Copilot commented on code in PR #814: URL: https://github.com/apache/solr-operator/pull/814#discussion_r2731781946
########## helm/solr/README.md: ########## @@ -33,9 +33,15 @@ There may be breaking changes between the version you are using and the version ### Installing the Chart -To install a SolrCloud for the first time in your cluster, you can use the latest version or a specific version, run with the following commands: +The Solr Helm chart can be installed using either the OCI registry (recommended) or the traditional HTTPS helm repository. + +To install a SolrCloud for the first time in your cluster, you can use the latest version or a specific version: ```bash +# Via OCI registry (recommended) +helm install example oci://docker.io/apache/solr-chart --version 0.10.0-prerelease --set image.tag=9.10.0 Review Comment: The OCI registry path is incorrect. Based on the chart name "solr" in helm/solr/Chart.yaml, the correct path should be: `helm install example oci://docker.io/apache/solr --version 0.10.0-prerelease --set image.tag=9.10.0` The chart name comes from Chart.yaml and cannot be overridden with a different path suffix. ```suggestion helm install example oci://docker.io/apache/solr --version 0.10.0-prerelease --set image.tag=9.10.0 ``` ########## helm/solr-operator/README.md: ########## @@ -67,18 +88,20 @@ If you want to specify the namespace for the installation, use the `--namespace` All resources will be deployed to the given namespace. ```bash -helm install solr-operator apache-solr/solr-operator --namespace solr +helm install solr-operator oci://docker.io/apache/solr-operator-chart --version 0.10.0-prerelease --namespace solr ``` If you want to only watch that namespace, or others, then you will have to provide the `watchNamespaces` option. ```bash # Watch the namespace where the operator is deployed to (just pass the boolean true) -helm install solr-operator apache-solr/solr-operator --namespace solr --set watchNamespaces=true +helm install solr-operator oci://docker.io/apache/solr-operator-chart --version 0.10.0-prerelease --namespace solr --set watchNamespaces=true Review Comment: The OCI registry path is incorrect. Based on the chart name "solr-operator" in helm/solr-operator/Chart.yaml, the correct path should be: `helm install solr-operator oci://docker.io/apache/solr-operator --version 0.10.0-prerelease --namespace solr --set watchNamespaces=true` The chart name comes from Chart.yaml and cannot be overridden with a different path suffix. ########## .github/workflows/publish-helm-oci.yaml: ########## @@ -0,0 +1,198 @@ +# +# Licensed to the Apache Software Foundation (ASF) under one or more +# contributor license agreements. See the NOTICE file distributed with +# this work for additional information regarding copyright ownership. +# The ASF licenses this file to You under the Apache License, Version 2.0 +# (the "License"); you may not use this file except in compliance with +# the License. You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. +# + +name: Publish Helm Charts to OCI Registry + +on: + workflow_dispatch: + inputs: + solr-operator-chart-url: + description: 'URL to solr-operator Helm chart tarball (e.g., https://dist.apache.org/repos/dist/release/solr/solr-operator/v0.10.0/helm-charts/solr-operator-0.10.0.tgz)' + required: true + type: string + solr-chart-url: + description: 'URL to solr Helm chart tarball (e.g., https://dist.apache.org/repos/dist/release/solr/solr-operator/v0.10.0/helm-charts/solr-0.10.0.tgz)' + required: true + type: string + dry-run: + description: 'Dry run - download and verify charts but do not push to OCI registry' + required: false + type: boolean + default: false + +permissions: + contents: read + +jobs: + publish-oci: + name: Publish Helm Charts to OCI Registry + runs-on: ubuntu-latest + steps: + - name: Install Helm + uses: azure/setup-helm@v4 + with: + version: 'latest' + + - name: Login to Docker Hub + if: ${{ !inputs.dry-run }} + uses: docker/login-action@v3 + with: + username: ${{ secrets.DOCKERHUB_USER }} + password: ${{ secrets.DOCKERHUB_TOKEN }} + + - name: Validate Input URLs + run: | + # Validate URLs are from expected Apache dist domain + if [[ ! "${{ inputs.solr-operator-chart-url }}" =~ ^https://dist\.apache\.org/repos/dist/(release|dev)/solr/ ]]; then + echo "Error: solr-operator-chart-url must be from dist.apache.org" + exit 1 + fi + if [[ ! "${{ inputs.solr-chart-url }}" =~ ^https://dist\.apache\.org/repos/dist/(release|dev)/solr/ ]]; then + echo "Error: solr-chart-url must be from dist.apache.org" + exit 1 + fi + echo "✓ URLs validated" + + - name: Download Helm Charts + run: | + set -e + echo "Downloading solr-operator chart from: ${{ inputs.solr-operator-chart-url }}" + curl --fail --show-error --location --retry 3 --retry-delay 5 \ + -o solr-operator.tgz "${{ inputs.solr-operator-chart-url }}" + + echo "Downloading solr chart from: ${{ inputs.solr-chart-url }}" + curl --fail --show-error --location --retry 3 --retry-delay 5 \ + -o solr.tgz "${{ inputs.solr-chart-url }}" + + echo "Charts downloaded successfully:" + ls -lh *.tgz + + # Verify they are valid tar files + echo "Verifying chart integrity..." + tar -tzf solr-operator.tgz > /dev/null + tar -tzf solr.tgz > /dev/null + echo "✓ Charts are valid tarballs" + + - name: Download and Verify Checksums + run: | + set -e + echo "Downloading checksums..." + + # Download SHA512 checksums + curl --fail --show-error --location --retry 3 --retry-delay 5 \ + -o solr-operator.tgz.sha512 "${{ inputs.solr-operator-chart-url }}.sha512" + + curl --fail --show-error --location --retry 3 --retry-delay 5 \ + -o solr.tgz.sha512 "${{ inputs.solr-chart-url }}.sha512" + + echo "Checksums downloaded:" + ls -lh *.sha512 + + # Verify SHA512 checksums + echo "Verifying solr-operator chart checksum..." + sha512sum -c solr-operator.tgz.sha512 + echo "✓ solr-operator chart checksum verified" + + echo "Verifying solr chart checksum..." + sha512sum -c solr.tgz.sha512 + echo "✓ solr chart checksum verified" + + echo "" + echo "✅ All checksums verified successfully" + + - name: Extract Chart Versions + id: versions + run: | + # Extract version from solr-operator chart + OPERATOR_VERSION=$(tar -xzOf solr-operator.tgz solr-operator/Chart.yaml | grep '^version:' | awk '{print $2}') + echo "operator-version=${OPERATOR_VERSION}" >> $GITHUB_OUTPUT + echo "Solr Operator Chart Version: ${OPERATOR_VERSION}" + + # Extract version from solr chart + SOLR_VERSION=$(tar -xzOf solr.tgz solr/Chart.yaml | grep '^version:' | awk '{print $2}') + echo "solr-version=${SOLR_VERSION}" >> $GITHUB_OUTPUT + echo "Solr Chart Version: ${SOLR_VERSION}" + + - name: Push solr-operator chart to OCI registry + if: ${{ !inputs.dry-run }} + run: | + echo "Pushing solr-operator chart (version ${{ steps.versions.outputs.operator-version }}) to oci://docker.io/apache/solr-operator-chart" + helm push solr-operator.tgz oci://docker.io/apache/solr-operator-chart + echo "✓ solr-operator chart pushed successfully" + + - name: Push solr chart to OCI registry + if: ${{ !inputs.dry-run }} + run: | + echo "Pushing solr chart (version ${{ steps.versions.outputs.solr-version }}) to oci://docker.io/apache/solr-chart" + helm push solr.tgz oci://docker.io/apache/solr-chart + echo "✓ solr chart pushed successfully" + + - name: Dry Run Summary + if: ${{ inputs.dry-run }} + run: | + echo "## 🧪 Dry Run Mode - No Charts Published" >> $GITHUB_STEP_SUMMARY + echo "" >> $GITHUB_STEP_SUMMARY + echo "### Validation Results" >> $GITHUB_STEP_SUMMARY + echo "- ✅ URLs validated from dist.apache.org" >> $GITHUB_STEP_SUMMARY + echo "- ✅ Charts downloaded successfully" >> $GITHUB_STEP_SUMMARY + echo "- ✅ Chart integrity verified (valid tarballs)" >> $GITHUB_STEP_SUMMARY + echo "- ✅ SHA512 checksums verified" >> $GITHUB_STEP_SUMMARY + echo "- ✅ Chart versions extracted" >> $GITHUB_STEP_SUMMARY + echo "" >> $GITHUB_STEP_SUMMARY + echo "### Chart Information" >> $GITHUB_STEP_SUMMARY + echo "- **Solr Operator Version**: \`${{ steps.versions.outputs.operator-version }}\`" >> $GITHUB_STEP_SUMMARY + echo "- **Solr Chart Version**: \`${{ steps.versions.outputs.solr-version }}\`" >> $GITHUB_STEP_SUMMARY + echo "" >> $GITHUB_STEP_SUMMARY + echo "### Next Steps" >> $GITHUB_STEP_SUMMARY + echo "Run this workflow again with **dry-run = false** to publish the charts to OCI registries." >> $GITHUB_STEP_SUMMARY + + - name: Verify Published Charts + if: ${{ !inputs.dry-run }} + run: | + echo "Verifying charts are accessible from OCI registry..." + + # Verify solr-operator chart + echo "Pulling solr-operator chart version ${{ steps.versions.outputs.operator-version }}..." + helm pull oci://docker.io/apache/solr-operator-chart --version ${{ steps.versions.outputs.operator-version }} Review Comment: The OCI registry path in the helm pull command is incorrect. Based on the chart name in Chart.yaml, this should be: `helm pull oci://docker.io/apache/solr-operator --version ${{ steps.versions.outputs.operator-version }}` This matches the actual location where the chart will be published when pushed with helm (see comment on line 134). ```suggestion helm pull oci://docker.io/apache/solr-operator --version ${{ steps.versions.outputs.operator-version }} ``` ########## .github/workflows/publish-helm-oci.yaml: ########## @@ -0,0 +1,198 @@ +# +# Licensed to the Apache Software Foundation (ASF) under one or more +# contributor license agreements. See the NOTICE file distributed with +# this work for additional information regarding copyright ownership. +# The ASF licenses this file to You under the Apache License, Version 2.0 +# (the "License"); you may not use this file except in compliance with +# the License. You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. +# + +name: Publish Helm Charts to OCI Registry + +on: + workflow_dispatch: + inputs: + solr-operator-chart-url: + description: 'URL to solr-operator Helm chart tarball (e.g., https://dist.apache.org/repos/dist/release/solr/solr-operator/v0.10.0/helm-charts/solr-operator-0.10.0.tgz)' + required: true + type: string + solr-chart-url: + description: 'URL to solr Helm chart tarball (e.g., https://dist.apache.org/repos/dist/release/solr/solr-operator/v0.10.0/helm-charts/solr-0.10.0.tgz)' + required: true + type: string + dry-run: + description: 'Dry run - download and verify charts but do not push to OCI registry' + required: false + type: boolean + default: false + +permissions: + contents: read + +jobs: + publish-oci: + name: Publish Helm Charts to OCI Registry + runs-on: ubuntu-latest + steps: + - name: Install Helm + uses: azure/setup-helm@v4 + with: + version: 'latest' + + - name: Login to Docker Hub + if: ${{ !inputs.dry-run }} + uses: docker/login-action@v3 + with: + username: ${{ secrets.DOCKERHUB_USER }} + password: ${{ secrets.DOCKERHUB_TOKEN }} + + - name: Validate Input URLs + run: | + # Validate URLs are from expected Apache dist domain + if [[ ! "${{ inputs.solr-operator-chart-url }}" =~ ^https://dist\.apache\.org/repos/dist/(release|dev)/solr/ ]]; then + echo "Error: solr-operator-chart-url must be from dist.apache.org" + exit 1 + fi + if [[ ! "${{ inputs.solr-chart-url }}" =~ ^https://dist\.apache\.org/repos/dist/(release|dev)/solr/ ]]; then + echo "Error: solr-chart-url must be from dist.apache.org" + exit 1 + fi + echo "✓ URLs validated" + + - name: Download Helm Charts + run: | + set -e + echo "Downloading solr-operator chart from: ${{ inputs.solr-operator-chart-url }}" + curl --fail --show-error --location --retry 3 --retry-delay 5 \ + -o solr-operator.tgz "${{ inputs.solr-operator-chart-url }}" + + echo "Downloading solr chart from: ${{ inputs.solr-chart-url }}" + curl --fail --show-error --location --retry 3 --retry-delay 5 \ + -o solr.tgz "${{ inputs.solr-chart-url }}" + + echo "Charts downloaded successfully:" + ls -lh *.tgz + + # Verify they are valid tar files + echo "Verifying chart integrity..." + tar -tzf solr-operator.tgz > /dev/null + tar -tzf solr.tgz > /dev/null + echo "✓ Charts are valid tarballs" + + - name: Download and Verify Checksums + run: | + set -e + echo "Downloading checksums..." + + # Download SHA512 checksums + curl --fail --show-error --location --retry 3 --retry-delay 5 \ + -o solr-operator.tgz.sha512 "${{ inputs.solr-operator-chart-url }}.sha512" + + curl --fail --show-error --location --retry 3 --retry-delay 5 \ + -o solr.tgz.sha512 "${{ inputs.solr-chart-url }}.sha512" + + echo "Checksums downloaded:" + ls -lh *.sha512 + + # Verify SHA512 checksums + echo "Verifying solr-operator chart checksum..." + sha512sum -c solr-operator.tgz.sha512 + echo "✓ solr-operator chart checksum verified" + + echo "Verifying solr chart checksum..." + sha512sum -c solr.tgz.sha512 + echo "✓ solr chart checksum verified" + + echo "" + echo "✅ All checksums verified successfully" + + - name: Extract Chart Versions + id: versions + run: | + # Extract version from solr-operator chart + OPERATOR_VERSION=$(tar -xzOf solr-operator.tgz solr-operator/Chart.yaml | grep '^version:' | awk '{print $2}') + echo "operator-version=${OPERATOR_VERSION}" >> $GITHUB_OUTPUT + echo "Solr Operator Chart Version: ${OPERATOR_VERSION}" + + # Extract version from solr chart + SOLR_VERSION=$(tar -xzOf solr.tgz solr/Chart.yaml | grep '^version:' | awk '{print $2}') + echo "solr-version=${SOLR_VERSION}" >> $GITHUB_OUTPUT + echo "Solr Chart Version: ${SOLR_VERSION}" + + - name: Push solr-operator chart to OCI registry + if: ${{ !inputs.dry-run }} + run: | + echo "Pushing solr-operator chart (version ${{ steps.versions.outputs.operator-version }}) to oci://docker.io/apache/solr-operator-chart" + helm push solr-operator.tgz oci://docker.io/apache/solr-operator-chart + echo "✓ solr-operator chart pushed successfully" + + - name: Push solr chart to OCI registry + if: ${{ !inputs.dry-run }} + run: | + echo "Pushing solr chart (version ${{ steps.versions.outputs.solr-version }}) to oci://docker.io/apache/solr-chart" + helm push solr.tgz oci://docker.io/apache/solr-chart Review Comment: The OCI registry path in the echo statement is incorrect. Based on the chart name in Chart.yaml, the correct path should be: `oci://docker.io/apache/solr` The chart name comes from Chart.yaml and cannot be overridden with a different path suffix. ```suggestion echo "Pushing solr chart (version ${{ steps.versions.outputs.solr-version }}) to oci://docker.io/apache/solr" helm push solr.tgz oci://docker.io/apache/solr ``` ########## helm/solr-operator/README.md: ########## @@ -57,7 +72,13 @@ _Note that the Helm chart version does not contain a `v` prefix, which the downl If you are upgrading your Solr Operator deployment, you should always use a specific version of the chart and pre-install the Solr CRDS: ```bash +# Upgrade CRDs first kubectl replace -f https://solr.apache.org/operator/downloads/crds/v0.10.0-prerelease/all-with-dependencies.yaml + +# Upgrade via OCI registry (recommended) +helm upgrade solr-operator oci://docker.io/apache/solr-operator-chart --version 0.10.0-prerelease Review Comment: The OCI registry path is