You've already forked helm-gitea
Markus Pesch
3219f22a68
Some checks failed
Run Helm tests / Execute helm lint (push) Successful in 9s
Run Helm tests / Execute helm template (push) Successful in 17s
Run Helm tests / Execute helm unittest (push) Successful in 26s
Markdown linter / Execute npm run readme:lint (push) Successful in 8s
Markdown linter / Execute npm run readme:link (push) Successful in 35s
Markdown linter / Execute npm run readme:parameters (push) Successful in 9s
Release / publish-chart (push) Failing after 54s
Release / publish-release-notes (push) Has been skipped
174 lines
6.6 KiB
YAML
174 lines
6.6 KiB
YAML
name: Release
|
|
|
|
env:
|
|
GPG_PRIVATE_KEY_FILE: ${{ runner.temp }}/private.key
|
|
GPG_PRIVATE_KEY_FINGERPRINT: ${{ vars.GPG_PRIVATE_KEY_FINGERPRINT }}
|
|
GPG_PRIVATE_KEY_PASSPHRASE_FILE: ${{ runner.temp }}/passphrase.txt
|
|
|
|
on:
|
|
push:
|
|
tags: [ '**' ]
|
|
|
|
jobs:
|
|
publish-chart:
|
|
runs-on: ubuntu-latest
|
|
steps:
|
|
- uses: azure/setup-helm@v4.3.1
|
|
with:
|
|
version: "v4.0.1" # renovate: datasource=github-tags depName=helm/helm
|
|
|
|
- name: Install helm plugins
|
|
env:
|
|
HELM_SIGSTORE_VERSION: "0.3.0" # renovate: datasource=github-tags depName=sigstore/helm-sigstore extractVersion='^v(?<version>\d+\.\d+\.\d+)$'
|
|
HELM_SCHEMA_VALUES_VERSION: "2.3.1" # renovate: datasource=github-tags depName=losisin/helm-values-schema-json extractVersion='^v(?<version>\d+\.\d+\.\d+)$'
|
|
HELM_UNITTEST_VERSION: "1.0.3" # renovate: datasource=github-tags depName=helm-unittest/helm-unittest extractVersion='^v(?<version>\d+\.\d+\.\d+)$'
|
|
run: |
|
|
helm plugin install --verify=false https://github.com/sigstore/helm-sigstore.git --version "${HELM_SIGSTORE_VERSION}" 1> /dev/null
|
|
helm plugin install --verify=false https://github.com/losisin/helm-values-schema-json.git --version "${HELM_SCHEMA_VALUES_VERSION}" 1> /dev/null
|
|
helm plugin install --verify=false https://github.com/helm-unittest/helm-unittest.git --version "${HELM_UNITTEST_VERSION}" 1> /dev/null
|
|
helm plugin list
|
|
|
|
- name: GPG configuration
|
|
env:
|
|
GPG_PRIVATE_KEY_PASSPHRASE: ${{ secrets.GPGSIGN_PASSPHRASE }}
|
|
GPG_PRIVATE_KEY: ${{ secrets.GPGSIGN_KEY }}
|
|
run: |
|
|
# Configure GPG and GPG Agent
|
|
mkdir --parents "${HOME}/.gnupg"
|
|
chmod 0700 "${HOME}/.gnupg"
|
|
|
|
cat > "${HOME}/.gnupg/gpg.conf" <<EOF
|
|
use-agent
|
|
pinentry-mode loopback
|
|
EOF
|
|
|
|
cat > "${HOME}/.gnupg/gpg-agent.conf" <<EOF
|
|
allow-loopback-pinentry
|
|
max-cache-ttl 86400
|
|
default-cache-ttl 86400
|
|
EOF
|
|
|
|
gpgconf --kill gpg-agent
|
|
gpgconf --launch gpg-agent
|
|
|
|
# Import GPG private key
|
|
cat 1> "${GPG_PRIVATE_KEY_PASSPHRASE_FILE}" <<< "${GPG_PRIVATE_KEY_PASSPHRASE}"
|
|
cat 1> "${GPG_PRIVATE_KEY_FILE}" <<< "${GPG_PRIVATE_KEY}"
|
|
gpg --batch --yes --passphrase-fd 0 --import "${GPG_PRIVATE_KEY_FILE}" <<< "${GPG_PRIVATE_KEY_PASSPHRASE}"
|
|
|
|
# Export GPG keyring
|
|
gpg --batch --yes --export "${GPG_PRIVATE_KEY_FINGERPRINT}" 1> "${HOME}/.gnupg/pubring.gpg"
|
|
gpg --batch --yes --passphrase-fd 0 --export-secret-keys "${GPG_PRIVATE_KEY_FINGERPRINT}" 1> "${HOME}/.gnupg/secring.gpg" <<< "${GPG_PRIVATE_KEY_PASSPHRASE}"
|
|
|
|
- uses: actions/checkout@v6.0.2
|
|
with:
|
|
fetch-depth: 0
|
|
|
|
- name: Add Artifacthub.io annotations
|
|
run: |
|
|
NEW_TAG="$(git tag --sort=-version:refname | head --lines 1)"
|
|
