Skip to content
Release Helm Charts

Merge pull request #14 from eitco/main #5

Sign in to view logs

Merge pull request #14 from eitco/main

Merge pull request #14 from eitco/main #5

Workflow file for this run

.github/workflows/helm-release.yaml at fe706b7
name: Release Helm Charts
on:
push:
branches:
- release
paths:
- '.github/workflows/helm-release.yml'
- 'charts/**'
jobs:
release:
runs-on: ubuntu-22.04
permissions:
contents: write
packages: write
id-token: write
steps:
- name: Checkout
uses: actions/[email protected]
with:
fetch-depth: 0
- name: Configure Git
run: |
git config user.name "$GITHUB_ACTOR"
git config user.email "[email protected]"
- name: Setup cosign
uses: sigstore/[email protected]
with:
cosign-release: v2.2.0
- name: Set up Helm
uses: azure/[email protected]
with:
version: v3.10.3
- name: Run chart-releaser
uses: helm/[email protected]
env:
CR_TOKEN: '${{ secrets.GH_PAT }}'
- name: Login to GitHub Container Registry
uses: docker/login-action@v3
with:
registry: ghcr.io
username: ${{ github.actor }}
password: ${{ secrets.GH_PAT }}
- name: Push charts to GHCR and sign
# when filling gaps with previously released charts, cr would create
# nothing in .cr-release-packages/, and the original globbing character
# would be preserved, causing a non-zero exit. Set nullglob to fix this
run: |
shopt -s nullglob
for pkg in .cr-release-packages/*; do
if [ -z "${pkg:-}" ]; then
break
fi
helm push "${pkg}" oci://ghcr.io/"${GITHUB_REPOSITORY_OWNER}"/helm-charts |& tee .digest
file="${pkg##*/}" # extracts file name from full directory path
name="${file%-*}" # extracts chart name from filename
digest="$(awk -F "[, ]+" '/Digest/{print $NF}' < .digest)"
cosign sign ghcr.io/"${GITHUB_REPOSITORY_OWNER}"/helm-charts/"${name}"@"${digest}"
done
env:
COSIGN_YES: true