feat(oci): add publishing of helm chart to oci repo

- fixes #182 - adds cosign keyless signing to actions Signed-off-by: Allen Conlon <[email protected]>
coredns · Jan 26, 2025 · 61be1c4 · 61be1c4
1 parent 7114b8c
commit 61be1c4
Show file tree

Hide file tree

Showing 3 changed files with 41 additions and 9 deletions.
diff --git a/.github/workflows/release.yaml b/.github/workflows/release.yaml
@@ -8,7 +8,20 @@ on:
 jobs:
   release:
     runs-on: ubuntu-latest
+    permissions:
+      contents: write # needed to pull git repo and create "chart-release"
+      id-token: write # needed for signing the images with GitHub OIDC Token
     steps:
+      - name: Install Cosign
+        uses: sigstore/[email protected]
+
+      - name: Login to GitHub Container Registry
+        uses: docker/[email protected]
+        with:
+          registry: ghcr.io
+          username: ${{ github.actor }}
+          password: ${{ secrets.GITHUB_TOKEN }}
+
       - name: Checkout
         uses: actions/checkout@v4
         with:
@@ -19,13 +32,20 @@ jobs:
           git config user.name "$GITHUB_ACTOR"
           git config user.email "[email protected]"
 
-
-      - name: Set up Helm
-        uses: azure/setup-helm@v4
-        with:
-          version: v3.13.1
-
       - name: Run chart-releaser
         uses: helm/[email protected]
         env:
           CR_TOKEN: "${{ secrets.GITHUB_TOKEN }}"
+
+      - name: Publish chart to ghcr.io
+        run: |
+          helm package charts/coredns
+          helm push coredns-*.tgz oci://ghcr.io/coredns/charts
+          rm -rf coredns-*.tgz
+
+      - name: Sign artifacts with Cosign
+        env:
+          COSIGN_EXPERIMENTAL: 1
+        working-directory: charts/coredns
+        run: |-
+          cosign sign ghcr.io/coredns/charts/coredns:$(yq .version Chart.yaml) --yes
diff --git a/charts/coredns/Chart.yaml b/charts/coredns/Chart.yaml
@@ -1,6 +1,6 @@
 apiVersion: v2
 name: coredns
-version: 1.37.3
+version: 1.38.0
 appVersion: 1.11.4
 home: https://coredns.io
 icon: https://coredns.io/images/CoreDNS_Colour_Horizontal.png
@@ -19,5 +19,7 @@ maintainers:
 type: application
 annotations:
   artifacthub.io/changes: |
-    - kind: fixed
-      description: Fix helm install when using docker inmutable tags
+    - kind: added
+      description: Adds publishing to github registry
+    - kind: added
+      description: Adds signing of helm chart
diff --git a/charts/coredns/README.md b/charts/coredns/README.md
@@ -34,6 +34,16 @@ The command deploys CoreDNS on the Kubernetes cluster in the default configurati
 
 > **Tip**: List all releases using `helm list --all-namespaces`
 
+## OCI installing
+
+The chart can also be installed using the following:
+
+```console
+$ helm --namespace=kube-system install coredns oci://ghcr.io/coredns/charts/coredns --version 1.38.0
+```
+
+The command deploys the `1.38.0` version of CoreDNS on the Kubernetes cluster in the default configuration.
+
 ## Uninstalling the Chart
 
 To uninstall/delete the `coredns` deployment: