publish-chart #123
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
--- | |
# This is a manually triggered workflow to package and upload the Helm chart from the | |
# main branch to Aqua Security repository at https://github.com/aquasecurity/helm-charts. | |
name: Publish Helm chart | |
on: | |
repository_dispatch: | |
types: [publish-chart] | |
paths: | |
- deploy/helm/Chart.yaml | |
env: | |
CR_PACKAGE_PATH: .cr-release-packages | |
HELM_REP: helm-charts | |
GH_OWNER: aquasecurity | |
CHART_DIR: deploy/helm | |
KIND_VERSION: v0.17.0 | |
KIND_IMAGE: kindest/node:v1.21.1@sha256:69860bda5563ac81e3c0057d654b5253219618a22ec3a346306239bba8cfa1a6 | |
jobs: | |
release: | |
# this job will only run if the PR has been merged | |
if: github.event.client_payload.action == 'chart-release' || github.event.client_payload.action == 'chart-and-app-release' | |
permissions: | |
contents: write # for peter-evans/repository-dispatch to create a repository dispatch event | |
packages: write # to push OCI chart package to GitHub Registry | |
runs-on: ubuntu-latest | |
steps: | |
- uses: actions/checkout@v4 | |
with: | |
fetch-depth: 0 | |
- name: Install Helm | |
uses: azure/setup-helm@fe7b79cd5ee1e45176fcad797de68ecaf3ca4814 # v4.2.0 | |
with: | |
version: v3.14.2 | |
- name: Set up python | |
uses: actions/setup-python@82c7e631bb3cdc910f68e0081d67478d79c6982d # v5.1.0 | |
with: | |
python-version: 3.7 | |
- name: Setup Chart Linting | |
id: lint | |
uses: helm/[email protected] | |
- name: Setup Kubernetes cluster (KIND) | |
uses: helm/[email protected] # v1.5.0 | |
with: | |
version: ${{ env.KIND_VERSION }} | |
node_image: ${{ env.KIND_IMAGE }} | |
- name: Run chart-testing | |
run: ct lint-and-install --validate-maintainers=false --charts deploy/helm | |
- name: Install chart-releaser | |
run: | | |
wget https://github.com/helm/chart-releaser/releases/download/v1.3.0/chart-releaser_1.3.0_linux_amd64.tar.gz | |
echo "baed2315a9bb799efb71d512c5198a2a3b8dcd139d7f22f878777cffcd649a37 chart-releaser_1.3.0_linux_amd64.tar.gz" | sha256sum -c - | |
tar xzvf chart-releaser_1.3.0_linux_amd64.tar.gz cr | |
- name: Package helm chart | |
run: | | |
./cr package ${{ env.CHART_DIR }} | |
# Classic helm repository with GitHub pages | |
- name: Upload helm chart | |
# Failed with upload the same version: https://github.com/helm/chart-releaser/issues/101 | |
continue-on-error: true | |
run: | | |
./cr upload -o ${{ env.GH_OWNER }} -r ${{ env.HELM_REP }} --token ${{ secrets.ORG_REPO_TOKEN }} | |
- name: Index helm chart | |
run: | | |
./cr index -o ${{ env.GH_OWNER }} -r ${{ env.HELM_REP }} -c https://${{ env.GH_OWNER }}.github.io/${{ env.HELM_REP }}/ -i index.yaml | |
- name: Push index file | |
uses: dmnemec/copy_file_to_another_repo_action@c93037aa10fa8893de271f19978c980d0c1a9b37 # v1.1.1 | |
env: | |
API_TOKEN_GITHUB: ${{ secrets.ORG_REPO_TOKEN }} | |
with: | |
source_file: "index.yaml" | |
destination_repo: "${{ env.GH_OWNER }}/${{ env.HELM_REP }}" | |
destination_folder: "." | |
destination_branch: "gh-pages" | |
user_email: [email protected] | |
user_name: "aqua-bot" | |
# OCI registry as helm repository (helm 3.8+) | |
- name: Login to GHCR | |
uses: docker/login-action@e92390c5fb421da1463c202d546fed0ec5c39f20 # v3.1.0 | |
with: | |
registry: ghcr.io | |
username: ${{ github.actor }} | |
password: ${{ secrets.GITHUB_TOKEN }} | |
- name: Push chart to GHCR | |
run: | | |
shopt -s nullglob | |
for pkg in ${{ env.CR_PACKAGE_PATH }}/*.tgz; do | |
if [ -z "${pkg:-}" ]; then | |
break | |
fi | |
helm push "${pkg}" oci://ghcr.io/${{ env.GH_OWNER }}/${{ env.HELM_REP }} | |
done | |
- name: Get latest tag | |
id: latest_tag | |
run: | | |
latest_tag=$(git describe --tags --abbrev=0) | |
echo "::set-output name=tag::$latest_tag" | |
- name: Repository Dispatch Publish docs | |
if: github.event.client_payload.action == 'chart-and-app-release' && !contains(steps.latest_tag.outputs.tag, 'rc') | |
uses: peter-evans/repository-dispatch@v3 | |
with: | |
token: ${{ secrets.GITHUB_TOKEN }} | |
event-type: publish-docs | |
client-payload: '{"action": "docs-release", "tag": "${{ steps.latest_tag.outputs.tag }}"}' |