Add mechanism to remove published extensions

.github/workflows/sync-extensions.yml

@@ -1,8 +1,10 @@
 name: Sync and Release Extensions
 
 on:
-  release:
-    types: [released]
+  # trigger for "Sync and Release Extension Catalog" job which is gated to a specific PR title
+  pull_request:
+    types: [closed]
+  # trigger for "Sync and Release Extensions" job
   push:
     branches:
       - main
@@ -16,7 +18,7 @@ env:
 
 jobs:
   sync:
-    if: github.repository_owner == 'rancher' && github.ref_type != 'tag'
+    if: github.repository_owner == 'rancher' && github.event.pull_request.merged != true
     name: Sync and Release Extensions
     runs-on: ubuntu-latest
     permissions: write-all
@@ -52,6 +54,8 @@ jobs:
           git push origin sync-${{ env.NOW }}
 
       - name: Create Pull Request
+        env:
+          GH_TOKEN: '${{ secrets.GITHUB_TOKEN }}'
         run: |
           # Create the PR using the GitHub CLI
           pr_number=$(gh pr create \
@@ -70,11 +74,6 @@ jobs:
 
           # Store the PR number as an output
           echo "PR_NUMBER=$pr_number" >> $GITHUB_ENV
-
-      - name: Merge Pull Request when approved
-        run: |
-          # Merge the PR using the GitHub CLI
-          gh pr merge ${{ env.PR_NUMBER }} --delete-branch --merge --repo ${{ github.repository }}
 
       - name: Run chart-releaser
         uses: helm/[email protected]
@@ -84,31 +83,55 @@ jobs:
           CR_TOKEN: '${{ secrets.GITHUB_TOKEN }}'
           CR_SKIP_EXISTING: true
   sync-catalogs:
-    if: github.repository_owner == 'rancher' && github.ref_type == 'tag'
+    if: github.repository_owner == 'rancher' && github.event.pull_request.merged == true
     name: Sync and Release Extension Catalog
     runs-on: ubuntu-latest
     permissions:
       actions: write
-      contents: read
+      contents: write
       packages: write
 
     steps:
+      - name: Check PR title
+        id: check_title
+        run: |
+          title="${{ github.event.pull_request.title }}"
+          if [[ "$title" == *"Create PR for extension sync"* ]]; then
+            echo "match=true" >> $GITHUB_OUTPUT
+          else
+            echo "match=false" >> $GITHUB_OUTPUT
+          fi
+
       - name: Checkout repository
+        if: steps.check_title.outputs.match == 'true'
         uses: actions/checkout@v4
 
       - name: Configure Git
+        if: steps.check_title.outputs.match == 'true'
         run: |
           git config user.name 'github-actions[bot]'
           git config user.email 'github-actions[bot]@users.noreply.github.com'
 
       - name: Login to Container Registry
+        if: steps.check_title.outputs.match == 'true'
         uses: docker/login-action@v2
         with:
           username: ${{ secrets.DOCKER_USERNAME }}
           password: ${{ secrets.DOCKER_PASSWORD }}
 
       - name: Sync Catalog Image with Registry
+        if: steps.check_title.outputs.match == 'true'
         id: sync_catalog_script
         run: |
           chmod +x ./scripts/bundle-catalog
-          ./scripts/bundle-catalog -t ${{ github.ref_name }}
+          ./scripts/bundle-catalog
+
+      - name: Create Release tag in repo
+        if: steps.check_title.outputs.match == 'true'
+        id: create-release-tag
+        run: |
+          gh release create ${{ steps.sync_catalog_script.outputs.GH_RELEASE_TAG }} \
+            --title "Release extensions catalog ${{ steps.sync_catalog_script.outputs.GH_RELEASE_TAG }}" \
+            --notes "Automated release from workflow: \n\n\n\n $(jq . manifest.json | less)"
+        env:
+          GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}

README.md

@@ -2,99 +2,18 @@
 
 This repository contains Helm charts for official UI Plugins (Extensions) from Rancher
 
