volker.raschek/helm-gitea
1
0
Fork 0
Code Issues 2 Pull Requests 5 Actions Packages Projects Releases Wiki Activity

fix(ci): adapt release workflow

Browse Source
This commit is contained in:
Markus Pesch
2026-02-15 18:43:33 +01:00
parent 5851fe7c4c
commit c96824da7f
1 changed files with 128 additions and 82 deletions
Download Patch File Download Diff File Expand all files Collapse all files

210
.gitea/workflows/release-version.yml
View File

@@ -1,109 +1,155 @@
name: generate-chart name: Release
env:
GPG_PRIVATE_KEY_FILE: ${{ runner.temp }}/private.key
GPG_PRIVATE_KEY_FINGERPRINT: ${{ vars.GPG_PRIVATE_KEY_FINGERPRINT }}
GPG_PRIVATE_KEY_PASSPHRASE_FILE: ${{ runner.temp }}/passphrase.txt
on: on:
push: push:
tags: [ '**' ] tags: [ '**' ]
jobs: jobs:
generate-chart-publish: publish-chart:
runs-on: ubuntu-latest runs-on: ubuntu-latest
steps: steps:
- uses: actions/checkout@v5.0.0 - uses: azure/setup-helm@v4.3.1
with:
version: "v4.0.1" # renovate: datasource=github-tags depName=helm/helm
- name: Install helm plugins
env:
HELM_SIGSTORE_VERSION: "0.3.0" # renovate: datasource=github-tags depName=sigstore/helm-sigstore extractVersion='^v(?<version>\d+\.\d+\.\d+)$'
HELM_SCHEMA_VALUES_VERSION: "2.3.1" # renovate: datasource=github-tags depName=losisin/helm-values-schema-json extractVersion='^v(?<version>\d+\.\d+\.\d+)$'
HELM_UNITTEST_VERSION: "1.0.3" # renovate: datasource=github-tags depName=helm-unittest/helm-unittest extractVersion='^v(?<version>\d+\.\d+\.\d+)$'
run: |
helm plugin install --verify=false https://github.com/sigstore/helm-sigstore.git --version "${HELM_SIGSTORE_VERSION}" 1> /dev/null
helm plugin install --verify=false https://github.com/losisin/helm-values-schema-json.git --version "${HELM_SCHEMA_VALUES_VERSION}" 1> /dev/null
helm plugin install --verify=false https://github.com/helm-unittest/helm-unittest.git --version "${HELM_UNITTEST_VERSION}" 1> /dev/null
helm plugin list
- name: GPG configuration
env:
GPG_PRIVATE_KEY_PASSPHRASE: ${{ secrets.GPGSIGN_PASSPHRASE }}
GPG_PRIVATE_KEY: ${{ secrets.GPGSIGN_KEY }}
run: |
# Configure GPG and GPG Agent
mkdir --parents "${HOME}/.gnupg"
chmod 0700 "${HOME}/.gnupg"
cat > "${HOME}/.gnupg/gpg.conf" <<EOF
use-agent
pinentry-mode loopback
EOF
cat > "${HOME}/.gnupg/gpg-agent.conf" <<EOF
allow-loopback-pinentry
max-cache-ttl 86400
default-cache-ttl 86400
EOF
gpgconf --kill gpg-agent
gpgconf --launch gpg-agent
# Import GPG private key
cat 1> "${GPG_PRIVATE_KEY_PASSPHRASE_FILE}" <<< "${GPG_PRIVATE_KEY_PASSPHRASE}"
cat 1> "${GPG_PRIVATE_KEY_FILE}" <<< "${GPG_PRIVATE_KEY}"
gpg --batch --yes --passphrase-fd 0 --import "${GPG_PRIVATE_KEY_FILE}" <<< "${GPG_PRIVATE_KEY_PASSPHRASE}"
# Export GPG keyring
gpg --batch --yes --export "${GPG_PRIVATE_KEY_FINGERPRINT}" 1> "${HOME}/.gnupg/pubring.gpg"
gpg --batch --yes --passphrase-fd 0 --export-secret-keys "${GPG_PRIVATE_KEY_FINGERPRINT}" 1> "${HOME}/.gnupg/secring.gpg" <<< "${GPG_PRIVATE_KEY_PASSPHRASE}"
- uses: actions/checkout@v6.0.2
with: with:
fetch-depth: 0 fetch-depth: 0
- name: Install packages via apt
run: |
apt update --yes
apt install --yes curl ca-certificates curl gnupg jq
- name: Install helm
env:
# renovate: datasource=docker depName=alpine/helm
HELM_VERSION: "3.18.6"
run: |
curl --fail --location --output /dev/stdout --silent --show-error https://get.helm.sh/helm-v${HELM_VERSION}-linux-$(dpkg --print-architecture).tar.gz | tar --extract --gzip --file /dev/stdin
