@@ -181,8 +181,10 @@ jobs:
181181 git config user.email "${GIT_USER_EMAIL}"
182182
183183name : Create feature branch
184+ env :
185+ BRANCH_NAME : ${{ steps.payload.outputs.branch_name }}
184186 run : |
185- git checkout -b "${{ steps.payload.outputs.branch_name } }"
187+ git checkout -b "${BRANCH_NAME }"
186188
187189name : Setup Go
188190 if : ${{ inputs.update_readme }}
@@ -193,8 +195,10 @@ jobs:
193195
194196 - name : Build scripts
195197 if : ${{ inputs.update_readme }}
198+ env :
199+ SCRIPTS_PATH : ${{ inputs.scripts_path }}
196200 run : |
197- cd ${{ inputs.scripts_path }} || exit 1
201+ cd "${SCRIPTS_PATH}" || exit 1
198202 go build -o update-readme-matrix update-readme-matrix.go
199203 go build -o update-chart-version-readme update-chart-version-readme.go
200204
@@ -203,9 +207,10 @@ jobs:
203207
204208 - name : Process all components
205209 id : process
210+ env :
211+ CHART : ${{ steps.payload.outputs.chart }}
212+ CHARTS_PATH : ${{ inputs.charts_path }}
206213 run : |
207- CHART="${{ steps.payload.outputs.chart }}"
208- CHARTS_PATH="${{ inputs.charts_path }}"
209214 VALUES_FILE="${CHARTS_PATH}/${CHART}/values.yaml"
210215 CHART_FILE="${CHARTS_PATH}/${CHART}/Chart.yaml"
211216 TEMPLATES_BASE="${CHARTS_PATH}/${CHART}/templates"
@@ -272,7 +277,7 @@ jobs:
272277 echo "Processing components for chart: $CHART"
273278
274279 # Process each component
275- for row in $(echo "$COMPONENTS" | jq -c '.[]') ; do
280+ while IFS= read -r row ; do
276281 COMP_NAME=$(echo "$row" | jq -r '.name')
277282 COMP_VERSION=$(echo "$row" | jq -r '.version')
278283 COMP_ENV_VARS=$(echo "$row" | jq -c '.env_vars // {}')
@@ -303,7 +308,7 @@ jobs:
303308 CONFIGMAP_FILE="${TEMPLATES_BASE}/${VALUES_KEY}/configmap.yaml"
304309 SECRET_FILE="${TEMPLATES_BASE}/${VALUES_KEY}/secret.yaml"
305310
306- echo "$COMP_ENV_VARS" | jq -r 'to_entries[] | "\(.key)=\(.value)"' | while IFS='=' read -r key value; do
311+ while IFS='=' read -r key value; do
307312 if [ -n "$key" ]; then
308313 # Escape values for safe sed insertion
309314 escaped_value=$(escape_sed "$value")
@@ -332,7 +337,7 @@ jobs:
332337 fi
333338 fi
334339 fi
335- done
340+ done < <(echo "$COMP_ENV_VARS" | jq -r 'to_entries[] | "\(.key)=\(.value)"')
336341 fi
337342
338343 # Build updated components list for commit message
@@ -341,7 +346,7 @@ jobs:
341346 else
342347 UPDATED_COMPONENTS="${COMP_NAME}@${COMP_VERSION}"
343348 fi
344- done
349+ done < <(echo "$COMPONENTS" | jq -c '.[]')
345350
346351 # Update appVersion with highest version among all components
347352 if [ -n "$HIGHEST_VERSION" ]; then
@@ -355,35 +360,37 @@ jobs:
355360
356361name : Update README matrix
357362 if : ${{ inputs.update_readme }}
363+ env :
364+ CHART : ${{ steps.payload.outputs.chart }}
365+ CHARTS_PATH : ${{ inputs.charts_path }}
366+ SCRIPTS_PATH : ${{ inputs.scripts_path }}
358367 run : |
359- CHART="${{ steps.payload.outputs.chart }}"
360- CHARTS_PATH="${{ inputs.charts_path }}"
361- SCRIPTS_PATH="${{ inputs.scripts_path }}"
362368 COMPONENTS=$(cat /tmp/components.json)
363369
364370 # Get current appVersion from Chart.yaml
365371 APP_VERSION=$(yq '.appVersion' "${CHARTS_PATH}/${CHART}/Chart.yaml")
366372
367373 # Update README for each component
368- for row in $(echo "$COMPONENTS" | jq -c '.[]') ; do
374+ while IFS= read -r row ; do