-## Install
-
-### Air-gapped Rancher
-
-In order to have the `ui-plugin-charts` available in an air-gapped instance of Rancher manager, the [`ui-plugin-catalog`](https://hub.docker.com/r/rancher/ui-plugin-catalog/tags) image needs to accessible to the air-gapped node. After mirroring this image to a private registry, it can be deployed with an exposed service to target as a Helm repository.
-
-#### Steps
-
-1. Mirror the [`ui-plugin-catalog`](https://hub.docker.com/r/rancher/ui-plugin-catalog/tags) image into a private registry.
-
-```console
-export REGISTRY_ENDPOINT="my-private-registry.com"
-
-docker pull rancher/ui-plugin-catalog:1.0.0
-docker tag rancher/ui-plugin-catalog:1.0.0 $REGISTRY_ENDPOINT/rancher/ui-plugin-catalog:1.0.0
-docker push $REGISTRY_ENDPOINT/rancher/ui-plugin-catalog:1.0.0
-```
-
-2. Create a [Deployment](https://kubernetes.io/docs/concepts/workloads/controllers/deployment/) with the mirrored image.
-
-```yaml
-apiVersion: apps/v1
-kind: Deployment
-metadata:
-  name: ui-plugin-catalog
-  namespace: cattle-ui-plugin-system
-  labels:
-    catalog.cattle.io/ui-extensions-catalog-image: ui-plugin-catalog
-spec:
-  replicas: 1
-  selector:
-    matchLabels:
-      catalog.cattle.io/ui-extensions-catalog-image: ui-plugin-catalog
-  template:
-    metadata:
-      namespace: cattle-ui-plugin-system
-      labels:
-        catalog.cattle.io/ui-extensions-catalog-image: ui-plugin-catalog
-    spec:
-      containers:
-      - name: server
-        image: my-private-registry.com/rancher/ui-plugin-catalog:1.0.0
-        imagePullPolicy: Always
-      imagePullSecrets:
-        - name: my-registry-credentials
-```
-
-3. Create a [ClusterIP Service](https://kubernetes.io/docs/concepts/services-networking/service/#type-clusterip) to expose the Deployment.
-
-```yaml
-apiVersion: v1
-kind: Service
-metadata:
-  name: ui-plugin-catalog-svc
-  namespace: cattle-ui-plugin-system
-spec:
-  ports:
-    - name: catalog-svc-port
-      port: 8080
-      protocol: TCP
-      targetPort: 8080
-  selector:
-    catalog.cattle.io/ui-extensions-catalog-image: ui-plugin-catalog
-  type: ClusterIP
-```
-
-4. Create a [`ClusterRepo`](https://ranchermanager.docs.rancher.com/pages-for-subheaders/helm-charts-in-rancher) targeting the ClusterIP Service.
-
-```yaml
-apiVersion: catalog.cattle.io/v1
-kind: ClusterRepo
-metadata:
-  name: ui-plugin-catalog-repo
-spec:
-  url: http://ui-plugin-catalog-svc.cattle-ui-plugin-system:8080
-```
-
-After creation of these resources, the ui-plugin-charts listed in the manifest are now available to be installed within the air-gapped instance of Rancher Manager.
-
-## Contributing
-
-### Requirements
+## Requirements
 
 * Charts must be Helm 3 compatible.
 
 * Chart must be **published** in a **public Github** repository that we can reference.
 
-### Workflow
+## Workflow
 
-#### 1. Fork the [UI Plugin Charts](https://github.com/rancher/ui-plugin-charts) repository, clone your fork, checkout the **main** branch and pull the latest changes. 
+### 1. Fork the [UI Plugin Charts](https://github.com/rancher/ui-plugin-charts) repository, clone your fork, checkout the **main** branch and pull the latest changes. 
 Then create a new branch off of main
 
-#### 2. Update the `manifest.json` with your Extension metadata.
+### 2. Update the `manifest.json` with your Extension metadata.
 
 ```json
 {
@@ -112,22 +31,27 @@ Then create a new branch off of main
 }
 ```
 
-#### 3. Commit your changes
+### 3. Commit your changes
 ```bash
 git add manifest.json
 git commit -m "Submitting rancher/kubewarden-ui version 1.2.0"
 ```
 
-#### 4. Push your commit
+### 4. Push your commit
 ```bash
 git push origin <your_branch>
 ```
 
-#### 5. Open a pull request on the **main** branch
+### 5. Open a pull request on the **main** branch
+
+Once your pull request is approved and merged, an automated workflow will sync this repository with the build assets from the supplied repository within the `manifest.json` file and generate a PR with all the new files to update the Helm Chart, which will need review and approval
+
+### 6. Merging PR that updates Helm Chart
 
-Once your pull request is approved and merged, an automated workflow will sync this repository with the build assets from the supplied repository within the `manifest.json` file. When fully synced, a new release will be created and added to the [releases](https://github.com/rancher/ui-plugin-charts/releases) section. 
+Once the PR that updates Helm Chart is approved and merged, the Helm Chart in the `main` branch should be automatically updated. After this, a new automated workflow will run that 
+will release the extensions catalog (airgapped) and also create a release tag in the repository.
 