incorrect. Based on the chart name "solr-operator" in helm/solr-operator/Chart.yaml, the correct path should be: `helm upgrade solr-operator oci://docker.io/apache/solr-operator --version 0.10.0-prerelease` The chart name comes from Chart.yaml and cannot be overridden with a different path suffix. ########## helm/solr-operator/README.md: ########## @@ -67,18 +88,20 @@ If you want to specify the namespace for the installation, use the `--namespace` All resources will be deployed to the given namespace. ```bash -helm install solr-operator apache-solr/solr-operator --namespace solr +helm install solr-operator oci://docker.io/apache/solr-operator-chart --version 0.10.0-prerelease --namespace solr Review Comment: The OCI registry path is incorrect. Based on the chart name "solr-operator" in helm/solr-operator/Chart.yaml, the correct path should be: `helm install solr-operator oci://docker.io/apache/solr-operator --version 0.10.0-prerelease --namespace solr` The chart name comes from Chart.yaml and cannot be overridden with a different path suffix. ########## hack/release/wizard/releaseWizard.yaml: ########## @@ -1108,6 +1108,53 @@ groups: cmd: ./hack/release/upload/upload_helm.sh -g "{{ gpg_key | default("<gpg_key_id>", True) }}" -a "{{ gpg.apache_id | default("<apache_id>", True) }}" -c "{{ official_helm_charts_url }}" -r "{{ dist_release_url }}" logfile: upload_helm.log tee: true + - !Todo + id: publish_helm_charts_oci + title: Publish Helm charts to OCI registry (Docker Hub) + depends: publish_helm_charts + vars: + dist_release_url: https://dist.apache.org/repos/dist/release/solr/solr-operator/{{ release_version }} + solr_operator_chart_url: '{{ dist_release_url }}/helm-charts/solr-operator-{{ release_version[1:] }}.tgz' + solr_chart_url: '{{ dist_release_url }}/helm-charts/solr-{{ release_version[1:] }}.tgz' + workflow_url: https://github.com/apache/solr-operator/actions/workflows/publish-helm-oci.yaml + description: | + Publish the Helm charts to OCI registries on Docker Hub using the GitHub Actions workflow. + + This task publishes the voted Helm charts to OCI registries, making them available via: + - oci://docker.io/apache/solr-operator-chart + - oci://docker.io/apache/solr-chart + + Steps to publish: + 1. Navigate to the GitHub Actions workflow: + {{ workflow_url }} + + 2. Click the "Run workflow" button on the right side + + 3. Fill in the workflow inputs: + - solr-operator-chart-url: {{ solr_operator_chart_url }} + - solr-chart-url: {{ solr_chart_url }} + - dry-run: false (set to true for validation without publishing) + + 4. Optional: Run with dry-run=true first to verify: + - URLs are valid and accessible + - Charts download successfully + - SHA512 checksums match + - Chart versions are correct + + 5. Click "Run workflow" to start the job + + 6. Monitor the workflow execution for any errors + + 7. Verify successful completion by checking that both charts are accessible: + helm pull oci://docker.io/apache/solr-operator-chart --version {{ release_version[1:] }} + helm pull oci://docker.io/apache/solr-chart --version {{ release_version[1:] }} Review Comment: The OCI registry paths in the verification commands are incorrect. Based on the chart names in Chart.yaml files, the correct commands should be: - `helm pull oci://docker.io/apache/solr-operator --version {{ release_version[1:] }}` - `helm pull oci://docker.io/apache/solr --version {{ release_version[1:] }}` The chart names come from Chart.yaml and cannot be overridden with a different path suffix. ########## helm/solr-operator/README.md: ########## @@ -91,7 +114,11 @@ If you have solr operator installations in multiple namespaces that are managed This can be done with the `--skip-crds` helm option. ```bash -helm install solr-operator apache-solr/solr-operator --skip-crds --namespace solr +# Via OCI registry +helm install solr-operator oci://docker.io/apache/solr-operator-chart --version 0.10.0-prerelease --skip-crds --namespace solr Review Comment: The OCI registry path is incorrect. Based on the chart name "solr-operator" in helm/solr-operator/Chart.yaml, the correct path should be: `helm install solr-operator oci://docker.io/apache/solr-operator --version 0.10.0-prerelease --skip-crds --namespace solr` The chart name comes from Chart.yaml and cannot be overridden with a different path suffix. ########## .github/workflows/publish-helm-oci.yaml: ########## @@ -0,0 +1,198 @@ +# +# Licensed to the Apache Software Foundation (ASF) under one or more +# contributor license agreements. See the NOTICE file distributed with +# this work for additional information regarding copyright ownership. +# The ASF licenses this file to You under the Apache License, Version 2.0 +# (the "License"); you may not use this file except in compliance with +# the License. You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. +# + +name: Publish Helm Charts to OCI Registry + +on: + workflow_dispatch: + inputs: + solr-operator-chart-url: + description: 'URL to solr-operator Helm chart tarball (e.g., https://dist.apache.org/repos/dist/release/solr/solr-operator/v0.10.0/helm-charts/solr-operator-0.10.0.tgz)' + required: true + type: string + solr-chart-url: + description: 'URL to solr Helm chart tarball (e.g., https://dist.apache.org/repos/dist/release/solr/solr-operator/v0.10.0/helm-charts/solr-0.10.0.tgz)' + required: true + type: string + dry-run: + description: 'Dry run - download and verify charts but do not push to OCI registry' + required: false + type: boolean + default: false + +permissions: + contents: read + +jobs: + publish-oci: + name: Publish Helm Charts to OCI Registry + runs-on: ubuntu-latest + steps: + - name: Install Helm + uses: azure/setup-helm@v4 + with: + version: 'latest' + + - name: Login to Docker Hub + if: ${{ !inputs.dry-run }} + uses: docker/login-action@v3 + with: + username: ${{ secrets.DOCKERHUB_USER }} + password: ${{ secrets.DOCKERHUB_TOKEN }} + + - name: Validate Input URLs + run: | + # Validate URLs are from expected Apache dist domain + if [[ ! "${{ inputs.solr-operator-chart-url }}" =~ ^https://dist\.apache\.org/repos/dist/(release|dev)/solr/ ]]; then + echo "Error: solr-operator-chart-url must be from dist.apache.org" + exit 1 + fi + if [[ ! "${{ inputs.solr-chart-url }}" =~ ^https://dist\.apache\.org/repos/dist/(release|dev)/solr/ ]]; then + echo "Error: solr-chart-url must be from dist.apache.org" + exit 1 + fi + echo "✓ URLs validated" + + - name: Download Helm Charts + run: | + set -e + echo "Downloading solr-operator chart from: ${{ inputs.solr-operator-chart-url }}" + curl --fail --show-error --location --retry 3 --retry-delay 5 \ + -o solr-operator.tgz "${{ inputs.solr-operator-chart-url }}" + + echo "Downloading solr chart from: ${{ inputs.solr-chart-url }}" + curl --fail --show-error --location --retry 3 --retry-delay 5 \ + -o solr.tgz "${{ inputs.solr-chart-url }}" + + echo "Charts downloaded successfully:" + ls -lh *.tgz + + # Verify they are valid tar files + echo "Verifying chart integrity..." + tar -tzf solr-operator.tgz > /dev/null + tar -tzf solr.tgz > /dev/null + echo "✓ Charts are valid tarballs" + + - name: Download and Verify Checksums + run: | + set -e + echo "Downloading checksums..." + + # Download SHA512 checksums + curl --fail --show-error --location --retry 3 --retry-delay 5 \ + -o solr-operator.tgz.sha512 "${{ inputs.solr-operator-chart-url }}.sha512" + + curl --fail --show-error --location --retry 3 --retry-delay 5 \ + -o solr.tgz.sha512 "${{ inputs.solr-chart-url }}.sha512" + + echo "Checksums downloaded:" + ls -lh *.sha512 + + # Verify SHA512 checksums + echo "Verifying solr-operator chart checksum..." + sha512sum -c solr-operator.tgz.sha512 + echo "✓ solr-operator chart checksum verified" + + echo "Verifying solr chart checksum..." + sha512sum -c solr.tgz.sha512 + echo "✓ solr chart checksum verified" + + echo "" + echo "✅ All checksums verified successfully" + + - name: Extract Chart Versions + id: versions + run: | + # Extract version from solr-operator chart + OPERATOR_VERSION=$(tar -xzOf solr-operator.tgz solr-operator/Chart.yaml | grep '^version:' | awk '{print $2}') + echo "operator-version=${OPERATOR_VERSION}" >> $GITHUB_OUTPUT + echo "Solr Operator Chart Version: ${OPERATOR_VERSION}" + + # Extract version from solr chart + SOLR_VERSION=$(tar -xzOf solr.tgz solr/Chart.yaml | grep '^version:' | awk '{print $2}') + echo "solr-version=${SOLR_VERSION}" >> $GITHUB_OUTPUT + echo "Solr Chart Version: ${SOLR_VERSION}" + + - name: Push solr-operator chart to OCI registry + if: ${{ !inputs.dry-run }} + run: | + echo "Pushing solr-operator chart (version ${{ steps.versions.outputs.operator-version }}) to oci://docker.io/apache/solr-operator-chart" + helm push solr-operator.tgz oci://docker.io/apache/solr-operator-chart + echo "✓ solr-operator chart pushed successfully" + + - name: Push solr chart to OCI registry + if: ${{ !inputs.dry-run }} + run: | + echo "Pushing solr chart (version ${{ steps.versions.outputs.solr-version }}) to oci://docker.io/apache/solr-chart" + helm push solr.tgz oci://docker.io/apache/solr-chart + echo "✓ solr chart pushed successfully" + + - name: Dry Run Summary + if: ${{ inputs.dry-run }} + run: | + echo "## 🧪 Dry Run Mode - No Charts Published" >> $GITHUB_STEP_SUMMARY + echo "" >> $GITHUB_STEP_SUMMARY + echo "### Validation Results" >> $GITHUB_STEP_SUMMARY + echo "- ✅ URLs validated from dist.apache.org" >> $GITHUB_STEP_SUMMARY + echo "- ✅ Charts downloaded successfully" >> $GITHUB_STEP_SUMMARY + echo "- ✅ Chart integrity verified (valid tarballs)" >> $GITHUB_STEP_SUMMARY + echo "- ✅ SHA512 checksums verified" >> $GITHUB_STEP_SUMMARY + echo "- ✅ Chart versions extracted" >> $GITHUB_STEP_SUMMARY + echo "" >> $GITHUB_STEP_SUMMARY + echo "### Chart Information" >> $GITHUB_STEP_SUMMARY + echo "- **Solr Operator Version**: \`${{ steps.versions.outputs.operator-version }}\`" >> $GITHUB_STEP_SUMMARY + echo "- **Solr Chart Version**: \`${{ steps.versions.outputs.solr-version }}\`" >> $GITHUB_STEP_SUMMARY + echo "" >> $GITHUB_STEP_SUMMARY + echo "### Next Steps" >> $GITHUB_STEP_SUMMARY + echo "Run this workflow again with **dry-run = false** to publish the charts to OCI registries." >> $GITHUB_STEP_SUMMARY + + - name: Verify Published Charts + if: ${{ !inputs.dry-run }} + run: | + echo "Verifying charts are accessible from OCI registry..." + + # Verify solr-operator chart + echo "Pulling solr-operator chart version ${{ steps.versions.outputs.operator-version }}..." + helm pull oci://docker.io/apache/solr-operator-chart --version ${{ steps.versions.outputs.operator-version }} + echo "✓ solr-operator chart verified" + + # Verify solr chart + echo "Pulling solr chart version ${{ steps.versions.outputs.solr-version }}..." + helm pull oci://docker.io/apache/solr-chart --version ${{ steps.versions.outputs.solr-version }} Review Comment: The OCI registry path in the helm pull command is incorrect. Based on the chart name in Chart.yaml, this should be: `helm pull oci://docker.io/apache/solr --version ${{ steps.versions.outputs.solr-version }}` This matches the actual location where the chart will be published when pushed with helm (see comment on line 141). ########## .github/workflows/publish-helm-oci.yaml: ########## @@ -0,0 +1,198 @@ +# +# Licensed to the Apache Software Foundation (ASF) under one or more +# contributor license agreements. See the NOTICE file distributed with +# this work for additional information regarding copyright ownership. +# The ASF licenses this file to You under the Apache License, Version 2.0 +# (the "License"); you may not use this file except in compliance with +# the License. You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. +# + +name: Publish Helm Charts to OCI Registry + +on: + workflow_dispatch: + inputs: + solr-operator-chart-url: + description: 'URL to solr-operator Helm chart tarball (e.g., https://dist.apache.org/repos/dist/release/solr/solr-operator/v0.10.0/helm-charts/solr-operator-0.10.0.tgz)' + required: true + type: string + solr-chart-url: + description: 'URL to solr Helm chart tarball (e.g., https://dist.apache.org/repos/dist/release/solr/solr-operator/v0.10.0/helm-charts/solr-0.10.0.tgz)' + required: true + type: string + dry-run: + description: 'Dry run - download and verify charts but do not push to OCI registry' + required: false + type: boolean + default: false + +permissions: + contents: read + +jobs: + publish-oci: + name: Publish Helm Charts to OCI Registry + runs-on: ubuntu-latest + steps: + - name: Install Helm + uses: azure/setup-helm@v4 + with: + version: 'latest' + + - name: Login to Docker Hub + if: ${{ !inputs.dry-run }} + uses: docker/login-action@v3 + with: + username: ${{ secrets.DOCKERHUB_USER }} + password: ${{ secrets.DOCKERHUB_TOKEN }} + + - name: Validate Input URLs + run: | + # Validate URLs are from expected Apache dist domain + if [[ ! "${{ inputs.solr-operator-chart-url }}" =~ ^https://dist\.apache\.org/repos/dist/(release|dev)/solr/ ]]; then + echo "Error: solr-operator-chart-url must be from dist.apache.org" + exit 1 + fi + if [[ ! "${{ inputs.solr-chart-url }}" =~ ^https://dist\.apache\.org/repos/dist/(release|dev)/solr/ ]]; then + echo "Error: solr-chart-url must be from dist.apache.org" + exit 1 + fi + echo "✓ URLs validated" + + - name: Download Helm Charts + run: | + set -e + echo "Downloading solr-operator chart from: ${{ inputs.solr-operator-chart-url }}" + curl --fail --show-error --location --retry 3 --retry-delay 5 \ + -o solr-operator.tgz "${{ inputs.solr-operator-chart-url }}" + + echo "Downloading solr chart from: ${{ inputs.solr-chart-url }}" + curl --fail --show-error --location --retry 3 --retry-delay 5 \ + -o solr.tgz "${{ inputs.solr-chart-url }}" + + echo "Charts downloaded successfully:" + ls -lh *.tgz + + # Verify they are valid tar files + echo "Verifying chart integrity..." + tar -tzf solr-operator.tgz > /dev/null + tar -tzf solr.tgz > /dev/null + echo "✓ Charts are valid tarballs" + + - name: Download and Verify Checksums + run: | + set -e + echo "Downloading checksums..." + + # Download SHA512 checksums + curl --fail --show-error --location --retry 3 --retry-delay 5 \ + -o solr-operator.tgz.sha512 "${{ inputs.solr-operator-chart-url }}.sha512" + + curl --fail --show-error --location --retry 3 --retry-delay 5 \ + -o solr.tgz.sha512 "${{ inputs.solr-chart-url }}.sha512" + + echo "Checksums downloaded:" + ls -lh *.sha512 + + # Verify SHA512 checksums + echo "Verifying solr-operator chart checksum..." + sha512sum -c solr-operator.tgz.sha512 + echo "✓ solr-operator chart checksum verified" + + echo "Verifying solr chart checksum..." + sha512sum -c solr.tgz.sha512 + echo "✓ solr chart checksum verified" + + echo "" + echo "✅ All checksums verified successfully" + + - name: Extract Chart Versions + id: versions + run: | + # Extract version from solr-operator chart + OPERATOR_VERSION=$(tar -xzOf solr-operator.tgz solr-operator/Chart.yaml | grep '^version:' | awk '{print $2}') + echo "operator-version=${OPERATOR_VERSION}" >> $GITHUB_OUTPUT + echo "Solr