fix(helm): Fix webhook target configurations (#535) #82
Workflow file for this run
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
name: release-chart | |
on: | |
push: | |
tags: | |
- 'policy-reporter-chart-v*' | |
jobs: | |
helm-chart: | |
runs-on: ubuntu-latest | |
permissions: | |
packages: write | |
contents: write | |
pages: write | |
id-token: write | |
steps: | |
- name: Checkout | |
uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2 | |
with: | |
fetch-depth: 0 | |
- name: Verify Helm Docs | |
run: | | |
set -e | |
make verify-helm-docs | |
- name: Configure Git | |
run: | | |
git config user.name "$GITHUB_ACTOR" | |
git config user.email "[email protected]" | |
- name: Install Helm | |
uses: azure/setup-helm@fe7b79cd5ee1e45176fcad797de68ecaf3ca4814 # v4.2.0 | |
with: | |
version: v3.16.1 | |
- name: Prepare GPG key | |
run: | | |
gpg_dir=.cr-gpg | |
mkdir "$gpg_dir" | |
keyring="$gpg_dir/secring.gpg" | |
base64 -d <<< "$GPG_KEYRING_BASE64" > "$keyring" | |
passphrase_file="$gpg_dir/passphrase" | |
echo "$GPG_PASSPHRASE" > "$passphrase_file" | |
echo "CR_PASSPHRASE_FILE=$passphrase_file" >> "$GITHUB_ENV" | |
echo "CR_KEYRING=$keyring" >> "$GITHUB_ENV" | |
env: | |
GPG_KEYRING_BASE64: "${{ secrets.GPG_KEYRING_BASE64 }}" #Referring secrets of github above | |
GPG_PASSPHRASE: "${{ secrets.GPG_PASSPHRASE }}" | |
- name: Run chart-releaser | |
uses: helm/chart-releaser-action@a917fd15b20e8b64b94d9158ad54cd6345335584 # v1.6.0 | |
id: cr | |
env: | |
CR_TOKEN: "${{ secrets.GITHUB_TOKEN }}" | |
CR_KEY: "${{ secrets.CR_KEY }}" | |
CR_SIGN: true | |
- name: Install Cosign | |
uses: sigstore/cosign-installer@dc72c7d5c4d10cd6bcb8cf6e3fd625a9e5e537da # v3.7.0 | |
- name: Login to Github Packages | |
uses: docker/login-action@9780b0c442fbb1117ed29e0efdff1e18412f7567 # v3.3.0 | |
with: | |
registry: ghcr.io | |
username: ${{ github.actor }} | |
password: ${{ secrets.GITHUB_TOKEN }} | |
- name: Set version | |
run: | | |
set -e | |
TAG=${{ github.ref_name }} | |
echo "VERSION=${TAG#policy-reporter-chart-v}" >> $GITHUB_ENV | |
- name: Push to OCI | |
run: | | |
set -e | |
output=$(helm push .cr-release-packages/policy-reporter-${{ env.VERSION }}.tgz oci://ghcr.io/${{github.repository_owner}}/charts 2>&1) | |
digest=$( echo "$output" | grep Digest | cut -c9-) | |
echo CR_DIGEST=$digest | |
echo "CR_DIGEST=$digest" >> "$GITHUB_ENV" | |
- name: Sign Chart | |
run: | | |
cosign sign --yes ghcr.io/${{github.repository_owner}}/charts/policy-reporter@${{ env.CR_DIGEST }} |