-
Notifications
You must be signed in to change notification settings - Fork 291
93 lines (90 loc) · 2.9 KB
/
helm-publish.yaml
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
name: Helm Publish
on:
push:
branches:
- master
paths:
- 'stable/**'
workflow_dispatch:
env:
CHARTS_PATH: stable
REGISTRY: "ghcr.io/${{ github.repository }}"
jobs:
package-and-release:
permissions:
contents: write
packages: write
pull-requests: write
runs-on: ubuntu-latest
steps:
- name: Checkout
uses: actions/checkout@v4
- name: Install Helm
uses: azure/setup-helm@v4
with:
version: v3.16.4
- name: Import GPG key
id: import_gpg
uses: crazy-max/ghaction-import-gpg@v6
with:
gpg_private_key: ${{ secrets.GPG_PRIVATE_KEY }}
passphrase: ${{ secrets.GPG_PASSPHRASE }}
- name: Save GPG passphrase
run: |
cat << EOF > passphrase.txt
${{ secrets.GPG_PASSPHRASE }}
EOF
- name: Package Helm Charts
shell: bash
run: |
find ${CHARTS_PATH} -type f -name 'Chart.yaml' | sed -r 's|/[^/]+$||' | sort | uniq | xargs --verbose -L 1 helm dep up
for d in ${CHARTS_PATH}/*; do
if [[ ! -f "${d}/Chart.yaml" ]]; then
echo "${d}/Chart.yaml not found. Skipping."
continue
fi
echo "$d"
helm package --sign "$d" -u --key ${{ steps.import_gpg.outputs.name }} --passphrase-file passphrase.txt
done
rm passphrase.txt
echo "Packing done"
- name: Login to GitHub Container Registry
shell: bash
run: echo "${GITHUB_TOKEN}" | helm registry login ${REGISTRY} --username ${GITHUB_ACTOR} --password-stdin
env:
GITHUB_TOKEN: ${{ github.token }}
- name: Push Helm Charts to Github Container Registry as OCI packages
shell: bash
run: |
for f in *.tgz ; do
echo "$f"
helm push $f oci://${REGISTRY,,}
done
- name: Upload the Chart to Rekor
shell: bash
run: |
helm plugin install https://github.com/sigstore/helm-sigstore
for f in *.tgz ; do
echo "$f"
helm sigstore upload "$d"
done
- name: Generate Helm repo index.yaml
shell: bash
run: helm repo index . --merge index.yaml
- name: Update URLs in index.yaml with yq
uses: mikefarah/[email protected]
with:
cmd: yq eval -i '. |= .entries[][] |= .urls[0] = "oci://" + env(REGISTRY) + "/" + .name + ":" + .version' index.yaml
- name: Create Pull Request
id: cpr
uses: peter-evans/create-pull-request@v7
with:
commit-message: "Updating index.yaml for ${{ github.ref }}"
branch: update-index
delete-branch: true
title: "[stable/index] Updating index.yaml for ${{ github.ref }}"
add-paths: |
index.yaml
labels: |
index
automated pr