-
Notifications
You must be signed in to change notification settings - Fork 34
80 lines (69 loc) · 2.41 KB
/
common.release.yaml
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
name: "Charts: Release"
concurrency: helm-release
on:
workflow_dispatch:
push:
branches:
- main
paths:
- ".github/**"
- "library/**"
jobs:
release-charts:
runs-on: ubuntu-22.04
steps:
- name: Checkout
uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332 # v4
with:
token: ${{ secrets.BOT_TOKEN }}
ref: main
fetch-depth: 0
- name: Configure Git
run: |
git config user.name "TrueCharts-Bot"
git config user.email "[email protected]"
- name: Install Helm
uses: azure/setup-helm@fe7b79cd5ee1e45176fcad797de68ecaf3ca4814 # v4
with:
version: v3.14.4
# Optional step if GPG signing is used
- name: Prepare GPG key
run: |
gpg_dir=.cr-gpg
mkdir "$gpg_dir"
keyring="$gpg_dir/secring.gpg"
base64 -d <<< "$GPG_KEYRING_BASE64" > "$keyring"
passphrase_file="$gpg_dir/passphrase"
echo "$GPG_PASSPHRASE" > "$passphrase_file"
echo "CR_PASSPHRASE_FILE=$passphrase_file" >> "$GITHUB_ENV"
echo "CR_KEYRING=$keyring" >> "$GITHUB_ENV"
env:
GPG_KEYRING_BASE64: "${{ secrets.GPG_KEYRING_BASE64 }}"
GPG_PASSPHRASE: "${{ secrets.GPG_PASSPHRASE }}"
- name: Run chart-releaser
uses: helm/chart-releaser-action@a917fd15b20e8b64b94d9158ad54cd6345335584 # v1.6.0
with:
charts_dir: library
config: cr.yaml
env:
CR_TOKEN: "${{ secrets.BOT_TOKEN }}"
CR_SKIP_EXISTING: "true"
- name: Helm | Login
shell: bash
run: echo ${{ secrets.QUAY_SECRET }} | helm registry login -u ${{ secrets.QUAY_USER }} --password-stdin quay.io
- name: Push Charts to Quay
shell: bash
run: |
for pkg in .cr-release-packages/*.tgz; do
if [ -z "${pkg:-}" ]; then
break
fi
filename=$(basename "$pkg")
name="${filename%%-[0-9]*.[0-9]*.[0-9]*.tgz}"
echo "uploading $name"
helm push "${pkg}" oci://quay.io/truecharts || echo "failed to upload $pkg to OCI"
curl -X POST -H "Content-Type: application/json" -d '{"visibility": "public"}' -H "Authorization: Bearer ${{ secrets.QUAY_TOKEN }}" "https://quay.io/api/v1/repository/truecharts/$name/changevisibility" || echo "failed to set $pkg to public on OCI"
done
- name: Helm | Logout
shell: bash
run: helm registry logout quay.io