chore(repo): Auto-generate changelog per chart

[lusu007]

Fixes #32
Fixes #27

Additional Context

N/A

Checklist

• The chart version in Chart.yaml has been updated according to semantic versioning (semver).
• All variables are documented in the Chart's values.yaml and README.md files.
• The pull request title meets the Conventional Commits specification and includes the chart name, for example: feat(chart-name): Add replica support

[lusu007]

• Ensure only one Chart is updated in a PR
• Generate commit messages dynamically, reflecting only the modified files.
• Streamline the process of updating README.md, focusing solely on changes in a single Chart.
• Split into multiple Jobs

[meyfa]

Generate commit messages dynamically, reflecting only the modified files

I doubt this is needed. It can just be "docs(chart): Generate documentation" for example. No need to overcomplicate.

[meyfa]

The workflow is currently vulnerable to at least one practical attack. Please make sure that all user input is quoted and validated before being used in a shell.

[meyfa]

I've never seen this syntax before... What does the second $ do, and why are there no quotes surrounding - kind: feature etc?

[meyfa]

Additionally, if there was a quote in the PR title, it would need to be escaped. We might have to use a tool for that, since any backslash in the PR title would also need to be escaped, etc. In general, this can often lead to invalid YAML. Not a security risk, just something that could lead to broken commits.

[meyfa]

Additionally, if there was a quote in the PR title, it would need to be escaped. We might have to use a tool for that, since any backslash in the PR title would also need to be escaped, etc. In general, this can often lead to invalid YAML. Not a security risk, just something that could lead to broken commits.

[meyfa]

Wouldn't this work? (Besides generating invalid YAML if the PR title contains quotes or backslashes)

Suggested change

	if [[ $PR_TITLE == *"feat:"* ]]; then
	changes="$changes"$'\n' - kind: feature
	changes="$changes"$'\n' description: "${PR_TITLE#*: }"
	elif [[ "$PR_TITLE" == *"fix:"* ]]; then
	changes="$changes"$'\n' - kind: bugfix
	changes="$changes"$'\n' description: "${PR_TITLE#*: }"
	fi
	if [[ "$PR_TITLE" == "feat"* ]]; then
	changes=" - kind: feature\n description: \"${PR_TITLE#*: }\""
	elif [[ "$PR_TITLE" == "fix"* ]]; then
	changes=" - kind: bugfix\n description: \"${PR_TITLE#*: }\""
	fi

[meyfa]

I'm really not sure what this part is trying to do 😅 Why would we always append? Shouldn't we replace the annotations from the previous release? In any case, I don't think the current syntax achieves this - however, I'm struggling right now to come up with a good solution that is guaranteed not to break the YAML.

Maybe Bash isn't the right tool for the job, after all.

[meyfa]

This will get rid of any previous content in CHANGELOG.md, right? Usually, we would want the changelog to contain all versions ever released. This is also important e.g. if Renovate jumps over a version (such as updating from 1.2.0 straight to 1.4.0, in which case it should also have access to the 1.3.0 changelog).

[meyfa]

The previous workflow would not create a commit if the README.md was up-to-date. This workflow will create a commit on every run, even if README.md and CHANGELOG.md are unchanged. In the best case, this will fail since --allow-empty is not passed to git commit, but it may also trigger the dreaded infinite loop in CI.