Skip to content

Commit 76ecd18

Browse files
fstrgm42
andauthored
chore(deps): bump packdb appVersion to release-5.0.1-0.20260709071413.53735f172429 (#5)
## Summary Bump `appVersion` in `helm/Chart.yaml` to `release-5.0.1-0.20260709071413.53735f172429` — the build the engine/metadata `:latest` GHCR tags were just re-pointed to — regenerate the `helm/README.md` badge, and refresh the image-overrides example. > [!NOTE] > Opened automatically by packdb's `promote-ghcr-latest` workflow (weekly > Monday refresh or a manual promotion) right after it re-pointed the > engine/metadata `:latest` GHCR tags at this build, so `:latest` and this > repo's pinned tags move together. An unmerged PR is overwritten by the > next run. <!-- CURSOR_SUMMARY --> --- > [!NOTE] > **Low Risk** > Routine image pin and doc/README refresh; the workflow change only alters when the e2e suite runs, not chart runtime behavior. > > **Overview** > Bumps **`helm/Chart.yaml` `appVersion`** (and the **`helm/README.md`** badge) to **`release-5.0.1-0.20260709071413.53735f172429`**, aligning the chart’s default engine/metadata tags with the latest GHCR promotion. The **image-overrides** doc example uses the same tag pair. > > Refactors **`.github/workflows/helm-test.yaml`** so the **`helm-test` job always runs and reports** (required check): the detect job now exports a combined **`skip`** flag for docs-only PRs and **`release-please`** branches, and each heavy step no-ops when skipped instead of skipping the whole job with a job-level `if`. > > Regenerated **`helm/README.md`** values table also documents **`engineSpec.extraEnv`** and **`engineSpec.extraEnvFrom`** for custom S3 credential injection. > > <sup>Reviewed by [Cursor Bugbot](https://cursor.com/bugbot) for commit 8b1e74f. Bugbot is set up for automated code reviews on this repo. Configure [here](https://www.cursor.com/dashboard/bugbot).</sup> <!-- /CURSOR_SUMMARY --> --------- Co-authored-by: gm42 <16498973+gm42@users.noreply.github.com> Co-authored-by: Giuseppe Mazzotta <giuseppe@firebolt.io>
1 parent a9a8aa2 commit 76ecd18

4 files changed

Lines changed: 35 additions & 12 deletions

File tree

.github/workflows/helm-test.yaml

Lines changed: 29 additions & 8 deletions
Original file line numberDiff line numberDiff line change
@@ -30,7 +30,16 @@ jobs:
3030
permissions:
3131
contents: read
3232
outputs:
33-
docs_only: ${{ steps.detect.outputs.docs_only }}
33+
# helm-test is a required check, so the job must always run and report a
34+
# conclusion — a job-level `if` would leave branch protection waiting on
35+
# a check that never reports. The skip decision is exported here instead,
36+
# and every step in helm-test no-ops on it, so the check completes green
37+
# without the 45-minute kind run. Skipped cases:
38+
# - docs-only PRs (nothing the e2e suite covers changed);
39+
# - release-please's release PRs: they only bump Chart.yaml `version` +
40+
# CHANGELOG.md over templates that already passed e2e on the feature
41+
# PR, and a flake would needlessly block the release.
42+
skip: ${{ steps.detect.outputs.docs_only == 'true' || startsWith(github.head_ref, 'release-please') }}
3443
steps:
3544
- name: Determine whether the PR changed only docs
3645
id: detect
@@ -60,11 +69,10 @@ jobs:
6069
helm-test:
6170
name: helm-test (k8s ${{ matrix.k8s-version }})
6271
needs: detect
63-
# Skip release-please's release PRs: they only bump Chart.yaml `version` +
64-
# CHANGELOG.md over templates that already passed e2e on the feature PR, so
65-
# re-running the 45-minute kind suite adds no coverage and a flake there
66-
# would needlessly block the release.
67-
if: needs.detect.outputs.docs_only != 'true' && !startsWith(github.head_ref, 'release-please')
72+
# No job-level `if`: this is a required check, so it must always report.
73+
# When `needs.detect.outputs.skip` is true every step below no-ops and the
74+
# job succeeds immediately (see the `skip` output in `detect` for when and
75+
# why).
6876
runs-on: ubuntu-latest
6977
timeout-minutes: 45
7078
permissions:
@@ -81,7 +89,14 @@ jobs:
8189
- k8s-version: "1.35"
8290
node-image: "kindest/node:v1.35.0@sha256:452d707d4862f52530247495d180205e029056831160e22870e37e3f6c1ac31f"
8391
steps:
92+
- name: Explain the no-op
93+
if: needs.detect.outputs.skip == 'true'
94+
run: |
95+
echo "Docs-only or release-please PR — skipping the e2e suite and" \
96+
"reporting success so the required check passes."
97+
8498
- name: Free up disk space on the runner
99+
if: needs.detect.outputs.skip != 'true'
85100
run: |
86101
df -h /
87102
sudo rm -rf /usr/lib/jvm /usr/local/.ghcup /opt/ghc \
@@ -91,6 +106,7 @@ jobs:
91106
df -h /
92107
93108
- name: Raise memlock limit for kind nodes (engine io_uring)
109+
if: needs.detect.outputs.skip != 'true'
94110
run: |
95111
# The engine maps io_uring buffers and needs a high memlock limit.
96112
# Containers inherit it from the Docker daemon, so raise it there
@@ -112,11 +128,13 @@ jobs:
112128
sudo systemctl restart docker
113129
114130
- name: Checkout code
131+
if: needs.detect.outputs.skip != 'true'
115132
uses: actions/checkout@df4cb1c069e1874edd31b4311f1884172cec0e10 # v6.0.3
116133
with:
117134
persist-credentials: false
118135

