CLOUDP-277319: Added helm automation job #2

[igor-karpukhin]

✅ Test helm update

All Submissions:

• Have you signed our CLA?
• Put closes #XXXX in your comment to auto-close the issue that your PR fixes (if there is one).
• Update docs/release-notes/release-notes-template.md if your changes should be included in the release notes for the next release.

[s-urbaniak]

what does --always change in terms of VERSION generation?

[igor-karpukhin]

This makes sure that git always returns exit code 0. Without it, if will fail with "Nothing to describe" if there are no tags

[josvazg]

Does this finally work? I can't see a working run here:
https://github.com/mongodb/mongodb-atlas-kubernetes/actions/workflows/update-helm.yaml

[josvazg]

FYI, I created CLOUDP-278910 CI GH App token action consistent for a discussion

[igor-karpukhin]

@josvazg unfortunately it doesn't. But as you can see, I found a way to generate token inside the Github Action, instead of encoding the key with base64 and then calling a makefile

[igor-karpukhin]

Reopened as the workflow has been proved to be correct. The issue is with the credentials

[josvazg]

Does this actually work?

I fear there is no special permission to allow for a workflow in one repo to actually make a commit or PR on another repo. Instead, we will need to do this in 2 pieces:

• From the AKO repo we trigger a workflow in the helm-charts repo.
• The helm-charts repo workflow does the required update.
  This 2 pieces flow is currently working with our Github App, when releasing AKO we trigger a creation of a PR in the helm charts repo.

If cross referencing repos has not been proved to work using a test Github App, I would assume it does not work. Using user level credentials might allow cross repo changes, but GitHub Apps might not get the same privileges, specially on org owned accounts.

[igor-karpukhin]

If cross referencing repos has not been proved to work using a test Github App, I would assume it does not work

I can show you that it works in my two private repos

[josvazg]

If cross referencing repos has not been proved to work using a test Github App, I would assume it does not work

I can show you that it works in my two private repos

With a Github App key? what permissions did you add exactly to get that working?
Using user creds is not comparable.

[igor-karpukhin]

If cross referencing repos has not been proved to work using a test Github App, I would assume it does not work

I can show you that it works in my two private repos

With a Github App key? what permissions did you add exactly to get that working? Using user creds is not comparable.

Yes, with the Github App key. The app is installed in both repos and has permissions to create PRs in another repo. The workflow is the same. And it works. See the generated PR: igor-karpukhin/dotfiles#1 from the github actions job: https://github.com/igor-karpukhin/actions-test/blob/main/.github/workflows/createPR.yaml

[josvazg]

If cross referencing repos has not been proved to work using a test Github App, I would assume it does not work

I can show you that it works in my two private repos

With a Github App key? what permissions did you add exactly to get that working? Using user creds is not comparable.

Yes, with the Github App key. The app is installed in both repos and has permissions to create PRs in another repo. The workflow is the same. And it works. See the generated PR: igor-karpukhin/dotfiles#1 from the github actions job: https://github.com/igor-karpukhin/actions-test/blob/main/.github/workflows/createPR.yaml

Cannot access your repo. Can you share the Github App credential permissions set? I think we will need to show those particular details to the team provisioning our GitHub org permissions.

[josvazg]

✅ Test helm update
@s-urbaniak this is now working after updating permissions and commit e980c7a