mv linux-$(dpkg --print-architecture)/helm /usr/local/bin/
rm --force --recursive linux-$(dpkg --print-architecture) helm-v${HELM_VERSION}-linux-$(dpkg --print-architecture).tar.gz
helm version
- name: Install yq
env:
YQ_VERSION: v4.45.4 # renovate: datasource=github-releases depName=mikefarah/yq
run: |
curl --fail --location --output /dev/stdout --silent --show-error https://github.com/mikefarah/yq/releases/download/${YQ_VERSION}/yq_linux_$(dpkg --print-architecture).tar.gz | tar --extract --gzip --file /dev/stdin
mv yq_linux_$(dpkg --print-architecture) /usr/local/bin
rm --force --recursive yq_linux_$(dpkg --print-architecture) yq_linux_$(dpkg --print-architecture).tar.gz
yq --version
- name: Install docker-ce via apt
run: |
install -m 0755 -d /etc/apt/keyrings
curl --fail --location --silent --show-error https://download.docker.com/linux/ubuntu/gpg | gpg --dearmor -o /etc/apt/keyrings/docker.gpg
chmod a+r /etc/apt/keyrings/docker.gpg
echo "deb [arch="$(dpkg --print-architecture)" signed-by=/etc/apt/keyrings/docker.gpg] https://download.docker.com/linux/ubuntu "$(. /etc/os-release && echo "$VERSION_CODENAME")" stable" | tee /etc/apt/sources.list.d/docker.list > /dev/null
apt update --yes
apt install --yes python3 python3-pip apt-transport-https docker-ce-cli
- name: Install awscli
run: |
pip install awscli --break-system-packages
aws --version
- name: Import GPG key
id: import_gpg
uses: https://github.com/crazy-max/ghaction-import-gpg@v6
with:
gpg_private_key: ${{ secrets.GPGSIGN_KEY }}
passphrase: ${{ secrets.GPGSIGN_PASSPHRASE }}
fingerprint: CC64B1DB67ABBEECAB24B6455FC346329753F4B0
- name: Add Artifacthub.io annotations - name: Add Artifacthub.io annotations
run: | run: |
NEW_TAG="$(git tag --sort=-version:refname | head --lines 1)" NEW_TAG="$(git tag --sort=-version:refname | head --lines 1)"
OLD_TAG="$(git tag --sort=-version:refname | head --lines 2 | tail --lines 1)" OLD_TAG="$(git tag --sort=-version:refname | head --lines 2 | tail --lines 1)"
.gitea/scripts/add-annotations.sh "${OLD_TAG}" "${NEW_TAG}" .gitea/scripts/add-annotations.sh "${OLD_TAG}" "${NEW_TAG}"
- name: Print Chart.yaml on stdout - name: Extract meta information
run: cat Chart.yaml run: |
echo "GITEA_SERVER_HOSTNAME=$(echo "${GITHUB_SERVER_URL}" | cut --delimiter '/' --fields 3)" >> $GITHUB_ENV
# Using helm gpg plugin as 'helm package --sign' has issues with gpg2: https://github.com/helm/helm/issues/2843 echo "PACKAGE_VERSION=${GITHUB_REF#refs/tags/}" >> $GITHUB_ENV
- name: Package Helm chart echo "REPOSITORY_NAME=$(echo ${GITHUB_REPOSITORY} | cut --delimiter '/' --fields 2)" >> $GITHUB_ENV
echo "REPOSITORY_OWNER=$(echo ${GITHUB_REPOSITORY} | cut --delimiter '/' --fields 1)" >> $GITHUB_ENV
- name: Package chart
run: | run: |
echo ${{ secrets.DOCKER_CHARTS_PASSWORD }} | docker login -u ${{ secrets.DOCKER_CHARTS_USERNAME }} --password-stdin
# FIXME: use upstream after https://github.com/technosophos/helm-gpg/issues/1 is solved
helm plugin install https://github.com/pat-s/helm-gpg
helm dependency build helm dependency build
helm package --version "${GITHUB_REF#refs/tags/v}" ./ helm package \
mkdir gitea --sign \
mv gitea*.tgz gitea/ --key "$(gpg --with-colons --list-keys "${GPG_PRIVATE_KEY_FINGERPRINT}" | grep uid | cut --delimiter ':' --fields 10)" \
curl --fail --location --output gitea/index.yaml --silent --show-error https://dl.gitea.com/charts/index.yaml --keyring "${HOME}/.gnupg/secring.gpg" \
