name: Release env: GPG_PRIVATE_KEY_FILE: ${{ runner.temp }}/private.key GPG_PRIVATE_KEY_FINGERPRINT: ${{ vars.GPG_PRIVATE_KEY_FINGERPRINT }} GPG_PRIVATE_KEY_PASSPHRASE_FILE: ${{ runner.temp }}/passphrase.txt on: push: tags: [ '**' ] jobs: publish-chart: runs-on: ubuntu-latest steps: - uses: azure/setup-helm@v4.3.1 with: version: "v4.0.1" # renovate: datasource=github-tags depName=helm/helm - name: Install helm plugins env: HELM_SIGSTORE_VERSION: "0.3.0" # renovate: datasource=github-tags depName=sigstore/helm-sigstore extractVersion='^v(?\d+\.\d+\.\d+)$' HELM_SCHEMA_VALUES_VERSION: "2.3.1" # renovate: datasource=github-tags depName=losisin/helm-values-schema-json extractVersion='^v(?\d+\.\d+\.\d+)$' HELM_UNITTEST_VERSION: "1.0.3" # renovate: datasource=github-tags depName=helm-unittest/helm-unittest extractVersion='^v(?\d+\.\d+\.\d+)$' run: | helm plugin install --verify=false https://github.com/sigstore/helm-sigstore.git --version "${HELM_SIGSTORE_VERSION}" 1> /dev/null helm plugin install --verify=false https://github.com/losisin/helm-values-schema-json.git --version "${HELM_SCHEMA_VALUES_VERSION}" 1> /dev/null helm plugin install --verify=false https://github.com/helm-unittest/helm-unittest.git --version "${HELM_UNITTEST_VERSION}" 1> /dev/null helm plugin list - name: GPG configuration env: GPG_PRIVATE_KEY_PASSPHRASE: ${{ secrets.GPGSIGN_PASSPHRASE }} GPG_PRIVATE_KEY: ${{ secrets.GPGSIGN_KEY }} run: | # Configure GPG and GPG Agent mkdir --parents "${HOME}/.gnupg" chmod 0700 "${HOME}/.gnupg" cat > "${HOME}/.gnupg/gpg.conf" < "${HOME}/.gnupg/gpg-agent.conf" < "${GPG_PRIVATE_KEY_PASSPHRASE_FILE}" <<< "${GPG_PRIVATE_KEY_PASSPHRASE}" cat 1> "${GPG_PRIVATE_KEY_FILE}" <<< "${GPG_PRIVATE_KEY}" gpg --batch --yes --passphrase-fd 0 --import "${GPG_PRIVATE_KEY_FILE}" <<< "${GPG_PRIVATE_KEY_PASSPHRASE}" # Export GPG keyring gpg --batch --yes --export "${GPG_PRIVATE_KEY_FINGERPRINT}" 1> "${HOME}/.gnupg/pubring.gpg" gpg --batch --yes --passphrase-fd 0 --export-secret-keys "${GPG_PRIVATE_KEY_FINGERPRINT}" 1> "${HOME}/.gnupg/secring.gpg" <<< "${GPG_PRIVATE_KEY_PASSPHRASE}" - uses: actions/checkout@v6.0.2 with: fetch-depth: 0 - name: Add Artifacthub.io annotations run: | NEW_TAG="$(git tag --sort=-version:refname | head --lines 1)" OLD_TAG="$(git tag --sort=-version:refname | head --lines 2 | tail --lines 1)" .gitea/scripts/add-annotations.sh "${OLD_TAG}" "${NEW_TAG}" - name: Extract meta information run: | echo "GITEA_SERVER_HOSTNAME=$(echo "${GITHUB_SERVER_URL}" | cut --delimiter '/' --fields 3)" >> $GITHUB_ENV echo "PACKAGE_VERSION=${GITHUB_REF#refs/tags/}" >> $GITHUB_ENV echo "REPOSITORY_NAME=$(echo ${GITHUB_REPOSITORY} | cut --delimiter '/' --fields 2)" >> $GITHUB_ENV echo "REPOSITORY_OWNER=$(echo ${GITHUB_REPOSITORY} | cut --delimiter '/' --fields 1)" >> $GITHUB_ENV - name: Package chart run: | helm dependency build helm package \ --sign \ --key "$(gpg --with-colons --list-keys "${GPG_PRIVATE_KEY_FINGERPRINT}" | grep uid | cut --delimiter ':' --fields 10)" \ --keyring "${HOME}/.gnupg/secring.gpg" \ --passphrase-file "${GPG_PRIVATE_KEY_PASSPHRASE_FILE}" \ --version "${PACKAGE_VERSION}" ./ - uses: docker/login-action@v3.7.0 with: username: ${{ secrets.DOCKER_IO_USERNAME }} password: ${{ secrets.DOCKER_IO_PASSWORD }} - name: Upload package as OCI artifact to docker.io env: DOCKER_IO_REPO_NAME: ${{ vars.DOCKER_IO_REPO_NAME }} run: | helm push *-${PACKAGE_VERSION}.tgz "oci://registry-1.docker.io/${DOCKER_IO_REPO_NAME}" - uses: docker/login-action@v3.7.0 with: registry: ${{ github.server_url }} username: ${{ secrets.GT_PACKAGE_REGISTRY_USERNAME }} password: ${{ secrets.GT_PACKAGE_REGISTRY_TOKEN }} - name: Upload package as OCI artifact to Gitea run: | helm push *-${PACKAGE_VERSION}.tgz "oci://${GITEA_SERVER_HOSTNAME}/${REPOSITORY_OWNER}/${REPOSITORY_NAME}" - name: Upload package as Helm chart to Gitea env: GITEA_REGISTRY_TOKEN: ${{ secrets.GT_PACKAGE_REGISTRY_TOKEN }} run: | for package in *"${PACKAGE_VERSION}.tgz"*; do curl \ --fail \ --show-error \ --request POST \ --user "${REPOSITORY_OWNER}:${GITEA_REGISTRY_TOKEN}" \ --upload-file "${package}" \ https://${GITEA_SERVER_HOSTNAME}/api/packages/${REPOSITORY_OWNER}/helm/api/charts done # - name: Build new index.yaml # run: | # mkdir gitea # curl \ # --fail \ # --header \ # --location \ # --output gitea/index.yaml \ # --show-error \ # --silent \ # https://dl.gitea.com/charts/index.yaml # helm repo index \ # --merge gitea/index.yaml \ # --url https://dl.gitea.com/charts \ # gitea/ # - uses: aws-actions/configure-aws-credentials@v6.0.0 # with: # aws-access-key-id: ${{ secrets.AWS_KEY_ID }} # aws-secret-access-key: ${{ secrets.AWS_SECRET_ACCESS_KEY }} # aws-region: ${{ secrets.AWS_REGION }} # - name: Upload package as Helm chart to AWS S3 # run: | # aws s3 sync gitea/ s3://${{ secrets.AWS_S3_BUCKET }}/charts/ publish-release-notes: needs: publish-chart runs-on: ubuntu-latest steps: - name: Install gitsv env: GITSV_VERSION: v2.0.9 # renovate: datasource=github-releases depName=thegeeklab/git-sv run: | curl \ --fail \ --location \ --output git-sv \ --output-dir /usr/local/bin \ --silent \ --show-error \ https://github.com/thegeeklab/git-sv/releases/download/${GITSV_VERSION}/git-sv-linux-$(dpkg --print-architecture) git-sv --version - uses: actions/checkout@v6.0.0 with: fetch-tags: true fetch-depth: 0 - name: Create changelog run: | git sv current-version git sv release-notes -t "${PACKAGE_VERSION}" -o CHANGELOG.md sed -i '1,2d' CHANGELOG.md cat CHANGELOG.md - name: Release uses: akkuman/gitea-release-action@v1.3.5 with: body_path: CHANGELOG.md token: "${{ secrets.RELEASE_TOKEN }}"