volker.raschek/helm-gitea
1
0
Fork 0
Code Issues 2 Pull Requests 5 Actions Packages Projects Releases Wiki Activity

fix(ci): adapt release workflow

Browse Source
This commit is contained in:
Markus Pesch
2026-02-15 18:43:33 +01:00
parent 5851fe7c4c
commit c96824da7f
1 changed files with 128 additions and 82 deletions
Download Patch File Download Diff File Expand all files Collapse all files

210
.gitea/workflows/release-version.yml
View File

@@ -1,109 +1,155 @@
name: generate-chart
name: Release
env:
GPG_PRIVATE_KEY_FILE: ${{ runner.temp }}/private.key
GPG_PRIVATE_KEY_FINGERPRINT: ${{ vars.GPG_PRIVATE_KEY_FINGERPRINT }}
GPG_PRIVATE_KEY_PASSPHRASE_FILE: ${{ runner.temp }}/passphrase.txt
on:
push:
tags: [ '**' ]
jobs:
generate-chart-publish:
publish-chart:
runs-on: ubuntu-latest
steps:
- uses: actions/checkout@v5.0.0
- uses: azure/setup-helm@v4.3.1
with:
version: "v4.0.1" # renovate: datasource=github-tags depName=helm/helm
- name: Install helm plugins
env:
HELM_SIGSTORE_VERSION: "0.3.0" # renovate: datasource=github-tags depName=sigstore/helm-sigstore extractVersion='^v(?<version>\d+\.\d+\.\d+)$'
HELM_SCHEMA_VALUES_VERSION: "2.3.1" # renovate: datasource=github-tags depName=losisin/helm-values-schema-json extractVersion='^v(?<version>\d+\.\d+\.\d+)$'
HELM_UNITTEST_VERSION: "1.0.3" # renovate: datasource=github-tags depName=helm-unittest/helm-unittest extractVersion='^v(?<version>\d+\.\d+\.\d+)$'
run: |
helm plugin install --verify=false https://github.com/sigstore/helm-sigstore.git --version "${HELM_SIGSTORE_VERSION}" 1> /dev/null
helm plugin install --verify=false https://github.com/losisin/helm-values-schema-json.git --version "${HELM_SCHEMA_VALUES_VERSION}" 1> /dev/null
helm plugin install --verify=false https://github.com/helm-unittest/helm-unittest.git --version "${HELM_UNITTEST_VERSION}" 1> /dev/null
helm plugin list
- name: GPG configuration
env:
GPG_PRIVATE_KEY_PASSPHRASE: ${{ secrets.GPGSIGN_PASSPHRASE }}
GPG_PRIVATE_KEY: ${{ secrets.GPGSIGN_KEY }}
run: |
# Configure GPG and GPG Agent
mkdir --parents "${HOME}/.gnupg"
chmod 0700 "${HOME}/.gnupg"
cat > "${HOME}/.gnupg/gpg.conf" <<EOF
use-agent
pinentry-mode loopback
EOF
cat > "${HOME}/.gnupg/gpg-agent.conf" <<EOF
allow-loopback-pinentry
max-cache-ttl 86400
default-cache-ttl 86400
EOF
gpgconf --kill gpg-agent
gpgconf --launch gpg-agent
# Import GPG private key
cat 1> "${GPG_PRIVATE_KEY_PASSPHRASE_FILE}" <<< "${GPG_PRIVATE_KEY_PASSPHRASE}"
cat 1> "${GPG_PRIVATE_KEY_FILE}" <<< "${GPG_PRIVATE_KEY}"
gpg --batch --yes --passphrase-fd 0 --import "${GPG_PRIVATE_KEY_FILE}" <<< "${GPG_PRIVATE_KEY_PASSPHRASE}"
# Export GPG keyring
gpg --batch --yes --export "${GPG_PRIVATE_KEY_FINGERPRINT}" 1> "${HOME}/.gnupg/pubring.gpg"
gpg --batch --yes --passphrase-fd 0 --export-secret-keys "${GPG_PRIVATE_KEY_FINGERPRINT}" 1> "${HOME}/.gnupg/secring.gpg" <<< "${GPG_PRIVATE_KEY_PASSPHRASE}"
- uses: actions/checkout@v6.0.2
with:
fetch-depth: 0
- name: Install packages via apt
run: |
apt update --yes
apt install --yes curl ca-certificates curl gnupg jq
- name: Install helm
env:
# renovate: datasource=docker depName=alpine/helm
HELM_VERSION: "3.18.6"
run: |
