*' - # WARNING: this will overwrite existing blobs in your blob storage overwrite: 'true' From 8b5c6e67e3261e3d26ff9119c365f648701366c8 Mon Sep 17 00:00:00 2001 From: Hasal Dharmagunawradana <107778591+hesxo@users.noreply.github.com> Date: Wed, 1 Apr 2026 23:41:42 +0530 Subject: [PATCH 2/2] Refactor release workflow for tag pushes and timeouts Updated release workflow to trigger on tag pushes and modified concurrency settings. Increased timeout for jobs and added error handling in the environment setup. Signed-off-by: Hasal Dharmagunawradana <107778591+hesxo@users.noreply.github.com> --- .github/workflows/release.yml | 60 +++++++++++++++++++++-------------- 1 file changed, 37 insertions(+), 23 deletions(-) diff --git a/.github/workflows/release.yml b/.github/workflows/release.yml index 4e2c5de14..0a689cd46 100644 --- a/.github/workflows/release.yml +++ b/.github/workflows/release.yml @@ -1,41 +1,50 @@ name: release on: - create: - tags: - - v* push: + tags: + - 'v*' branches: - main -concurrency: - group: release-${{ github.ref }} - cancel-in-progress: true - -permissions: read-all +permissions: + contents: read +concurrency: + group: ${{ github.workflow }}-${{ github.ref }} + cancel-in-progress: false + +# Note the only differences between release and canary-release jobs are: +# - only canary passes --overwrite flag +# - the VERSION make variable passed to 'make dist checksum' is expected to +# be "canary" if the job is triggered by a push to "main" branch. If the +# job is triggered by a tag push, VERSION should be the tag ref. jobs: release: if: startsWith(github.ref, 'refs/tags/v') && github.repository == 'helm/helm' runs-on: ubuntu-latest-16-cores - timeout-minutes: 30 + timeout-minutes: 45 steps: - name: Checkout source code - uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd + uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # pin@v6.0.2 with: fetch-depth: 0 - name: Add variables to environment file - run: cat ".github/env" >> "$GITHUB_ENV" + run: | + set -euo pipefail + cat ".github/env" >> "$GITHUB_ENV" - name: Setup Go - uses: actions/setup-go@7a3fe6cf4cb3a834922a1244abfce67bcef6a0c5 + uses: actions/setup-go@7a3fe6cf4cb3a834922a1244abfce67bcef6a0c5 # pin@6.2.0 with: go-version: '${{ env.GOLANG_VERSION }}' check-latest: true - name: Run unit tests - run: make test-coverage + run: | + set -euo pipefail + make test-coverage - name: Build Helm Binaries run: | @@ -49,9 +58,9 @@ jobs: mkdir -p _dist_versions + # Push the latest semver tag, excluding prerelease tags LATEST_VERSION="$(git tag | sort -r --version-sort | grep '^v[0-9]' | grep -v '-' | head -n1)" echo "LATEST_VERSION=${LATEST_VERSION}" - if [[ "${LATEST_VERSION}" != v4.* ]]; then echo "Error: Latest version ${LATEST_VERSION} is not a v4 release" exit 1 @@ -61,7 +70,7 @@ jobs: echo "${LATEST_VERSION}" > _dist_versions/helm4-latest-version - name: Upload Binaries - uses: bacongobbler/azure-blob-storage-upload@50f7d898b7697e864130ea04c303ca38b5751c50 + uses: bacongobbler/azure-blob-storage-upload@50f7d898b7697e864130ea04c303ca38b5751c50 # pin@3.0.0 env: AZURE_STORAGE_CONNECTION_STRING: "${{ secrets.AZURE_STORAGE_CONNECTION_STRING }}" AZURE_STORAGE_CONTAINER_NAME: "${{ secrets.AZURE_STORAGE_CONTAINER_NAME }}" @@ -72,7 +81,7 @@ jobs: extra_args: '--pattern helm-*' - name: Upload Version tag files - uses: bacongobbler/azure-blob-storage-upload@50f7d898b7697e864130ea04c303ca38b5751c50 + uses: bacongobbler/azure-blob-storage-upload@50f7d898b7697e864130ea04c303ca38b5751c50 # pin@3.0.0 env: AZURE_STORAGE_CONNECTION_STRING: "${{ secrets.AZURE_STORAGE_CONNECTION_STRING }}" AZURE_STORAGE_CONTAINER_NAME: "${{ secrets.AZURE_STORAGE_CONTAINER_NAME }}" @@ -83,24 +92,28 @@ jobs: connection_string: ${{ secrets.AZURE_STORAGE_CONNECTION_STRING }} canary-release: - runs-on: ubuntu-latest-16-cores - timeout-minutes: 30 if: github.ref == 'refs/heads/main' && github.repository == 'helm/helm' + runs-on: ubuntu-latest-16-cores + timeout-minutes: 45 steps: - name: Checkout source code - uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd + uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # pin@v6.0.2 - name: Add variables to environment file - run: cat ".github/env" >> "$GITHUB_ENV" + run: | + set -euo pipefail + cat ".github/env" >> "$GITHUB_ENV" - name: Setup Go - uses: actions/setup-go@7a3fe6cf4cb3a834922a1244abfce67bcef6a0c5 + uses: actions/setup-go@7a3fe6cf4cb3a834922a1244abfce67bcef6a0c5 # pin@6.2.0 with: go-version: '${{ env.GOLANG_VERSION }}' check-latest: true - name: Run unit tests - run: make test-coverage + run: | + set -euo pipefail + make test-coverage - name: Build Helm Binaries run: | @@ -109,10 +122,11 @@ jobs: make dist checksum VERSION="canary" - name: Upload Binaries - uses: bacongobbler/azure-blob-storage-upload@50f7d898b7697e864130ea04c303ca38b5751c50 + uses: bacongobbler/azure-blob-storage-upload@50f7d898b7697e864130ea04c303ca38b5751c50 # pin@3.0.0 with: source_dir: _dist container_name: ${{ secrets.AZURE_STORAGE_CONTAINER_NAME }} connection_string: ${{ secrets.AZURE_STORAGE_CONNECTION_STRING }} extra_args: '--pattern helm-*' + # WARNING: this will overwrite existing blobs in your blob storage overwrite: 'true'