Operator Chart Version: ${OPERATOR_VERSION}" + + # Extract version from solr chart + SOLR_VERSION=$(tar -xzOf solr.tgz solr/Chart.yaml | grep '^version:' | awk '{print $2}') + echo "solr-version=${SOLR_VERSION}" >> $GITHUB_OUTPUT + echo "Solr Chart Version: ${SOLR_VERSION}" + + - name: Push solr-operator chart to OCI registry + if: ${{ !inputs.dry-run }} + run: | + echo "Pushing solr-operator chart (version ${{ steps.versions.outputs.operator-version }}) to oci://docker.io/apache/solr-operator-chart" + helm push solr-operator.tgz oci://docker.io/apache/solr-operator-chart Review Comment: The OCI registry path in the helm push command is incorrect. When using helm push with OCI registries, the chart name comes from the Chart.yaml file, not from the path. Since the chart is named "solr-operator" in helm/solr-operator/Chart.yaml, this command should be: `helm push solr-operator.tgz oci://docker.io/apache` This will make the chart available at `oci://docker.io/apache/solr-operator`, not `oci://docker.io/apache/solr-operator-chart`. All references throughout the PR (in documentation and this workflow) should use `oci://docker.io/apache/solr-operator` instead of `oci://docker.io/apache/solr-operator-chart`. If you want the `-chart` suffix, you would need to rename the chart in Chart.yaml. ```suggestion echo "Pushing solr-operator chart (version ${{ steps.versions.outputs.operator-version }}) to oci://docker.io/apache/solr-operator" helm push solr-operator.tgz oci://docker.io/apache ``` ########## helm/solr/README.md: ########## @@ -50,6 +56,10 @@ _Note that the Helm chart version does not contain a `v` prefix, which the Solr If you are upgrading your SolrCloud deployment, you should always use a specific version of the chart and upgrade **after [upgrading the Solr Operator](https://artifacthub.io/packages/helm/apache-solr/solr-operator#upgrading-the-solr-operator) to the same version**: ```bash +# Via OCI registry (recommended) +helm upgrade example oci://docker.io/apache/solr-chart --version 0.10.0-prerelease --reuse-values --set image.tag=9.10.0 Review Comment: The OCI registry path is incorrect. Based on the chart name "solr" in helm/solr/Chart.yaml, the correct path should be: `helm upgrade example oci://docker.io/apache/solr --version 0.10.0-prerelease --reuse-values --set image.tag=9.10.0` The chart name comes from Chart.yaml and cannot be overridden with a different path suffix. ########## helm/solr-operator/README.md: ########## @@ -67,18 +88,20 @@ If you want to specify the namespace for the installation, use the `--namespace` All resources will be deployed to the given namespace. ```bash -helm install solr-operator apache-solr/solr-operator --namespace solr +helm install solr-operator oci://docker.io/apache/solr-operator-chart --version 0.10.0-prerelease --namespace solr ``` If you want to only watch that namespace, or others, then you will have to provide the `watchNamespaces` option. ```bash # Watch the namespace where the operator is deployed to (just pass the boolean true) -helm install solr-operator apache-solr/solr-operator --namespace solr --set watchNamespaces=true +helm install solr-operator oci://docker.io/apache/solr-operator-chart --version 0.10.0-prerelease --namespace solr --set watchNamespaces=true + # Watch a single namespace different than the one being deployed to -helm install solr-operator apache-solr/solr-operator --namespace solr --set watchNamespaces=other -# Watch multiple namespaces (commmas must be escaped in the set string) -helm install solr-operator apache-solr/solr-operator --namespace solr --set watchNamespaces="team1\,team2\,team3" +helm install solr-operator oci://docker.io/apache/solr-operator-chart --version 0.10.0-prerelease --namespace solr --set watchNamespaces=other + +# Watch multiple namespaces (commas must be escaped in the set string) +helm install solr-operator oci://docker.io/apache/solr-operator-chart --version 0.10.0-prerelease --namespace solr --set watchNamespaces="team1\,team2\,team3" Review Comment: The OCI registry path is incorrect. Based on the chart name "solr-operator" in helm/solr-operator/Chart.yaml, the correct path should be: `helm install solr-operator oci://docker.io/apache/solr-operator --version 0.10.0-prerelease --namespace solr --set watchNamespaces="team1\,team2\,team3"` The chart name comes from Chart.yaml and cannot be overridden with a different path suffix. ########## .github/workflows/publish-helm-oci.yaml: ########## @@ -0,0 +1,198 @@ +# +# Licensed to the Apache Software Foundation (ASF) under one or more +# contributor license agreements. See the NOTICE file distributed with +# this work for additional information regarding copyright ownership. +# The ASF licenses this file to You under the Apache License, Version 2.0 +# (the "License"); you may not use this file except in compliance with +# the License. You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. +# + +name: Publish Helm Charts to OCI Registry + +on: + workflow_dispatch: + inputs: + solr-operator-chart-url: + description: 'URL to solr-operator Helm chart tarball (e.g., https://dist.apache.org/repos/dist/release/solr/solr-operator/v0.10.0/helm-charts/solr-operator-0.10.0.tgz)' + required: true + type: string + solr-chart-url: + description: 'URL to solr Helm chart tarball (e.g., https://dist.apache.org/repos/dist/release/solr/solr-operator/v0.10.0/helm-charts/solr-0.10.0.tgz)' + required: true + type: string + dry-run: + description: 'Dry run - download and verify charts but do not push to OCI registry' + required: false + type: boolean + default: false + +permissions: + contents: read + +jobs: + publish-oci: + name: Publish Helm Charts to OCI Registry + runs-on: ubuntu-latest + steps: + - name: Install Helm + uses: azure/setup-helm@v4 + with: + version: 'latest' + + - name: Login to Docker Hub + if: ${{ !inputs.dry-run }} + uses: docker/login-action@v3 + with: + username: ${{ secrets.DOCKERHUB_USER }} + password: ${{ secrets.DOCKERHUB_TOKEN }} + + - name: Validate Input URLs + run: | + # Validate URLs are from expected Apache dist domain + if [[ ! "${{ inputs.solr-operator-chart-url }}" =~ ^https://dist\.apache\.org/repos/dist/(release|dev)/solr/ ]]; then + echo "Error: solr-operator-chart-url must be from dist.apache.org" + exit 1 + fi + if [[ ! "${{ inputs.solr-chart-url }}" =~ ^https://dist\.apache\.org/repos/dist/(release|dev)/solr/ ]]; then + echo "Error: solr-chart-url must be from dist.apache.org" + exit 1 + fi + echo "✓ URLs validated" + + - name: Download Helm Charts + run: | + set -e + echo "Downloading solr-operator chart from: ${{ inputs.solr-operator-chart-url }}" + curl --fail --show-error --location --retry 3 --retry-delay 5 \ + -o solr-operator.tgz "${{ inputs.solr-operator-chart-url }}" + + echo "Downloading solr chart from: ${{ inputs.solr-chart-url }}" + curl --fail --show-error --location --retry 3 --retry-delay 5 \ + -o solr.tgz "${{ inputs.solr-chart-url }}" + + echo "Charts downloaded successfully:" + ls -lh *.tgz + + # Verify they are valid tar files + echo "Verifying chart integrity..." + tar -tzf solr-operator.tgz > /dev/null + tar -tzf solr.tgz > /dev/null + echo "✓ Charts are valid tarballs" + + - name: Download and Verify Checksums + run: | + set -e + echo "Downloading checksums..." + + # Download SHA512 checksums + curl --fail --show-error --location --retry 3 --retry-delay 5 \ + -o solr-operator.tgz.sha512 "${{ inputs.solr-operator-chart-url }}.sha512" + + curl --fail --show-error --location --retry 3 --retry-delay 