369375 COMP_NAME=$(echo "$row" | jq -r '.name')
370376 COMP_VERSION=$(echo "$row" | jq -r '.version')
371377
372378 echo "Updating README matrix for ${COMP_NAME}@${COMP_VERSION}"
373379
374- ./${SCRIPTS_PATH}/update-readme-matrix \
380+ " ./${SCRIPTS_PATH}/update-readme-matrix" \
375381 --chart "${CHART}" \
376382 --component "${COMP_NAME}" \
377383 --version "${COMP_VERSION}" \
378384 --app-version "${APP_VERSION}"
379- done
385+ done < <(echo "$COMPONENTS" | jq -c '.[]')
380386
381387name : Commit changes
382388 id : commit
389+ env :
390+ CHART : ${{ steps.payload.outputs.chart }}
391+ UPDATED_COMPONENTS : ${{ steps.process.outputs.updated_components }}
392+ HAS_NEW_ENV_VARS : ${{ steps.payload.outputs.has_new_env_vars }}
383393 run : |
384- CHART="${{ steps.payload.outputs.chart }}"
385- UPDATED_COMPONENTS="${{ steps.process.outputs.updated_components }}"
386- HAS_NEW_ENV_VARS="${{ steps.payload.outputs.has_new_env_vars }}"
387394
388395 git add -A
389396
@@ -414,12 +421,12 @@ jobs:
414421 if : steps.commit.outputs.has_changes == 'true'
415422 env :
416423 GH_TOKEN : ${{ steps.app-token.outputs.token }}
424+ CHART : ${{ steps.payload.outputs.chart }}
425+ BRANCH_NAME : ${{ steps.payload.outputs.branch_name }}
426+ BASE_BRANCH : ${{ inputs.base_branch }}
427+ HAS_NEW_ENV_VARS : ${{ steps.payload.outputs.has_new_env_vars }}
428+ UPDATED_COMPONENTS : ${{ steps.process.outputs.updated_components }}
417429 run : |
418- CHART="${{ steps.payload.outputs.chart }}"
419- BRANCH_NAME="${{ steps.payload.outputs.branch_name }}"
420- BASE_BRANCH="${{ inputs.base_branch }}"
421- HAS_NEW_ENV_VARS="${{ steps.payload.outputs.has_new_env_vars }}"
422- UPDATED_COMPONENTS="${{ steps.process.outputs.updated_components }}"
423430
424431 # Push the branch
425432 git push -u origin "${BRANCH_NAME}"
@@ -474,11 +481,11 @@ jobs:
474481name : Summary
475482 env :
476483 BASE_BRANCH : ${{ inputs.base_branch }}
484+ CHART : ${{ steps.payload.outputs.chart }}
485+ BRANCH_NAME : ${{ steps.payload.outputs.branch_name }}
486+ HAS_CHANGES : ${{ steps.commit.outputs.has_changes }}
477487 run : |
478488 COMPONENTS=$(cat /tmp/components.json)
479- CHART="${{ steps.payload.outputs.chart }}"
480- BRANCH_NAME="${{ steps.payload.outputs.branch_name }}"
481- HAS_CHANGES="${{ steps.commit.outputs.has_changes }}"
482489
483490 {
484491 echo "### Helm Chart Update Summary"
@@ -505,14 +512,22 @@ jobs:
505512
506513name : Send Slack notification
507514 if : ${{ inputs.slack_notification && steps.commit.outputs.has_changes == 'true' }}
515+ env :
516+ CHART : ${{ steps.payload.outputs.chart }}
517+ HAS_NEW_ENV_VARS : ${{ steps.payload.outputs.has_new_env_vars }}
518+ SOURCE_REF : ${{ steps.payload.outputs.source_ref }}
519+ SOURCE_REPO : ${{ steps.payload.outputs.source_repo }}
520+ SOURCE_ACTOR : ${{ steps.payload.outputs.source_actor }}
521+ SOURCE_SHA : ${{ steps.payload.outputs.source_sha }}
522+ PR_URL : ${{ steps.push-pr.outputs.pr_url }}
523+ WORKFLOW_URL : ${{ github.server_url }}/${{ github.repository }}/actions/runs/${{ github.run_id }}
524+ WORKFLOW_NUM : ${{ github.run_number }}
525+ BASE_BRANCH : ${{ inputs.base_branch }}
526+ MENTION_GROUP : ${{ inputs.slack_mention_group || secrets.SLACK_GROUP_DEVOPS_SRE }}
