Skip to content

fix(helm): Fix webhook target configurations (#535) #82

fix(helm): Fix webhook target configurations (#535)

fix(helm): Fix webhook target configurations (#535) #82

Workflow file for this run

name: release-chart
on:
push:
tags:
- 'policy-reporter-chart-v*'
jobs:
helm-chart:
runs-on: ubuntu-latest
permissions:
packages: write
contents: write
pages: write
id-token: write
steps:
- name: Checkout
uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2
with:
fetch-depth: 0
- name: Verify Helm Docs
run: |
set -e
make verify-helm-docs
- name: Configure Git
run: |
git config user.name "$GITHUB_ACTOR"
git config user.email "[email protected]"
- name: Install Helm
uses: azure/setup-helm@fe7b79cd5ee1e45176fcad797de68ecaf3ca4814 # v4.2.0
with:
version: v3.16.1
- name: Prepare GPG key
run: |
gpg_dir=.cr-gpg
mkdir "$gpg_dir"
keyring="$gpg_dir/secring.gpg"
base64 -d <<< "$GPG_KEYRING_BASE64" > "$keyring"
passphrase_file="$gpg_dir/passphrase"
echo "$GPG_PASSPHRASE" > "$passphrase_file"
echo "CR_PASSPHRASE_FILE=$passphrase_file" >> "$GITHUB_ENV"
echo "CR_KEYRING=$keyring" >> "$GITHUB_ENV"
env:
GPG_KEYRING_BASE64: "${{ secrets.GPG_KEYRING_BASE64 }}" #Referring secrets of github above
GPG_PASSPHRASE: "${{ secrets.GPG_PASSPHRASE }}"
- name: Run chart-releaser
uses: helm/chart-releaser-action@a917fd15b20e8b64b94d9158ad54cd6345335584 # v1.6.0
id: cr
env:
CR_TOKEN: "${{ secrets.GITHUB_TOKEN }}"
CR_KEY: "${{ secrets.CR_KEY }}"
CR_SIGN: true
- name: Install Cosign
uses: sigstore/cosign-installer@dc72c7d5c4d10cd6bcb8cf6e3fd625a9e5e537da # v3.7.0
- name: Login to Github Packages
uses: docker/login-action@9780b0c442fbb1117ed29e0efdff1e18412f7567 # v3.3.0
with:
registry: ghcr.io
username: ${{ github.actor }}
password: ${{ secrets.GITHUB_TOKEN }}
- name: Set version
run: |
set -e
TAG=${{ github.ref_name }}
echo "VERSION=${TAG#policy-reporter-chart-v}" >> $GITHUB_ENV
- name: Push to OCI
run: |
set -e
output=$(helm push .cr-release-packages/policy-reporter-${{ env.VERSION }}.tgz oci://ghcr.io/${{github.repository_owner}}/charts 2>&1)
digest=$( echo "$output" | grep Digest | cut -c9-)
echo CR_DIGEST=$digest
echo "CR_DIGEST=$digest" >> "$GITHUB_ENV"
- name: Sign Chart
run: |
cosign sign --yes ghcr.io/${{github.repository_owner}}/charts/policy-reporter@${{ env.CR_DIGEST }}