5 \ + -o solr.tgz.sha512 "${{ inputs.solr-chart-url }}.sha512" + + echo "Checksums downloaded:" + ls -lh *.sha512 + + # Verify SHA512 checksums + echo "Verifying solr-operator chart checksum..." + sha512sum -c solr-operator.tgz.sha512 + echo "✓ solr-operator chart checksum verified" + + echo "Verifying solr chart checksum..." + sha512sum -c solr.tgz.sha512 + echo "✓ solr chart checksum verified" + + echo "" + echo "✅ All checksums verified successfully" + + - name: Extract Chart Versions + id: versions + run: | + # Extract version from solr-operator chart + OPERATOR_VERSION=$(tar -xzOf solr-operator.tgz solr-operator/Chart.yaml | grep '^version:' | awk '{print $2}') + echo "operator-version=${OPERATOR_VERSION}" >> $GITHUB_OUTPUT + echo "Solr Operator Chart Version: ${OPERATOR_VERSION}" + + # Extract version from solr chart + SOLR_VERSION=$(tar -xzOf solr.tgz solr/Chart.yaml | grep '^version:' | awk '{print $2}') + echo "solr-version=${SOLR_VERSION}" >> $GITHUB_OUTPUT + echo "Solr Chart Version: ${SOLR_VERSION}" + + - name: Push solr-operator chart to OCI registry + if: ${{ !inputs.dry-run }} + run: | + echo "Pushing solr-operator chart (version ${{ steps.versions.outputs.operator-version }}) to oci://docker.io/apache/solr-operator-chart" + helm push solr-operator.tgz oci://docker.io/apache/solr-operator-chart + echo "✓ solr-operator chart pushed successfully" + + - name: Push solr chart to OCI registry + if: ${{ !inputs.dry-run }} + run: | + echo "Pushing solr chart (version ${{ steps.versions.outputs.solr-version }}) to oci://docker.io/apache/solr-chart" + helm push solr.tgz oci://docker.io/apache/solr-chart Review Comment: The OCI registry path in the echo statement is incorrect. Based on the chart name in Chart.yaml, the correct path should be: `oci://docker.io/apache/solr-operator` The chart name comes from Chart.yaml and cannot be overridden with a different path suffix. ```suggestion echo "Pushing solr-operator chart (version ${{ steps.versions.outputs.operator-version }}) to oci://docker.io/apache/solr-operator" helm push solr-operator.tgz oci://docker.io/apache/solr-operator echo "✓ solr-operator chart pushed successfully" - name: Push solr chart to OCI registry if: ${{ !inputs.dry-run }} run: | echo "Pushing solr chart (version ${{ steps.versions.outputs.solr-version }}) to oci://docker.io/apache/solr" helm push solr.tgz oci://docker.io/apache/solr ``` ########## helm/solr-operator/README.md: ########## @@ -31,19 +31,34 @@ If you do not wish to use the Zookeeper Operator, set: - `zookeeper-operator.use: false` -### Adding the Solr Operator Helm Chart Repository -You should only need to add the solr operator helm chart repository once, by running the following command: +### Installing the Chart + +The Solr Operator Helm chart can be installed using either the OCI registry (recommended) or the traditional HTTPS repository. + +#### Installation via OCI Registry (Recommended) + +The Helm chart is available directly from Docker Hub as an OCI artifact, which provides a more reliable distribution mechanism and doesn't require adding a repository. ```bash -helm repo add apache-solr https://solr.apache.org/charts +# Install CRDs first +kubectl create -f https://solr.apache.org/operator/downloads/crds/v0.10.0-prerelease/all-with-dependencies.yaml + +# Install the Solr Operator from OCI registry +helm install solr-operator oci://docker.io/apache/solr-operator-chart --version 0.10.0-prerelease Review Comment: The OCI registry path is incorrect. Based on the chart name "solr-operator" in helm/solr-operator/Chart.yaml, the correct path should be: `helm install solr-operator oci://docker.io/apache/solr-operator --version 0.10.0-prerelease` The chart name comes from Chart.yaml and cannot be overridden with a different path suffix. ```suggestion helm install solr-operator oci://docker.io/apache/solr-operator --version 0.10.0-prerelease ``` ########## helm/solr-operator/README.md: ########## @@ -67,18 +88,20 @@ If you want to specify the namespace for the installation, use the `--namespace` All resources will be deployed to the given namespace. ```bash -helm install solr-operator apache-solr/solr-operator --namespace solr +helm install solr-operator oci://docker.io/apache/solr-operator-chart --version 0.10.0-prerelease --namespace solr ``` If you want to only watch that namespace, or others, then you will have to provide the `watchNamespaces` option. ```bash # Watch the namespace where the operator is deployed to (just pass the boolean true) -helm install solr-operator apache-solr/solr-operator --namespace solr --set watchNamespaces=true +helm install solr-operator oci://docker.io/apache/solr-operator-chart --version 0.10.0-prerelease --namespace solr --set watchNamespaces=true + # Watch a single namespace different than the one being deployed to -helm install solr-operator apache-solr/solr-operator --namespace solr --set watchNamespaces=other -# Watch multiple namespaces (commmas must be escaped in the set string) -helm install solr-operator apache-solr/solr-operator --namespace solr --set watchNamespaces="team1\,team2\,team3" +helm install solr-operator oci://docker.io/apache/solr-operator-chart --version 0.10.0-prerelease --namespace solr --set watchNamespaces=other Review Comment: The OCI registry path is incorrect. Based on the chart name "solr-operator" in helm/solr-operator/Chart.yaml, the correct path should be: `helm install solr-operator oci://docker.io/apache/solr-operator --version 0.10.0-prerelease --namespace solr --set watchNamespaces=other` The chart name comes from Chart.yaml and cannot be overridden with a different path suffix. ########## README.md: ########## @@ -54,8 +54,12 @@ Join us on the [#solr-operator](https://kubernetes.slack.com/messages/solr-opera Please visit the following pages for documentation on using and developing the Solr Operator: - [Local Tutorial](https://apache.github.io/solr-operator/docs/local_tutorial) -- [Helm Instructions via Artifact Hub](https://artifacthub.io/packages/helm/apache-solr/solr-operator) - - The released helm charts and their instructions should be used for all safe and stable deployments. +- **Helm Chart Installation** + - The Helm charts are available via OCI registry (recommended): + - **Solr Operator**: `helm install solr-operator oci://docker.io/apache/solr-operator-chart --version <VERSION>` + - **Solr Cloud**: `helm install solr oci://docker.io/apache/solr-chart --version <VERSION>` Review Comment: The OCI registry paths are incorrect. Based on the chart names in Chart.yaml files, the correct paths should be: - Solr Operator: `helm install solr-operator oci://docker.io/apache/solr-operator --version <VERSION>` - Solr Cloud: `helm install solr oci://docker.io/apache/solr --version <VERSION>` The chart names come from Chart.yaml and cannot be overridden with a different path suffix. ```suggestion - **Solr Operator**: `helm install solr-operator oci://docker.io/apache/solr-operator --version <VERSION>` - **Solr Cloud**: `helm install solr oci://docker.io/apache/solr --version <VERSION>` ``` ########## .github/workflows/publish-helm-oci.yaml: ########## @@ -0,0 +1,198 @@ +# +# Licensed to the Apache Software Foundation (ASF) under one or more +# contributor license agreements. See the NOTICE file distributed with +# this work for additional information regarding copyright ownership. +# The ASF licenses this file to You under the Apache License, Version 2.0 +# (the "License"); you may not use this file except in compliance