527+ SLACK_CHANNEL : ${{ inputs.slack_channel || secrets.SLACK_CHANNEL_DEVOPS }}
528+ SLACK_BOT_TOKEN : ${{ secrets.SLACK_BOT_TOKEN_HELM }}
529+ BOT_MENTION : ${{ inputs.slack_bot_mention || secrets.SLACK_BOT_SEVERINO }}
508530 run : |
509- CHART="${{ steps.payload.outputs.chart }}"
510- HAS_NEW_ENV_VARS="${{ steps.payload.outputs.has_new_env_vars }}"
511- SOURCE_REF="${{ steps.payload.outputs.source_ref }}"
512- SOURCE_REPO="${{ steps.payload.outputs.source_repo }}"
513- SOURCE_ACTOR="${{ steps.payload.outputs.source_actor }}"
514- SOURCE_SHA="${{ steps.payload.outputs.source_sha }}"
515- PR_URL="${{ steps.push-pr.outputs.pr_url }}"
516531 COMPONENTS=$(cat /tmp/components.json)
517532
518533 # Get appVersion (highest version)
@@ -527,12 +542,8 @@ jobs:
527542
528543 # Build metadata
529544 TIMESTAMP=$(date -u '+%Y-%m-%d %H:%M:%S UTC')
530- WORKFLOW_URL="${{ github.server_url }}/${{ github.repository }}/actions/runs/${{ github.run_id }}"
531- WORKFLOW_NUM="${{ github.run_number }}"
532- BASE_BRANCH="${{ inputs.base_branch }}"
533545
534- # Context with optional team mention (input takes precedence over org secret)
535- MENTION_GROUP="${{ inputs.slack_mention_group || secrets.SLACK_GROUP_DEVOPS_SRE }}"
546+ # Context with optional team mention (set via env)
536547 if [ -n "$MENTION_GROUP" ]; then
537548 CONTEXT_TEXT=":clock1: ${TIMESTAMP} | Workflow: <${WORKFLOW_URL}|#${WORKFLOW_NUM}> | cc: <!subteam^${MENTION_GROUP}>"
538549 else
@@ -545,8 +556,7 @@ jobs:
545556 {"type": "mrkdwn", "text": "*Version*"}
546557 ] + [.[] | {"type": "mrkdwn", "text": ("`" + .name + "`")}, {"type": "mrkdwn", "text": ("`" + .version + "`")}]')
547558
548- # Get channel (input takes precedence over org secret)
549- SLACK_CHANNEL="${{ inputs.slack_channel || secrets.SLACK_CHANNEL_DEVOPS }}"
559+ # Channel is set via env
550560
551561 # Build complete payload using jq
552562 SLACK_PAYLOAD=$(jq -n \
@@ -596,7 +606,7 @@ jobs:
596606
597607 # Send main notification to Slack via Bot API
598608 SLACK_RESPONSE=$(curl -s -X POST \
599- -H "Authorization: Bearer ${{ secrets.SLACK_BOT_TOKEN_HELM } }" \
609+ -H "Authorization: Bearer ${SLACK_BOT_TOKEN }" \
600610 -H "Content-type: application/json; charset=utf-8" \
601611 --data "$SLACK_PAYLOAD" \
602612 "https://slack.com/api/chat.postMessage")
@@ -610,15 +620,18 @@ jobs:
610620 fi
611621
612622 # Send separate message for Severino bot (Jira ticket creation)
613- # Input takes precedence over org secret
614- BOT_MENTION="${{ inputs.slack_bot_mention || secrets.SLACK_BOT_SEVERINO }}"
615623 if [ -n "$BOT_MENTION" ]; then
616624 SEVERINO_TEXT="<@${BOT_MENTION}> helm chart PR review | ${PR_URL} | Chart: ${CHART}"
617625
626+ SEVERINO_PAYLOAD=$(jq -n \
627+ --arg channel "${SLACK_CHANNEL}" \
628+ --arg text "${SEVERINO_TEXT}" \
629+ '{channel: $channel, text: $text}')
630+
618631 SEVERINO_RESPONSE=$(curl -s -X POST \
619- -H "Authorization: Bearer ${{ secrets.SLACK_BOT_TOKEN_HELM } }" \
632+ -H "Authorization: Bearer ${SLACK_BOT_TOKEN }" \
620633 -H "Content-type: application/json; charset=utf-8" \
621- --data "{\"channel\":\"${SLACK_CHANNEL}\",\"text\":\"${SEVERINO_TEXT}\"} " \
634+ --data "$SEVERINO_PAYLOAD " \
622635 "https://slack.com/api/chat.postMessage")
623636
624637 if echo "$SEVERINO_RESPONSE" | jq -e '.ok == true' > /dev/null; then
0 commit comments