-### Configuration File
+## Configuration File
 
 Required properties for `manifest.json`
 | Property | Type | Description |

airgapped.md

@@ -0,0 +1,77 @@
+# Air-gapped Rancher
+
+In order to have the `ui-plugin-charts` available in an air-gapped instance of Rancher manager, the [`ui-plugin-catalog`](https://hub.docker.com/r/rancher/ui-plugin-catalog/tags) image needs to accessible to the air-gapped node. After mirroring this image to a private registry, it can be deployed with an exposed service to target as a Helm repository.
+
+## Steps
+
+1. Mirror the [`ui-plugin-catalog`](https://hub.docker.com/r/rancher/ui-plugin-catalog/tags) image into a private registry.
+
+```console
+export REGISTRY_ENDPOINT="my-private-registry.com"
+
+docker pull rancher/ui-plugin-catalog:1.0.0
+docker tag rancher/ui-plugin-catalog:1.0.0 $REGISTRY_ENDPOINT/rancher/ui-plugin-catalog:1.0.0
+docker push $REGISTRY_ENDPOINT/rancher/ui-plugin-catalog:1.0.0
+```
+
+2. Create a [Deployment](https://kubernetes.io/docs/concepts/workloads/controllers/deployment/) with the mirrored image.
+
+```yaml
+apiVersion: apps/v1
+kind: Deployment
+metadata:
+  name: ui-plugin-catalog
+  namespace: cattle-ui-plugin-system
+  labels:
+    catalog.cattle.io/ui-extensions-catalog-image: ui-plugin-catalog
+spec:
+  replicas: 1
+  selector:
+    matchLabels:
+      catalog.cattle.io/ui-extensions-catalog-image: ui-plugin-catalog
+  template:
+    metadata:
+      namespace: cattle-ui-plugin-system
+      labels:
+        catalog.cattle.io/ui-extensions-catalog-image: ui-plugin-catalog
+    spec:
+      containers:
+      - name: server
+        image: my-private-registry.com/rancher/ui-plugin-catalog:1.0.0
+        imagePullPolicy: Always
+      imagePullSecrets:
+        - name: my-registry-credentials
+```
+
+3. Create a [ClusterIP Service](https://kubernetes.io/docs/concepts/services-networking/service/#type-clusterip) to expose the Deployment.
+
+```yaml
+apiVersion: v1
+kind: Service
+metadata:
+  name: ui-plugin-catalog-svc
+  namespace: cattle-ui-plugin-system
+spec:
+  ports:
+    - name: catalog-svc-port
+      port: 8080
+      protocol: TCP
+      targetPort: 8080
+  selector:
+    catalog.cattle.io/ui-extensions-catalog-image: ui-plugin-catalog
+  type: ClusterIP
+```
+
+4. Create a [`ClusterRepo`](https://ranchermanager.docs.rancher.com/pages-for-subheaders/helm-charts-in-rancher) targeting the ClusterIP Service.
+
+```yaml
+apiVersion: catalog.cattle.io/v1
+kind: ClusterRepo
+metadata:
+  name: ui-plugin-catalog-repo
+spec:
+  url: http://ui-plugin-catalog-svc.cattle-ui-plugin-system:8080
+```
+
+After creation of these resources, the ui-plugin-charts listed in the manifest are now available to be installed within the air-gapped instance of Rancher Manager.
+

scripts/bundle-catalog

@@ -10,6 +10,7 @@ BOLD="\033[1m"
 NORMAL="\033[22m"
 CHECK="\xE2\x9C\x94"
 
+DOCKERHUB_REPO="rancher/ui-plugin-catalog"
 DEST_IMAGE_NAME="ui-plugin-catalog"
 DEST_TAG="latest"
 DEST_REGISTRY=""
@@ -171,6 +172,39 @@ do
   rm -rf ./tmp/${NAME}
 done
 
+# if no tag is passed, get the latest version from dockerhub and bump the minor version
+if [[ "${DEST_TAG}" == "latest" ]]; then
+  echo "No tag argument passed. Fetching tags for Docker Hub repo: $DOCKERHUB_REPO"
+
+  # Get latest semver tag
+  TAGS=$(curl -s "https://hub.docker.com/v2/repositories/${DOCKERHUB_REPO}/tags/?page_size=100" | jq -r '.results[].name')
+
+  LATEST_TAG=$(echo "$TAGS" \
+    | grep -v '^latest$' \
+    | grep -E '^[0-9]+\.[0-9]+(\.[0-9]+)?$' \
+    | sort -Vr \
+    | head -n 1)
+
+  if [[ -z "$LATEST_TAG" ]]; then
+    echo "No semantic version tags found."
+    exit 1
+  fi
+
+  echo "Latest tag: $LATEST_TAG"
+
+  # Extract version parts
+  IFS='.' read -r MAJOR MINOR PATCH <<< "$LATEST_TAG"
+
+  # Calculate next minor version
+  NEXT_MINOR=$((MINOR + 1))
+  NEXT_TAG="${MAJOR}.${NEXT_MINOR}.0"
+
+  echo "Next tag: $NEXT_TAG"
+  echo "GH_RELEASE_TAG=${NEXT_TAG}" >> $GITHUB_OUTPUT
+
+  DEST_TAG="${NEXT_TAG}"
+fi
+
 # ============================================
 # Bundle extension assets into catalog image
 # ============================================