From 85a22e4d34ee7d3872ec7859704aa1751af06729 Mon Sep 17 00:00:00 2001 From: Claude Date: Wed, 22 Apr 2026 11:43:01 +0900 Subject: [PATCH] fix: fix Helm release workflow and add CLAUDE.md - Replace broken helmchart/repo checkout+index.yaml approach with Gitea Package Registry upload (matching phpfpm pattern) - Fix release condition: release only on phpMyAdmin update, not nginx-only - Add release_needed output separate from update_needed - Add duplicate tag/release guard before creation - Add jq availability check - Add env vars REGISTRY_URL and OWNER - Fix git user to Claude / claude@cafepieters.com - Add CLAUDE.md with git info, release rules, and PHP runtime note Co-Authored-By: Claude Sonnet 4.6 --- .../workflows/image-update-and-release.yaml | 198 ++++++++++-------- CLAUDE.md | 50 +++++ 2 files changed, 155 insertions(+), 93 deletions(-) create mode 100644 CLAUDE.md diff --git a/.gitea/workflows/image-update-and-release.yaml b/.gitea/workflows/image-update-and-release.yaml index 006d4b9..34a7738 100644 --- a/.gitea/workflows/image-update-and-release.yaml +++ b/.gitea/workflows/image-update-and-release.yaml @@ -5,6 +5,10 @@ on: - cron: '0 3 * * 1' # 毎週月曜日 3:00 AM (JST 12:00 PM) workflow_dispatch: +env: + REGISTRY_URL: https://git.cafepieters.com + OWNER: helmchart + jobs: update-and-release: runs-on: ubuntu-latest @@ -19,6 +23,14 @@ jobs: with: version: 'v3.12.0' + - name: Check jq availability + run: | + if ! command -v jq &> /dev/null; then + echo "Installing jq..." + apt-get update && apt-get install -y jq + fi + jq --version + - name: Check for new nginx version id: nginx run: | @@ -26,13 +38,12 @@ jobs: echo "Checking nginx versions..." CURRENT=$(grep -A3 "nginx:" values.yaml | grep "tag:" | head -1 | sed 's/.*tag: *"\([^"]*\)".*/\1/' | tr -d ' ') echo "Current nginx: $CURRENT" - - # Docker Hub API v2を使用してタグを取得 + LATEST=$(curl -s "https://registry.hub.docker.com/v2/repositories/library/nginx/tags?page_size=100" | \ jq -r '.results[].name' | \ grep -E '^[0-9]+\.[0-9]+\.[0-9]+-alpine-perl$' | \ sort -V | tail -1) - + if [ -z "$LATEST" ]; then echo "Warning: Could not fetch latest nginx version, using current" LATEST="$CURRENT" @@ -48,33 +59,33 @@ jobs: echo "Checking phpMyAdmin versions..." CURRENT=$(grep -A3 "phpmyadmin:" values.yaml | grep "tag:" | head -1 | sed 's/.*tag: *"\([^"]*\)".*/\1/' | tr -d ' ') echo "Current phpMyAdmin: $CURRENT" - + # Docker Hub API v2を使用してタグを取得 # パターン: 5.2.3-fpm-alpine 形式 LATEST=$(curl -s "https://registry.hub.docker.com/v2/repositories/phpmyadmin/phpmyadmin/tags?page_size=100" | \ jq -r '.results[].name' | \ grep -E '^[0-9]+\.[0-9]+\.[0-9]+-fpm-alpine$' | \ sort -V | tail -1) - + if [ -z "$LATEST" ]; then echo "Warning: Could not fetch latest phpMyAdmin version, using current" LATEST="$CURRENT" fi - + # phpMyAdminバージョンを抽出 (5.2.3の部分) APP_VERSION=$(echo "$LATEST" | grep -oE '^[0-9]+\.[0-9]+\.