119136
- name: Install kind
137+
if: needs.detect.outputs.skip != 'true'
120138
env:
121139
KIND_VERSION: v0.32.0
122140
run: |
@@ -127,6 +145,7 @@ jobs:
127145
kind version
128146
129147
- name: Set up Helm
148+
if: needs.detect.outputs.skip != 'true'
130149
uses: azure/setup-helm@dda3372f752e03dde6b3237bc9431cdc2f7a02a2 # v5.0.0
131150
with:
132151
# Stay on Helm v3 (see helm-validate.yaml for the rationale).
@@ -136,20 +155,22 @@ jobs:
136155
# While the engine/metadata packages are private, the host's docker pull
137156
# in load-e2e-images.sh needs GHCR auth or it 401s. Skipped once the
138157
# packages are public (GHCR_PACKAGES_PUBLIC=true) — anonymous pulls work.
139-
if: env.GHCR_PACKAGES_PUBLIC != 'true'
158+
if: needs.detect.outputs.skip != 'true' && env.GHCR_PACKAGES_PUBLIC != 'true'
140159
env:
141160
GHCR_USER: ${{ github.actor }}
142161
GHCR_TOKEN: ${{ github.token }}
143162
run: echo "${GHCR_TOKEN}" | docker login ghcr.io -u "${GHCR_USER}" --password-stdin
144163

145164
- name: Prepare kind cluster and load images
165+
if: needs.detect.outputs.skip != 'true'
146166
env:
147167
NODE_IMAGE: ${{ matrix.node-image }}
148168
run: make prepare-test-e2e
149169

150170
- name: Run quickstart end-to-end check
171+
if: needs.detect.outputs.skip != 'true'
151172
run: make helm-test
152173

153174
- name: Delete kind cluster
154-
if: always()
175+
if: always() && needs.detect.outputs.skip != 'true'
155176
run: make cleanup-test-e2e || true

docs/usage/image-overrides.mdx

Lines changed: 2 additions & 2 deletions
Original file line numberDiff line numberDiff line change
@@ -31,10 +31,10 @@ You can choose the smaller `release-` versions or use the `debug-` prefix which
3131
```yaml
3232
engineSpec:
3333
image:
34-
tag: release-4.32.0-pre.0.20260609145613.22a1ea4abadb
34+
tag: release-5.0.1-0.20260709071413.53735f172429
3535
metadata:
3636
image:
37-
tag: release-4.32.0-pre.0.20260609145613.22a1ea4abadb
37+
tag: release-5.0.1-0.20260709071413.53735f172429
3838
```
3939

4040
## Lockstep

helm/Chart.yaml

Lines changed: 1 addition & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -8,4 +8,4 @@ home: "https://github.com/firebolt-db/firebolt-instance-helm"
88
sources: ["https://github.com/firebolt-db/firebolt-instance-helm"]
99
version: 0.2.0
1010
# Bumped by upstream image-release automation.
11-
appVersion: "release-5.0.1-0.20260622084213.3ef06de4e9aa"
11+
appVersion: "release-5.0.1-0.20260709071413.53735f172429"

helm/README.md

Lines changed: 3 additions & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -1,6 +1,6 @@
11
# firebolt-instance
22

3-
![Version: 0.2.0](https://img.shields.io/badge/Version-0.2.0-informational?style=flat-square) ![Type: application](https://img.shields.io/badge/Type-application-informational?style=flat-square) ![AppVersion: release-5.0.1-0.20260622084213.3ef06de4e9aa](https://img.shields.io/badge/AppVersion-release--5.0.1--0.20260622084213.3ef06de4e9aa-informational?style=flat-square)
3+
![Version: 0.2.0](https://img.shields.io/badge/Version-0.2.0-informational?style=flat-square) ![Type: application](https://img.shields.io/badge/Type-application-informational?style=flat-square) ![AppVersion: release-5.0.1-0.20260709071413.53735f172429](https://img.shields.io/badge/AppVersion-release--5.0.1--0.20260709071413.53735f172429-informational?style=flat-square)
44

55
Firebolt Instance on Kubernetes — Envoy gateway, metadata, auth, and engines
66

@@ -34,6 +34,8 @@ Firebolt Instance on Kubernetes — Envoy gateway, metadata, auth, and engines
3434
| engineSpec.defaultStorage | object | {} | Default PVC storage spec for engines. `storageClassName` is intentionally absent — the cluster default storage class is used. Override here or per-engine to specify a class (e.g. `storageClassName: gp3`). |
3535
| engineSpec.defaultStorage.accessModes | list | `["ReadWriteOnce"]` | Access modes for the default PVC. |
3636
| engineSpec.defaultStorage.resources.requests.storage | string | `"100Gi"` | Default storage size for engine PVCs. |
37+
| engineSpec.extraEnv | list | [] | Extra environment variables for the engine container. Use this to inject AWS_ACCESS_KEY_ID / AWS_SECRET_ACCESS_KEY (for example via `valueFrom.secretKeyRef`) for a custom S3-compatible store (`managed_table_storage: s3` + `aws.endpoint`). |
38+
| engineSpec.extraEnvFrom | list | [] | Extra `envFrom` sources for the engine container. Use a `secretRef` to load a Secret holding AWS_ACCESS_KEY_ID / AWS_SECRET_ACCESS_KEY for a custom S3-compatible store. |
3739
| engineSpec.hostPathStorageEnabled | bool | `false` | When true, uses hostPath instead of PVC for engine data. |
3840
| engineSpec.image.pullPolicy | string | `"IfNotPresent"` | Image pull policy. |
3941
| engineSpec.image.repository | string | `"ghcr.io/firebolt-db/engine"` | Container repository for the Firebolt engine image. |

0 commit comments

Comments
 (0)