public/helm-charts
1
0
Fork 0
mirror of https://github.com/bjw-s-labs/helm-charts.git synced 2025-07-03 08:37:03 +02:00
Code Issues Projects Releases Packages Wiki Activity
helm-charts/.github/workflows/charts-release-oci.yaml
Bernd Schorgers 86062681a9
feat: Bump common library to v3.4.0 (#349)
2024-08-27 14:47:25 +02:00

69 lines
2.6 KiB
YAML
Raw Blame History

name: "Charts: Release to GHCR OCI"
on:
workflow_call:
inputs:
charts:
description: >
Json encoded list of Helm charts to release.
Defaults to releasing everything.
default: "[]"
required: false
type: string
env:
HELM_VERSION: 3.11.2
CHARTS_SRC_DIR: "charts"
TARGET_REGISTRY: ghcr.io
jobs:
release-charts:
name: Release charts
runs-on: ubuntu-22.04
permissions:
contents: read
packages: write # needed for ghcr access
actions: read # for detecting the Github Actions environment.
id-token: write # for creating OIDC tokens for signing.
steps:
- name: Checkout chart sources
uses: actions/checkout@v4
with:
fetch-depth: 0
- name: Install Kubernetes tools
uses: yokawasa/action-setup-kube-tools@v0.11.1
with:
setup-tools: |
helmv3
helm: "${{ env.HELM_VERSION }}"
- name: Install Cosign
uses: sigstore/cosign-installer@v3.6.0
- name: Login to GitHub Container Registry
uses: docker/login-action@v3
with:
registry: ${{ env.TARGET_REGISTRY }}
username: ${{ github.actor }}
password: ${{ secrets.GITHUB_TOKEN }}
- name: Package & Push Helm Charts
shell: bash
run: |
CHARTS=( $(yq --null-input e '${{ inputs.charts }}[]' ) )
for CHART in "${CHARTS[@]}" ; do
mapfile -t CHART_PATH_PARTS < <(echo "$CHART" | tr '/' '\n')
CHART_TYPE=${CHART_PATH_PARTS[0]}
CHART_NAME=${CHART_PATH_PARTS[1]}
CHART_VERSION=$(yq e '.version' ${{ env.CHARTS_SRC_DIR }}/${CHART}/Chart.yaml)
helm package "${{ env.CHARTS_SRC_DIR }}/${CHART_TYPE}/${CHART_NAME}" --dependency-update --destination "${{ env.CHARTS_SRC_DIR }}/${CHART_TYPE}" --version "${CHART_VERSION}"
helm push "${{ env.CHARTS_SRC_DIR }}/${CHART_TYPE}/${CHART_NAME}-${CHART_VERSION}.tgz" oci://${{ env.TARGET_REGISTRY }}/${{ github.actor }}/helm &> push-metadata.txt
CHART_DIGEST=$(awk '/Digest: /{print $2}' push-metadata.txt)
cosign sign --yes "${{ env.TARGET_REGISTRY }}/${{ github.actor }}/helm/${CHART_NAME}:${CHART_VERSION}@${CHART_DIGEST}"
cosign verify "${{ env.TARGET_REGISTRY }}/${{ github.actor }}/helm/${CHART_NAME}:${CHART_VERSION}@${CHART_DIGEST}" \
--certificate-oidc-issuer "https://token.actions.githubusercontent.com" \
--certificate-identity "https://github.com/bjw-s/helm-charts/.github/workflows/charts-release-oci.yaml@refs/heads/main"
done
Reference in a new issue View git blame Copy permalink