curl --fail --location --output /dev/stdout --silent --show-error https://get.helm.sh/helm-v${HELM_VERSION}-linux-$(dpkg --print-architecture).tar.gz | tar --extract --gzip --file /dev/stdin
mv linux-$(dpkg --print-architecture)/helm /usr/local/bin/
rm --force --recursive linux-$(dpkg --print-architecture) helm-v${HELM_VERSION}-linux-$(dpkg --print-architecture).tar.gz
helm version
- name: Install yq
env:
YQ_VERSION: v4.45.4 # renovate: datasource=github-releases depName=mikefarah/yq
run: |
curl --fail --location --output /dev/stdout --silent --show-error https://github.com/mikefarah/yq/releases/download/${YQ_VERSION}/yq_linux_$(dpkg --print-architecture).tar.gz | tar --extract --gzip --file /dev/stdin
mv yq_linux_$(dpkg --print-architecture) /usr/local/bin
rm --force --recursive yq_linux_$(dpkg --print-architecture) yq_linux_$(dpkg --print-architecture).tar.gz
yq --version
- name: Install docker-ce via apt
run: |
install -m 0755 -d /etc/apt/keyrings
curl --fail --location --silent --show-error https://download.docker.com/linux/ubuntu/gpg | gpg --dearmor -o /etc/apt/keyrings/docker.gpg
chmod a+r /etc/apt/keyrings/docker.gpg
echo "deb [arch="$(dpkg --print-architecture)" signed-by=/etc/apt/keyrings/docker.gpg] https://download.docker.com/linux/ubuntu "$(. /etc/os-release && echo "$VERSION_CODENAME")" stable" | tee /etc/apt/sources.list.d/docker.list > /dev/null
apt update --yes
apt install --yes python3 python3-pip apt-transport-https docker-ce-cli
- name: Install awscli
run: |
pip install awscli --break-system-packages
aws --version
- name: Import GPG key
id: import_gpg
uses: https://github.com/crazy-max/ghaction-import-gpg@v6
with:
gpg_private_key: ${{ secrets.GPGSIGN_KEY }}
passphrase: ${{ secrets.GPGSIGN_PASSPHRASE }}
fingerprint: CC64B1DB67ABBEECAB24B6455FC346329753F4B0
- name: Add Artifacthub.io annotations
run: |
NEW_TAG="$(git tag --sort=-version:refname | head --lines 1)"
OLD_TAG="$(git tag --sort=-version:refname | head --lines 2 | tail --lines 1)"
.gitea/scripts/add-annotations.sh "${OLD_TAG}" "${NEW_TAG}"
- name: Print Chart.yaml on stdout
run: cat Chart.yaml
# Using helm gpg plugin as 'helm package --sign' has issues with gpg2: https://github.com/helm/helm/issues/2843
- name: Package Helm chart
- name: Extract meta information
run: |
echo "GITEA_SERVER_HOSTNAME=$(echo "${GITHUB_SERVER_URL}" | cut --delimiter '/' --fields 3)" >> $GITHUB_ENV
echo "PACKAGE_VERSION=${GITHUB_REF#refs/tags/}" >> $GITHUB_ENV
echo "REPOSITORY_NAME=$(echo ${GITHUB_REPOSITORY} | cut --delimiter '/' --fields 2)" >> $GITHUB_ENV
echo "REPOSITORY_OWNER=$(echo ${GITHUB_REPOSITORY} | cut --delimiter '/' --fields 1)" >> $GITHUB_ENV
- name: Package chart
run: |
echo ${{ secrets.DOCKER_CHARTS_PASSWORD }} | docker login -u ${{ secrets.DOCKER_CHARTS_USERNAME }} --password-stdin
# FIXME: use upstream after https://github.com/technosophos/helm-gpg/issues/1 is solved
helm plugin install https://github.com/pat-s/helm-gpg
helm dependency build
helm package --version "${GITHUB_REF#refs/tags/v}" ./
mkdir gitea
mv gitea*.tgz gitea/
curl --fail --location --output gitea/index.yaml --silent --show-error https://dl.gitea.com/charts/index.yaml
helm repo index gitea/ --url https://dl.gitea.com/charts --merge gitea/index.yaml