[0-9]+') if [ -z "$APP_VERSION" ]; then echo "Error: Could not extract phpMyAdmin version" exit 1 fi - + echo "Latest phpMyAdmin: $LATEST" echo "phpMyAdmin version: $APP_VERSION" echo "current=$CURRENT" >> $GITHUB_OUTPUT echo "latest=$LATEST" >> $GITHUB_OUTPUT echo "app_version=$APP_VERSION" >> $GITHUB_OUTPUT - - name: Determine if update is needed + - name: Determine update and release conditions id: check_update run: | set -e @@ -82,50 +93,56 @@ jobs: NGINX_LATEST="${{ steps.nginx.outputs.latest }}" PMA_CURRENT="${{ steps.phpmyadmin.outputs.current }}" PMA_LATEST="${{ steps.phpmyadmin.outputs.latest }}" - + echo "Nginx: $NGINX_CURRENT vs $NGINX_LATEST" echo "phpMyAdmin: $PMA_CURRENT vs $PMA_LATEST" - + + UPDATE_NEEDED=false + RELEASE_NEEDED=false + if [ "$NGINX_CURRENT" != "$NGINX_LATEST" ] || [ "$PMA_CURRENT" != "$PMA_LATEST" ]; then - echo "update_needed=true" >> $GITHUB_OUTPUT - echo "Update is needed" + UPDATE_NEEDED=true + echo "Update needed" else - echo "update_needed=false" >> $GITHUB_OUTPUT echo "Already up to date" fi + if [ "$PMA_CURRENT" != "$PMA_LATEST" ]; then + RELEASE_NEEDED=true + echo "Release needed: phpMyAdmin updated" + else + echo "No release (nginx-only update or no change)" + fi + + echo "update_needed=$UPDATE_NEEDED" >> $GITHUB_OUTPUT + echo "release_needed=$RELEASE_NEEDED" >> $GITHUB_OUTPUT + - name: Update values.yaml if: steps.check_update.outputs.update_needed == 'true' run: | set -e echo "Updating values.yaml..." - - # phpMyAdminバージョンを取得 - APP_VERSION="${{ steps.phpmyadmin.outputs.app_version }}" - - # Nginx更新 + NGINX_OLD="${{ steps.nginx.outputs.current }}" NGINX_NEW="${{ steps.nginx.outputs.latest }}" + PMA_OLD="${{ steps.phpmyadmin.outputs.current }}" + PMA_NEW="${{ steps.phpmyadmin.outputs.latest }}" + if [ "$NGINX_OLD" != "$NGINX_NEW" ]; then - # nginxセクションのtagのみを更新(1つ目のタグ) sed -i "0,/tag: \"${NGINX_OLD}\"/s//tag: \"${NGINX_NEW}\"/" values.yaml echo "Nginx updated: $NGINX_OLD -> $NGINX_NEW" fi - - # phpMyAdmin更新 - PMA_OLD="${{ steps.phpmyadmin.outputs.current }}" - PMA_NEW="${{ steps.phpmyadmin.outputs.latest }}" + if [ "$PMA_OLD" != "$PMA_NEW" ]; then - # phpmyadminセクションのtagのみを更新(2つ目のタグ) sed -i "0,/tag: \"${NGINX_NEW}\"/b; s/tag: \"${PMA_OLD}\"/tag: \"${PMA_NEW}\"/" values.yaml echo "phpMyAdmin updated: $PMA_OLD -> $PMA_NEW" fi - + echo "values.yaml updated" git diff values.yaml - name: Update Chart.yaml version - if: steps.check_update.outputs.update_needed == 'true' + if: steps.check_update.outputs.release_needed == 'true' run: | set -e APP_VERSION="${{ steps.phpmyadmin.outputs.app_version }}" @@ -137,28 +154,32 @@ jobs: - name: Commit changes if: steps.check_update.outputs.update_needed == 'true' run: | - git config user.name "Gitea Actions Bot" - git config user.email "actions@gitea.local" + git config user.name "Claude" + git config user.email "claude@cafepieters.com" git add values.yaml Chart.yaml - git commit -m "chore: update to phpMyAdmin ${{ steps.phpmyadmin.outputs.app_version }}, nginx ${{ steps.nginx.outputs.latest }}" + git commit -m "chore: update to phpMyAdmin ${{ steps.phpmyadmin.outputs.latest }}, nginx ${{ steps.nginx.outputs.latest }}" git push origin main - name: Package Helm Chart - if: steps.check_update.outputs.update_needed == 'true' + if: steps.check_update.outputs.release_needed == 'true' run: | helm package . echo "Helm chart packaged" - name: Create Git Tag - if: steps.check_update.outputs.update_needed == 'true' + if: steps.check_update.outputs.release_needed == 'true' run: | APP_VERSION="${{ steps.phpmyadmin.outputs.app_version }}" - git tag -a "v$APP_VERSION" -m "Release phpMyAdmin $APP_VERSION" - git push origin "v$APP_VERSION" - echo "Git tag v$APP_VERSION created" + if git rev-parse "v$APP_VERSION" >/dev/null 2>&1; then + echo "Tag