OLD_TAG="$(git tag --sort=-version:refname | head --lines 2 | tail --lines 1)"
|
|
.gitea/scripts/add-annotations.sh "${OLD_TAG}" "${NEW_TAG}"
|
|
|
|
- name: Extract meta information
|
|
run: |
|
|
echo "GITEA_SERVER_HOSTNAME=$(echo "${GITHUB_SERVER_URL}" | cut --delimiter '/' --fields 3)" >> $GITHUB_ENV
|
|
echo "PACKAGE_VERSION=${GITHUB_REF#refs/tags/}" >> $GITHUB_ENV
|
|
echo "REPOSITORY_NAME=$(echo ${GITHUB_REPOSITORY} | cut --delimiter '/' --fields 2)" >> $GITHUB_ENV
|
|
echo "REPOSITORY_OWNER=$(echo ${GITHUB_REPOSITORY} | cut --delimiter '/' --fields 1)" >> $GITHUB_ENV
|
|
|
|
- name: Package chart
|
|
run: |
|
|
helm dependency build
|
|
helm package \
|
|
--sign \
|
|
--key "$(gpg --with-colons --list-keys "${GPG_PRIVATE_KEY_FINGERPRINT}" | grep uid | cut --delimiter ':' --fields 10)" \
|
|
--keyring "${HOME}/.gnupg/secring.gpg" \
|
|
--passphrase-file "${GPG_PRIVATE_KEY_PASSPHRASE_FILE}" \
|
|
--version "${PACKAGE_VERSION}" ./
|
|
|
|
- uses: docker/login-action@v3.7.0
|
|
with:
|
|
username: ${{ secrets.DOCKER_IO_USERNAME }}
|
|
password: ${{ secrets.DOCKER_IO_PASSWORD }}
|
|
|
|
- name: Upload package as OCI artifact to docker.io
|
|
env:
|
|
DOCKER_IO_REPO_NAME: ${{ vars.DOCKER_IO_REPO_NAME }}
|
|
run: |
|
|
helm push *-${PACKAGE_VERSION}.tgz "oci://registry-1.docker.io/${DOCKER_IO_REPO_NAME}"
|
|
|
|
- uses: docker/login-action@v3.7.0
|
|
with:
|
|
registry: ${{ github.server_url }}
|
|
username: ${{ secrets.GITEA_PACKAGE_REGISTRY_USERNAME }}
|
|
password: ${{ secrets.GITEA_PACKAGE_REGISTRY_TOKEN }}
|
|
|
|
- name: Upload package as OCI artifact to Gitea
|
|
run: |
|
|
helm push ${REPOSITORY_NAME}-${PACKAGE_VERSION}.tgz "oci://${GITEA_SERVER_HOSTNAME}/${REPOSITORY_OWNER}/${REPOSITORY_NAME}"
|
|
|
|
|
|
# - name: Build new index.yaml
|
|
# run: |
|
|
# mkdir gitea
|
|
# curl \
|
|
# --fail \
|
|
# --header \
|
|
# --location \
|
|
# --output gitea/index.yaml \
|
|
# --show-error \
|
|
# --silent \
|
|
# https://dl.gitea.com/charts/index.yaml
|
|
|
|
# helm repo index \
|
|
# --merge gitea/index.yaml \
|
|
# --url https://dl.gitea.com/charts \
|
|
# gitea/
|
|
|
|
# - uses: aws-actions/configure-aws-credentials@v6.0.0
|
|
# with:
|
|
# aws-access-key-id: ${{ secrets.AWS_KEY_ID }}
|
|
# aws-secret-access-key: ${{ secrets.AWS_SECRET_ACCESS_KEY }}
|
|
# aws-region: ${{ secrets.AWS_REGION }}
|
|
|
|
# - name: Upload package as Helm chart to AWS S3
|
|
# run: |
|
|
# aws s3 sync gitea/ s3://${{ secrets.AWS_S3_BUCKET }}/charts/
|
|
|
|
publish-release-notes:
|
|
needs: publish-chart
|
|
runs-on: ubuntu-latest
|
|
steps:
|
|
- name: Install gitsv
|
|
env:
|
|
GITSV_VERSION: v2.0.9 # renovate: datasource=github-releases depName=thegeeklab/git-sv
|
|
run: |
|
|
curl \
|
|
--fail \
|
|
--location \
|
|
--output git-sv \
|
|
--output-dir /usr/local/bin \
|
|
--silent \
|
|
--show-error \
|
|
https://github.com/thegeeklab/git-sv/releases/download/${GITSV_VERSION}/git-sv-linux-$(dpkg --print-architecture)
|
|
git-sv --version
|
|
|
|
- uses: actions/checkout@v6.0.0
|
|
with:
|
|
fetch-tags: true
|
|
fetch-depth: 0
|
|
|
|
- name: Create changelog
|
|
run: |
|
|
git sv current-version
|
|
git sv release-notes -t "${PACKAGE_VERSION}" -o CHANGELOG.md
|
|
sed -i '1,2d' CHANGELOG.md
|
|
cat CHANGELOG.md
|
|
|
|
- name: Release
|
|
uses: akkuman/gitea-release-action@v1.3.5
|
|
with:
|
|
body_path: CHANGELOG.md
|
|
token: "${{ secrets.RELEASE_TOKEN }}"
|