with +# the License. You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. +# + +name: Publish Helm Charts to OCI Registry + +on: + workflow_dispatch: + inputs: + solr-operator-chart-url: + description: 'URL to solr-operator Helm chart tarball (e.g., https://dist.apache.org/repos/dist/release/solr/solr-operator/v0.10.0/helm-charts/solr-operator-0.10.0.tgz)' + required: true + type: string + solr-chart-url: + description: 'URL to solr Helm chart tarball (e.g., https://dist.apache.org/repos/dist/release/solr/solr-operator/v0.10.0/helm-charts/solr-0.10.0.tgz)' + required: true + type: string + dry-run: + description: 'Dry run - download and verify charts but do not push to OCI registry' + required: false + type: boolean + default: false + +permissions: + contents: read + +jobs: + publish-oci: + name: Publish Helm Charts to OCI Registry + runs-on: ubuntu-latest + steps: + - name: Install Helm + uses: azure/setup-helm@v4 + with: + version: 'latest' + + - name: Login to Docker Hub + if: ${{ !inputs.dry-run }} + uses: docker/login-action@v3 + with: + username: ${{ secrets.DOCKERHUB_USER }} + password: ${{ secrets.DOCKERHUB_TOKEN }} + + - name: Validate Input URLs + run: | + # Validate URLs are from expected Apache dist domain + if [[ ! "${{ inputs.solr-operator-chart-url }}" =~ ^https://dist\.apache\.org/repos/dist/(release|dev)/solr/ ]]; then + echo "Error: solr-operator-chart-url must be from dist.apache.org" + exit 1 + fi + if [[ ! "${{ inputs.solr-chart-url }}" =~ ^https://dist\.apache\.org/repos/dist/(release|dev)/solr/ ]]; then + echo "Error: solr-chart-url must be from dist.apache.org" + exit 1 + fi + echo "✓ URLs validated" + + - name: Download Helm Charts + run: | + set -e + echo "Downloading solr-operator chart from: ${{ inputs.solr-operator-chart-url }}" + curl --fail --show-error --location --retry 3 --retry-delay 5 \ + -o solr-operator.tgz "${{ inputs.solr-operator-chart-url }}" + + echo "Downloading solr chart from: ${{ inputs.solr-chart-url }}" + curl --fail --show-error --location --retry 3 --retry-delay 5 \ + -o solr.tgz "${{ inputs.solr-chart-url }}" + + echo "Charts downloaded successfully:" + ls -lh *.tgz + + # Verify they are valid tar files + echo "Verifying chart integrity..." + tar -tzf solr-operator.tgz > /dev/null + tar -tzf solr.tgz > /dev/null + echo "✓ Charts are valid tarballs" + + - name: Download and Verify Checksums + run: | + set -e + echo "Downloading checksums..." + + # Download SHA512 checksums + curl --fail --show-error --location --retry 3 --retry-delay 5 \ + -o solr-operator.tgz.sha512 "${{ inputs.solr-operator-chart-url }}.sha512" + + curl --fail --show-error --location --retry 3 --retry-delay 5 \ + -o solr.tgz.sha512 "${{ inputs.solr-chart-url }}.sha512" + + echo "Checksums downloaded:" + ls -lh *.sha512 + + # Verify SHA512 checksums + echo "Verifying solr-operator chart checksum..." + sha512sum -c solr-operator.tgz.sha512 + echo "✓ solr-operator chart checksum verified" + + echo "Verifying solr chart checksum..." + sha512sum -c solr.tgz.sha512 + echo "✓ solr chart checksum verified" + + echo "" + echo "✅ All checksums verified successfully" + + - name: Extract Chart Versions + id: versions + run: | + # Extract version from solr-operator chart + OPERATOR_VERSION=$(tar -xzOf solr-operator.tgz solr-operator/Chart.yaml | grep '^version:' | awk '{print $2}') + echo "operator-version=${OPERATOR_VERSION}" >> $GITHUB_OUTPUT + echo "Solr Operator Chart Version: ${OPERATOR_VERSION}" + + # Extract version from solr chart + SOLR_VERSION=$(tar -xzOf solr.tgz solr/Chart.yaml | grep '^version:' | awk '{print $2}') + echo "solr-version=${SOLR_VERSION}" >> $GITHUB_OUTPUT + echo "Solr Chart Version: ${SOLR_VERSION}" + + - name: Push solr-operator chart to OCI registry + if: ${{ !inputs.dry-run }} + run: | + echo "Pushing solr-operator chart (version ${{ steps.versions.outputs.operator-version }}) to oci://docker.io/apache/solr-operator-chart" + helm push solr-operator.tgz oci://docker.io/apache/solr-operator-chart + echo "✓ solr-operator chart pushed successfully" + + - name: Push solr chart to OCI registry + if: ${{ !inputs.dry-run }} + run: | + echo "Pushing solr chart (version ${{ steps.versions.outputs.solr-version }}) to oci://docker.io/apache/solr-chart" + helm push solr.tgz oci://docker.io/apache/solr-chart + echo "✓ solr chart pushed successfully" + + - name: Dry Run Summary + if: ${{ inputs.dry-run }} + run: | + echo "## 🧪 Dry Run Mode - No Charts Published" >> $GITHUB_STEP_SUMMARY + echo "" >> $GITHUB_STEP_SUMMARY + echo "### Validation Results" >> $GITHUB_STEP_SUMMARY + echo "- ✅ URLs validated from dist.apache.org" >> $GITHUB_STEP_SUMMARY + echo "- ✅ Charts downloaded successfully" >> $GITHUB_STEP_SUMMARY + echo "- ✅ Chart integrity verified (valid tarballs)" >> $GITHUB_STEP_SUMMARY + echo "- ✅ SHA512 checksums verified" >> $GITHUB_STEP_SUMMARY + echo "- ✅ Chart versions extracted" >> $GITHUB_STEP_SUMMARY + echo "" >> $GITHUB_STEP_SUMMARY + echo "### Chart Information" >> $GITHUB_STEP_SUMMARY + echo "- **Solr Operator Version**: \`${{ steps.versions.outputs.operator-version }}\`" >> $GITHUB_STEP_SUMMARY + echo "- **Solr Chart Version**: \`${{ steps.versions.outputs.solr-version }}\`" >> $GITHUB_STEP_SUMMARY + echo "" >> $GITHUB_STEP_SUMMARY + echo "### Next Steps" >> $GITHUB_STEP_SUMMARY + echo "Run this workflow again with **dry-run = false** to publish the charts to OCI registries." >> $GITHUB_STEP_SUMMARY + + - name: Verify Published Charts + if: ${{ !inputs.dry-run }} + run: | + echo "Verifying charts are accessible from OCI registry..." + + # Verify solr-operator chart + echo "Pulling solr-operator chart version ${{ steps.versions.outputs.operator-version }}..." + helm pull oci://docker.io/apache/solr-operator-chart --version ${{ steps.versions.outputs.operator-version }} + echo "✓ solr-operator chart verified" + + # Verify solr chart + echo "Pulling solr chart version ${{ steps.versions.outputs.solr-version }}..." + helm pull oci://docker.io/apache/solr-chart --version ${{ steps.versions.outputs.solr-version }} + echo "✓ solr chart verified" + + - name: Summary + if: ${{ success() && !inputs.dry-run }} + run: | + echo "## ✅ Successfully Published Helm Charts" >> $GITHUB_STEP_SUMMARY + echo "" >> $GITHUB_STEP_SUMMARY + echo "The following charts have been published to OCI registries:" >> $GITHUB_STEP_SUMMARY + echo "" >> $GITHUB_STEP_SUMMARY + echo "### Solr Operator Chart" >> $GITHUB_STEP_SUMMARY + echo "- **Registry**: \`oci://docker.io/apache/solr-operator-chart\`" >> $GITHUB_STEP_SUMMARY + echo "- **Version**: \`${{ steps.versions.outputs.operator-version }}\`" >> $GITHUB_STEP_SUMMARY + echo "- **Install**: \`helm install solr-operator oci://docker.io/apache/solr-operator-chart --version ${{ steps.versions.outputs.operator-version }}\`" >> $GITHUB_STEP_SUMMARY + echo "" >> $GITHUB_STEP_SUMMARY + echo "### Solr Chart" >> $GITHUB_STEP_SUMMARY + echo "- **Registry**: \`oci://docker.io/apache/solr-chart\`" >> $GITHUB_STEP_SUMMARY + echo "- **Version**: \`${{ steps.versions.outputs.solr-version }}\`" >> $GITHUB_STEP_SUMMARY + echo "- **Install**: \`helm install solr oci://docker.io/apache/solr-chart --version ${{ steps.versions.outputs.solr-version }}\`" >> $GITHUB_STEP_SUMMARY Review Comment: The OCI registry paths in the summary are incorrect. Based on the chart names in Chart.yaml files, the correct paths should be: - `oci://docker.io/apache/solr-operator` (not solr-operator-chart) - `oci://docker.io/apache/solr` (not solr-chart) The chart