Skip to content

[stable/<all>] Updating all charts with more metadata, updating apiVe… #31

[stable/<all>] Updating all charts with more metadata, updating apiVe…

[stable/<all>] Updating all charts with more metadata, updating apiVe… #31

Workflow file for this run

name: Helm Publish
on:
push:
branches:
- master
paths:
- 'stable/**'
workflow_dispatch:
env:
CHARTS_PATH: stable
REGISTRY: "ghcr.io/${{ github.repository }}"
jobs:
package-and-release:
permissions:
contents: write
packages: write
pull-requests: write
runs-on: ubuntu-latest
steps:
- name: Checkout
uses: actions/checkout@v4
- name: Install Helm
uses: azure/setup-helm@v4
with:
version: v3.16.4
- name: Import GPG key
id: import_gpg
uses: crazy-max/ghaction-import-gpg@v6
with:
gpg_private_key: ${{ secrets.GPG_PRIVATE_KEY }}
passphrase: ${{ secrets.GPG_PASSPHRASE }}
- name: Save GPG passphrase and legacy keyring
run: |
cat << EOF > passphrase.txt
${{ secrets.GPG_PASSPHRASE }}
EOF
gpg -o ~/.gnupg/pubring.gpg --export ${{ steps.import_gpg.outputs.keyid }}
gpg --batch --pinentry-mode loopback --passphrase $(cat passphrase.txt) -o ~/.gnupg/secring.gpg --export-secret-keys ${{ steps.import_gpg.outputs.keyid }}
- name: Package Helm Charts
shell: bash
run: |
find ${CHARTS_PATH} -type f -name 'Chart.yaml' | sed -r 's|/[^/]+$||' | sort | uniq | xargs --verbose -L 1 helm dep up
for d in ${CHARTS_PATH}/*; do
if [[ ! -f "${d}/Chart.yaml" ]]; then
echo "${d}/Chart.yaml not found. Skipping."
continue
fi
echo "Packaging chart: $d"
helm package --sign "$d" -u --key "${{ steps.import_gpg.outputs.name }}" --passphrase-file passphrase.txt --keyring ~/.gnupg/secring.gpg
done
rm passphrase.txt
echo "Packing done"
- name: Login to GitHub Container Registry
shell: bash
run: echo "${GITHUB_TOKEN}" | helm registry login ${REGISTRY} --username ${GITHUB_ACTOR} --password-stdin
env:
GITHUB_TOKEN: ${{ github.token }}
- name: Push Helm Charts to Github Container Registry as OCI packages
shell: bash
run: |
for f in *.tgz ; do
echo "$f"
helm push $f oci://${REGISTRY,,}
done
- name: Upload the Chart to Rekor
shell: bash
run: |
helm plugin install https://github.com/sigstore/helm-sigstore
for f in *.tgz ; do
echo "Running sigstore upload for chart: $f"
helm sigstore upload "$f"
done
- name: Generate Helm repo index.yaml
shell: bash
run: helm repo index . --merge index.yaml
- name: Update URLs in index.yaml with yq
uses: mikefarah/[email protected]
with:
cmd: yq eval -i '. |= .entries[][] |= .urls[0] = "oci://" + env(REGISTRY) + "/" + .name + ":" + .version' index.yaml
- name: Create Pull Request
id: cpr
uses: peter-evans/create-pull-request@v7
with:
commit-message: "Updating index.yaml for ${{ github.ref }}"
branch: update-index
delete-branch: true
title: "[stable/index] Updating index.yaml for ${{ github.ref }}"
add-paths: |
index.yaml
labels: |
index
automated pr