v$APP_VERSION already exists, skipping" + else + git tag -a "v$APP_VERSION" -m "Release phpMyAdmin $APP_VERSION" + git push origin "v$APP_VERSION" + echo "Git tag v$APP_VERSION created" + fi - name: Create Gitea Release - if: steps.check_update.outputs.update_needed == 'true' + if: steps.check_update.outputs.release_needed == 'true' env: GITEA_TOKEN: ${{ secrets.GITEA_TOKEN }} run: | @@ -166,77 +187,68 @@ jobs: CHART_NAME=$(grep '^name:' Chart.yaml | awk '{print $2}') PACKAGE_FILE="${CHART_NAME}-${APP_VERSION}.tgz" RELEASE_BODY="phpMyAdmin Helm Chart v${APP_VERSION} - phpMyAdmin: ${{ steps.phpmyadmin.outputs.latest }}, Nginx: ${{ steps.nginx.outputs.latest }}" - - # リリースを作成 - curl -X POST \ - -H "Authorization: token ${GITEA_TOKEN}" \ - -H "Content-Type: application/json" \ - -d "{\"tag_name\":\"v${APP_VERSION}\",\"name\":\"v${APP_VERSION}\",\"body\":\"${RELEASE_BODY}\"}" \ - "${GITHUB_API_URL}/repos/${GITHUB_REPOSITORY}/releases" - - # リリースIDを取得 - RELEASE_ID=$(curl -s \ - -H "Authorization: token ${GITEA_TOKEN}" \ - "${GITHUB_API_URL}/repos/${GITHUB_REPOSITORY}/releases/tags/v${APP_VERSION}" | jq -r '.id') - - # アセットをアップロード - curl -X POST \ - -H "Authorization: token ${GITEA_TOKEN}" \ - -H "Content-Type: application/gzip" \ - --data-binary "@${PACKAGE_FILE}" \ - "${GITHUB_API_URL}/repos/${GITHUB_REPOSITORY}/releases/${RELEASE_ID}/assets?name=${PACKAGE_FILE}" - - echo "Release created with asset: ${PACKAGE_FILE}" - - name: Checkout Helm Repository - if: steps.check_update.outputs.update_needed == 'true' - uses: actions/checkout@v3 - with: - repository: helmchart/repo - token: ${{ secrets.GITEA_TOKEN }} - path: helm-repo - fetch-depth: 0 + # リリースが既に存在するか確認 + EXISTING=$(curl -s \ + -H "Authorization: token ${GITEA_TOKEN}" \ + "${GITHUB_API_URL}/repos/${GITHUB_REPOSITORY}/releases/tags/v${APP_VERSION}" | jq -r '.id // empty') - - name: Update Helm Repository Index - if: steps.check_update.outputs.update_needed == 'true' + if [ -n "$EXISTING" ]; then + echo "Release v$APP_VERSION already exists (id=$EXISTING), skipping" + else + # リリースを作成 + RELEASE_ID=$(curl -s -X POST \ + -H "Authorization: token ${GITEA_TOKEN}" \ + -H "Content-Type: application/json" \ + -d "{\"tag_name\":\"v${APP_VERSION}\",\"name\":\"v${APP_VERSION}\",\"body\":\"${RELEASE_BODY}\"}" \ + "${GITHUB_API_URL}/repos/${GITHUB_REPOSITORY}/releases" | jq -r '.id') + + # アセットをアップロード + curl -X POST \ + -H "Authorization: token ${GITEA_TOKEN}" \ + -H "Content-Type: application/gzip" \ + --data-binary "@${PACKAGE_FILE}" \ + "${GITHUB_API_URL}/repos/${GITHUB_REPOSITORY}/releases/${RELEASE_ID}/assets?name=${PACKAGE_FILE}" + + echo "Release v$APP_VERSION created with asset: ${PACKAGE_FILE}" + fi + + - name: Publish to Gitea Package Registry + if: steps.check_update.outputs.release_needed == 'true' run: | - set -e - APP_VERSION="${{ steps.phpmyadmin.outputs.app_version }}" CHART_NAME=$(grep '^name:' Chart.yaml | awk '{print $2}') + APP_VERSION="${{ steps.phpmyadmin.outputs.app_version }}" PACKAGE_FILE="${CHART_NAME}-${APP_VERSION}.tgz" - - echo "Updating Helm repository..." - - # パッケージファイルをHelmリポジトリにコピー - cp "${PACKAGE_FILE}" helm-repo/ - - cd helm-repo - - # index.yamlを生成/更新 - helm repo index . --url "https://git.cafepieters.com/helmchart/repo/raw/branch/main" - - # コミットしてプッシュ - git config user.name "Gitea Actions Bot" - git config user.email "actions@gitea.local" - git add "${PACKAGE_FILE}" index.yaml - git commit -m "chore: add ${CHART_NAME} v${APP_VERSION}" || echo "No changes to commit" - git push origin main - - echo "Helm repository updated successfully" + + echo "Publishing ${PACKAGE_FILE} to Gitea Package Registry..." + curl --fail-with-body \ + -u "${{ secrets.REGISTRY_USER }}:${{ secrets.REGISTRY_TOKEN }}" \ + -X POST \ + --upload-file "${PACKAGE_FILE}" \ + "${REGISTRY_URL}/api/packages/${OWNER}/helm/api/charts" + + echo "Chart published to registry successfully" - name: Summary - if: steps.check_update.outputs.update_needed == 'true' run: | APP_VERSION="${{ steps.phpmyadmin.outputs.app_version }}" NGINX_VERSION="${{ steps.nginx.outputs.latest }}" PMA_VERSION="${{ steps.phpmyadmin.outputs.latest }}" + UPDATE_NEEDED="${{ steps.check_update.outputs.update_needed }}" + RELEASE_NEEDED="${{ steps.check_update.outputs.release_needed }}" echo "========================================" - echo "Update completed successfully!" + if [ "$UPDATE_NEEDED" = "true" ]; then + echo "Update completed!" + else + echo "Already up to date, no changes." + fi echo "========================================" - echo "Chart Version: ${APP_VERSION}" echo "phpMyAdmin: ${PMA_VERSION}" echo "Nginx: ${NGINX_VERSION}" + if [ "$RELEASE_NEEDED" = "true" ]; then + echo "Chart Version: ${APP_VERSION} (released)" + echo "Registry: ${REGISTRY_URL}/api/packages/${OWNER}/helm" + else + echo "No release (nginx-only or no update)" + fi echo "========================================" - echo "Helm repository updated at:" - echo "https://git.cafepieters.com/helmchart/repo" - echo "========================================" \ No newline at end of file diff --git a/CLAUDE.md b/CLAUDE.md new file mode 100644 index 0000000..6302d3a --- /dev/null +++ b/CLAUDE.md @@ -0,0 +1,50 @@ +# phpMyAdmin Helm Chart - CLAUDE.md + +## リポジトリ概要 + +nginx をリバースプロキシとして使用する phpMyAdmin を Kubernetes 上にデプロイするHelmチャートです。 +Raspberry Pi などのベアメタル上で動作する Kubernetes クラスタを想定した構成になっています。 + +## 実行環境について + +**PHP実行環境はこのチャートには含まれません。** +phpMyAdmin は公式イメージ (`phpmyadmin/phpmyadmin`) の `-fpm-alpine` タグを使用しており、 +PHP-FPM はその公式イメージ内に含まれています。別途 PHP 実行環境を用意する必要はありません。 + +## Git 情報 + +- **ユーザー名**: Claude +- **メールアドレス**: claude@cafepieters.com +- **リポジトリ**: ssh://git@192.168.9.65/helmchart/phpmyadmin.git + +## リリースフローのルール + +### バージョン番号の方針 +- Helmチャートのバージョン番号(`Chart.yaml` の `version` / `appVersion`)は、**主アプリ(phpMyAdmin)のバージョン番号と同一**とする。 + +### 自動リリース条件 +- **phpMyAdmin バージョン更新時**: `values.yaml` と `Chart.yaml` を更新し、Gitタグ・Giteaリリース・Gitea Package Registry への発行まで行う。 +- **nginx のみの更新時**: `values.yaml` の該当タグのみ更新してコミットするが、**リリースは行わない**。 + +### 手動リリース(臨時) +- 改修作業などで手動リリースが必要な場合は、バージョン末尾にアルファベットを付与する。 + - 例: `5.2.3` → `5.2.3-a`, `5.2.3-b` + +## ワークフロー構成 + +### `.gitea/workflows/image-update-and-release.yaml` +毎週月曜日 3:00 AM(JST 12:00 PM)に自動実行され、以下を行う: +1. Docker Hub から nginx・phpMyAdmin の最新バージョンを取得 +2. 更新がある場合は `values.yaml` を更新 +3. phpMyAdmin のバージョンが更新された場合のみ、Helm チャートのリリースを実施 + +### `.gitea/workflows/helm-release.yaml` +`main` ブランチへのプッシュ時に自動実行。Gitea Package Registry にチャートを発行する。 + +## 必要な Gitea Secrets + +| シークレット名 | 用途 | +|---|---| +| `GITEA_TOKEN` | Gitea API(リリース作成・タグ操作) | +| `REGISTRY_USER` | Gitea Package Registry ユーザー名 | +| `REGISTRY_TOKEN` | Gitea Package Registry トークン |