# push to dockerhub
echo ${{ secrets.DOCKER_CHARTS_PASSWORD }} | helm registry login -u ${{ secrets.DOCKER_CHARTS_USERNAME }} registry-1.docker.io --password-stdin
helm push gitea/gitea-${GITHUB_REF#refs/tags/v}.tgz oci://registry-1.docker.io/giteacharts
helm registry logout registry-1.docker.io
helm package \
--sign \
--key "$(gpg --with-colons --list-keys "${GPG_PRIVATE_KEY_FINGERPRINT}" | grep uid | cut --delimiter ':' --fields 10)" \
--keyring "${HOME}/.gnupg/secring.gpg" \
--passphrase-file "${GPG_PRIVATE_KEY_PASSPHRASE_FILE}" \
--version "${PACKAGE_VERSION}" ./
- name: Configure AWS credentials
uses: https://github.com/aws-actions/configure-aws-credentials@v5
- uses: docker/login-action@v3.7.0
with:
aws-access-key-id: ${{ secrets.AWS_KEY_ID }}
aws-secret-access-key: ${{ secrets.AWS_SECRET_ACCESS_KEY }}
aws-region: ${{ secrets.AWS_REGION }}
username: ${{ secrets.DOCKER_IO_USERNAME }}
password: ${{ secrets.DOCKER_IO_PASSWORD }}
- name: Copy files to S3 and clear cache
- name: Upload package as OCI artifact to docker.io
env:
DOCKER_IO_REPO_NAME: ${{ vars.DOCKER_IO_REPO_NAME }}
run: |
aws s3 sync gitea/ s3://${{ secrets.AWS_S3_BUCKET}}/charts/
helm push ${REPOSITORY_NAME}-${PACKAGE_VERSION}.tgz "oci://registry-1.docker.io/${DOCKER_IO_REPO_NAME}"
release-gitea:
container: docker.io/thegeeklab/git-sv:2.0.5
needs: generate-chart-publish
# - uses: docker/login-action@v3.7.0
# with:
# registry: ${{ github.server_url }}
# username: ${{ secrets.GITEA_PACKAGE_REGISTRY_USERNAME }}
# password: ${{ secrets.GITEA_PACKAGE_REGISTRY_TOKEN }}
# - name: Build new index.yaml
# run: |
# mkdir gitea
# curl \
# --fail \
# --header \
# --location \
# --output gitea/index.yaml \
# --show-error \
# --silent \
# https://dl.gitea.com/charts/index.yaml
# helm repo index \
# --merge gitea/index.yaml \
# --url https://dl.gitea.com/charts \
# gitea/
# - uses: aws-actions/configure-aws-credentials@v6.0.0
# with:
# aws-access-key-id: ${{ secrets.AWS_KEY_ID }}
# aws-secret-access-key: ${{ secrets.AWS_SECRET_ACCESS_KEY }}
# aws-region: ${{ secrets.AWS_REGION }}
# - name: Upload package as Helm chart to AWS S3
# run: |
# aws s3 sync gitea/ s3://${{ secrets.AWS_S3_BUCKET }}/charts/
publish-release-notes:
needs: publish-chart
runs-on: ubuntu-latest
steps:
- name: Install packages via apt
- name: Install gitsv
env:
GITSV_VERSION: v2.0.9 # renovate: datasource=github-releases depName=thegeeklab/git-sv
run: |
apk add -q --update --no-cache nodejs
- uses: actions/checkout@v5.0.0
curl \
--fail \
--location \
--output git-sv \
--output-dir /usr/local/bin \
--silent \
--show-error \
https://github.com/thegeeklab/git-sv/releases/download/${GITSV_VERSION}/git-sv-linux-$(dpkg --print-architecture)
git-sv --version
- uses: actions/checkout@v6.0.0
with:
fetch-tags: true
fetch-depth: 0
@@ -111,12 +157,12 @@ jobs:
- name: Create changelog
run: |
git sv current-version
git sv release-notes -t ${GITHUB_REF#refs/tags/} -o CHANGELOG.md
sed -i '1,2d' CHANGELOG.md # remove version
git sv release-notes -t "${PACKAGE_VERSION}" -o CHANGELOG.md
sed -i '1,2d' CHANGELOG.md
cat CHANGELOG.md
- name: Release
uses: https://github.com/akkuman/gitea-release-action@v1
uses: akkuman/gitea-release-action@v1.3.5
with:
body_path: CHANGELOG.md
token: "${{ secrets.RELEASE_TOKEN }}"