helm repo index gitea/ --url https://dl.gitea.com/charts --merge gitea/index.yaml --passphrase-file "${GPG_PRIVATE_KEY_PASSPHRASE_FILE}" \
# push to dockerhub --version "${PACKAGE_VERSION}" ./
echo ${{ secrets.DOCKER_CHARTS_PASSWORD }} | helm registry login -u ${{ secrets.DOCKER_CHARTS_USERNAME }} registry-1.docker.io --password-stdin
helm push gitea/gitea-${GITHUB_REF#refs/tags/v}.tgz oci://registry-1.docker.io/giteacharts
helm registry logout registry-1.docker.io
- name: Configure AWS credentials - uses: docker/login-action@v3.7.0
uses: https://github.com/aws-actions/configure-aws-credentials@v5
with: with:
aws-access-key-id: ${{ secrets.AWS_KEY_ID }} username: ${{ secrets.DOCKER_IO_USERNAME }}
aws-secret-access-key: ${{ secrets.AWS_SECRET_ACCESS_KEY }} password: ${{ secrets.DOCKER_IO_PASSWORD }}
aws-region: ${{ secrets.AWS_REGION }}
- name: Copy files to S3 and clear cache - name: Upload package as OCI artifact to docker.io
env:
DOCKER_IO_REPO_NAME: ${{ vars.DOCKER_IO_REPO_NAME }}
run: | run: |
aws s3 sync gitea/ s3://${{ secrets.AWS_S3_BUCKET}}/charts/ helm push ${REPOSITORY_NAME}-${PACKAGE_VERSION}.tgz "oci://registry-1.docker.io/${DOCKER_IO_REPO_NAME}"
release-gitea: # - uses: docker/login-action@v3.7.0
container: docker.io/thegeeklab/git-sv:2.0.5 # with:
needs: generate-chart-publish # registry: ${{ github.server_url }}
# username: ${{ secrets.GITEA_PACKAGE_REGISTRY_USERNAME }}
# password: ${{ secrets.GITEA_PACKAGE_REGISTRY_TOKEN }}
# - name: Build new index.yaml
# run: |
# mkdir gitea
# curl \
# --fail \
# --header \
# --location \
# --output gitea/index.yaml \
# --show-error \
# --silent \
# https://dl.gitea.com/charts/index.yaml
# helm repo index \
# --merge gitea/index.yaml \
# --url https://dl.gitea.com/charts \
# gitea/
# - uses: aws-actions/configure-aws-credentials@v6.0.0
# with:
# aws-access-key-id: ${{ secrets.AWS_KEY_ID }}
# aws-secret-access-key: ${{ secrets.AWS_SECRET_ACCESS_KEY }}
# aws-region: ${{ secrets.AWS_REGION }}
# - name: Upload package as Helm chart to AWS S3
# run: |
# aws s3 sync gitea/ s3://${{ secrets.AWS_S3_BUCKET }}/charts/
publish-release-notes:
needs: publish-chart
runs-on: ubuntu-latest runs-on: ubuntu-latest
steps: steps:
- name: Install packages via apt - name: Install gitsv
env:
GITSV_VERSION: v2.0.9 # renovate: datasource=github-releases depName=thegeeklab/git-sv
run: | run: |
apk add -q --update --no-cache nodejs curl \
- uses: actions/checkout@v5.0.0 --fail \
--location \
--output git-sv \
--output-dir /usr/local/bin \
--silent \
--show-error \
https://github.com/thegeeklab/git-sv/releases/download/${GITSV_VERSION}/git-sv-linux-$(dpkg --print-architecture)
git-sv --version
- uses: actions/checkout@v6.0.0
with: with:
fetch-tags: true fetch-tags: true
fetch-depth: 0 fetch-depth: 0
@@ -111,12 +157,12 @@ jobs:
- name: Create changelog - name: Create changelog
run: | run: |
git sv current-version git sv current-version
git sv release-notes -t ${GITHUB_REF#refs/tags/} -o CHANGELOG.md git sv release-notes -t "${PACKAGE_VERSION}" -o CHANGELOG.md
sed -i '1,2d' CHANGELOG.md # remove version sed -i '1,2d' CHANGELOG.md
cat CHANGELOG.md cat CHANGELOG.md
- name: Release - name: Release
uses: https://github.com/akkuman/gitea-release-action@v1 uses: akkuman/gitea-release-action@v1.3.5
with: with:
body_path: CHANGELOG.md body_path: CHANGELOG.md
token: "${{ secrets.RELEASE_TOKEN }}" token: "${{ secrets.RELEASE_TOKEN }}"