names come from Chart.yaml and cannot be overridden with a different path suffix when using helm push. ########## hack/release/wizard/releaseWizard.yaml: ########## @@ -1108,6 +1108,53 @@ groups: cmd: ./hack/release/upload/upload_helm.sh -g "{{ gpg_key | default("<gpg_key_id>", True) }}" -a "{{ gpg.apache_id | default("<apache_id>", True) }}" -c "{{ official_helm_charts_url }}" -r "{{ dist_release_url }}" logfile: upload_helm.log tee: true + - !Todo + id: publish_helm_charts_oci + title: Publish Helm charts to OCI registry (Docker Hub) + depends: publish_helm_charts + vars: + dist_release_url: https://dist.apache.org/repos/dist/release/solr/solr-operator/{{ release_version }} + solr_operator_chart_url: '{{ dist_release_url }}/helm-charts/solr-operator-{{ release_version[1:] }}.tgz' + solr_chart_url: '{{ dist_release_url }}/helm-charts/solr-{{ release_version[1:] }}.tgz' + workflow_url: https://github.com/apache/solr-operator/actions/workflows/publish-helm-oci.yaml + description: | + Publish the Helm charts to OCI registries on Docker Hub using the GitHub Actions workflow. + + This task publishes the voted Helm charts to OCI registries, making them available via: + - oci://docker.io/apache/solr-operator-chart + - oci://docker.io/apache/solr-chart Review Comment: The OCI registry paths referenced in the documentation are incorrect. Based on the chart names in Chart.yaml files, the correct paths should be: - `oci://docker.io/apache/solr-operator` (not solr-operator-chart) - `oci://docker.io/apache/solr` (not solr-chart) The chart names come from Chart.yaml and cannot be overridden with a different path suffix when using helm push. ########## .github/workflows/publish-helm-oci.yaml: ########## @@ -0,0 +1,198 @@ +# +# Licensed to the Apache Software Foundation (ASF) under one or more +# contributor license agreements. See the NOTICE file distributed with +# this work for additional information regarding copyright ownership. +# The ASF licenses this file to You under the Apache License, Version 2.0 +# (the "License"); you may not use this file except in compliance with +# the License. You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. +# + +name: Publish Helm Charts to OCI Registry + +on: + workflow_dispatch: + inputs: + solr-operator-chart-url: + description: 'URL to solr-operator Helm chart tarball (e.g., https://dist.apache.org/repos/dist/release/solr/solr-operator/v0.10.0/helm-charts/solr-operator-0.10.0.tgz)' + required: true + type: string + solr-chart-url: + description: 'URL to solr Helm chart tarball (e.g., https://dist.apache.org/repos/dist/release/solr/solr-operator/v0.10.0/helm-charts/solr-0.10.0.tgz)' + required: true + type: string + dry-run: + description: 'Dry run - download and verify charts but do not push to OCI registry' + required: false + type: boolean + default: false + +permissions: + contents: read + +jobs: + publish-oci: + name: Publish Helm Charts to OCI Registry + runs-on: ubuntu-latest + steps: + - name: Install Helm + uses: azure/setup-helm@v4 + with: + version: 'latest' + + - name: Login to Docker Hub + if: ${{ !inputs.dry-run }} + uses: docker/login-action@v3 + with: + username: ${{ secrets.DOCKERHUB_USER }} + password: ${{ secrets.DOCKERHUB_TOKEN }} + + - name: Validate Input URLs + run: | + # Validate URLs are from expected Apache dist domain + if [[ ! "${{ inputs.solr-operator-chart-url }}" =~ ^https://dist\.apache\.org/repos/dist/(release|dev)/solr/ ]]; then + echo "Error: solr-operator-chart-url must be from dist.apache.org" + exit 1 + fi + if [[ ! "${{ inputs.solr-chart-url }}" =~ ^https://dist\.apache\.org/repos/dist/(release|dev)/solr/ ]]; then + echo "Error: solr-chart-url must be from dist.apache.org" + exit 1 + fi + echo "✓ URLs validated" + + - name: Download Helm Charts + run: | + set -e + echo "Downloading solr-operator chart from: ${{ inputs.solr-operator-chart-url }}" + curl --fail --show-error --location --retry 3 --retry-delay 5 \ + -o solr-operator.tgz "${{ inputs.solr-operator-chart-url }}" + + echo "Downloading solr chart from: ${{ inputs.solr-chart-url }}" + curl --fail --show-error --location --retry 3 --retry-delay 5 \ + -o solr.tgz "${{ inputs.solr-chart-url }}" + + echo "Charts downloaded successfully:" + ls -lh *.tgz + + # Verify they are valid tar files + echo "Verifying chart integrity..." + tar -tzf solr-operator.tgz > /dev/null + tar -tzf solr.tgz > /dev/null + echo "✓ Charts are valid tarballs" + + - name: Download and Verify Checksums + run: | + set -e + echo "Downloading checksums..." + + # Download SHA512 checksums + curl --fail --show-error --location --retry 3 --retry-delay 5 \ + -o solr-operator.tgz.sha512 "${{ inputs.solr-operator-chart-url }}.sha512" + + curl --fail --show-error --location --retry 3 --retry-delay 5 \ + -o solr.tgz.sha512 "${{ inputs.solr-chart-url }}.sha512" + + echo "Checksums downloaded:" + ls -lh *.sha512 + + # Verify SHA512 checksums + echo "Verifying solr-operator chart checksum..." + sha512sum -c solr-operator.tgz.sha512 + echo "✓ solr-operator chart checksum verified" + + echo "Verifying solr chart checksum..." + sha512sum -c solr.tgz.sha512 + echo "✓ solr chart checksum verified" + + echo "" + echo "✅ All checksums verified successfully" + + - name: Extract Chart Versions + id: versions + run: | + # Extract version from solr-operator chart + OPERATOR_VERSION=$(tar -xzOf solr-operator.tgz solr-operator/Chart.yaml | grep '^version:' | awk '{print $2}') + echo "operator-version=${OPERATOR_VERSION}" >> $GITHUB_OUTPUT + echo "Solr Operator Chart Version: ${OPERATOR_VERSION}" + + # Extract version from solr chart + SOLR_VERSION=$(tar -xzOf solr.tgz solr/Chart.yaml | grep '^version:' | awk '{print $2}') + echo "solr-version=${SOLR_VERSION}" >> $GITHUB_OUTPUT + echo "Solr Chart Version: ${SOLR_VERSION}" + + - name: Push solr-operator chart to OCI registry + if: ${{ !inputs.dry-run }} + run: | + echo "Pushing solr-operator chart (version ${{ steps.versions.outputs.operator-version }}) to oci://docker.io/apache/solr-operator-chart" + helm push solr-operator.tgz oci://docker.io/apache/solr-operator-chart + echo "✓ solr-operator chart pushed successfully" + + - name: Push solr chart to OCI registry + if: ${{ !inputs.dry-run }} + run: | + echo "Pushing solr chart (version ${{ steps.versions.outputs.solr-version }}) to oci://docker.io/apache/solr-chart" + helm push solr.tgz oci://docker.io/apache/solr-chart Review Comment: The OCI registry path in the helm push command is incorrect. When using helm push with OCI registries, the chart name comes from the Chart.yaml file, not from the path. Since the chart is named "solr" in helm/solr/Chart.yaml, this command should be: `helm push solr.tgz oci://docker.io/apache` This will make the chart available at `oci://docker.io/apache/solr`, not `oci://docker.io/apache/solr-chart`. All references throughout the PR (in documentation and this workflow) should use `oci://docker.io/apache/solr` instead of `oci://docker.io/apache/solr-chart`. If you want the `-chart` suffix, you would need to rename the chart in Chart.yaml. -- This is an automated message from the Apache Git Service. To respond to the message, please log on to GitHub and use the URL above to go to the specific comment. To unsubscribe, e-mail: [email protected] For queries about this service, please contact Infrastructure at: [email protected] --------------------------------------------------------------------- To unsubscribe, e-mail: [email protected] For additional commands, e-mail: [email protected]
