feat: support OCI

.gitea/workflows/helm.yaml

@@ -17,7 +17,7 @@ jobs:
     - uses: actions/checkout@v6.0.2
     - uses: azure/setup-helm@v4.3.1
       with:
-        version: v4.0.1 # renovate: datasource=github-releases depName=helm/helm
+        version: "v4.0.1" # renovate: datasource=github-tags depName=helm/helm
     - name: Lint helm files
       run: |
         helm lint --values values.yaml .
@@ -28,7 +28,7 @@ jobs:
     - uses: actions/checkout@v6.0.2
     - uses: azure/setup-helm@v4.3.1
       with:
-        version: v4.0.1 # renovate: datasource=github-releases depName=helm/helm
+        version: "v4.0.1" # renovate: datasource=github-tags depName=helm/helm
     - env:
         HELM_UNITTEST_VERSION: v1.0.0 #renovate: datasource=github-releases depName=helm-unittest/helm-unittest
       name: Install helm-unittest

.gitea/workflows/release.yaml

@@ -7,14 +7,26 @@ on:
 
 jobs:
   publish-chart:
-    container:
-      image: docker.io/volkerraschek/helm:3.19.2
     runs-on: ubuntu-latest
     steps:
-      - name: Install packages via apk
+      - uses: sigstore/cosign-installer@v4.0.0
+        with:
+          cosign-release: "v2.6.2" # renovate: datasource=github-tags depName=sigstore/cosign
+
+      - uses: azure/setup-helm@v4.3.1
+        with:
+          version: "v4.0.1" # renovate: datasource=github-tags depName=helm/helm
+
+      - name: Install helm plugins
+        env:
+          HELM_SIGSTORE_VERSION: "0.3.0" # renovate: datasource=github-tags depName=sigstore/helm-sigstore extractVersion='^v(?<version>\d+\.\d+\.\d+)$'
+          HELM_SCHEMA_VALUES_VERSION: "2.3.1" # renovate: datasource=github-tags depName=losisin/helm-values-schema-json extractVersion='^v(?<version>\d+\.\d+\.\d+)$'
+          HELM_UNITTEST_VERSION: "1.0.3" # renovate: datasource=github-tags depName=helm-unittest/helm-unittest extractVersion='^v(?<version>\d+\.\d+\.\d+)$'
         run: |
-          apk update
-          apk add git npm jq yq
+          helm plugin install --verify=false https://github.com/sigstore/helm-sigstore.git --version "${HELM_SIGSTORE_VERSION}" 1> /dev/null
+          helm plugin install --verify=false https://github.com/losisin/helm-values-schema-json.git --version "${HELM_SCHEMA_VALUES_VERSION}" 1> /dev/null
+          helm plugin install --verify=false https://github.com/helm-unittest/helm-unittest.git --version "${HELM_UNITTEST_VERSION}" 1> /dev/null
+          helm plugin list
 
       - uses: actions/checkout@v6.0.2
         with:
@@ -28,6 +40,7 @@ jobs:
 
       - name: Extract meta information
         run: |
+          echo "GITEA_SERVER_HOSTNAME=$(echo "${GITHUB_SERVER_URL}" | cut -d '/' -f 3)" >> $GITHUB_ENV
           echo "PACKAGE_VERSION=${GITHUB_REF#refs/tags/}" >> $GITHUB_ENV
           echo "REPOSITORY_NAME=$(echo ${GITHUB_REPOSITORY} | cut -d '/' -f 2 | sed --regexp-extended 's/-charts?//g')" >> $GITHUB_ENV
           echo "REPOSITORY_OWNER=$(echo ${GITHUB_REPOSITORY} | cut -d '/' -f 1)" >> $GITHUB_ENV
@@ -40,22 +53,43 @@ jobs:
           helm dependency build
           helm package --version "${PACKAGE_VERSION}" ./
 
-      - name: Upload Chart to ChartMuseum
+      - uses: docker/login-action@v3.7.0
+        with:
+          registry: ${{ github.server_url }}
+          username: ${{ github.repository_owner }}
+          password: ${{ secrets.GIT_CRYPTIC_SYSTEMS_PACKAGE_REGISTRY_TOKEN }}
+
+      - name: Upload Chart to Gitea (OCI)
         env:
+          COSIGN_PASSWORD: ${{ secrets.COSIGN_PASSWORD }}
+          COSIGN_PRIVATE_KEY: ${{ secrets.COSIGN_PRIVATE_KEY }}
+        run: |
+          helm push ${REPOSITORY_NAME}-${PACKAGE_VERSION}.tgz oci://${GITEA_SERVER_HOSTNAME}/${REPOSITORY_OWNER}
+          cosign sign --yes --upload=true --key=env://COSIGN_PRIVATE_KEY ${GITEA_SERVER_HOSTNAME}/${REPOSITORY_OWNER}/${REPOSITORY_NAME}:${PACKAGE_VERSION}
+
+      - name: Upload Chart to Gitea (Helm)
+        env:
+          GITEA_REGISTRY_TOKEN: ${{ secrets.GIT_CRYPTIC_SYSTEMS_PACKAGE_REGISTRY_TOKEN }}
+        run: |
+          curl \
+            --fail \
+            --show-error \
+            --request POST \
+            --user "${REPOSITORY_OWNER}:${GITEA_REGISTRY_TOKEN}" \
+            --upload-file "${REPOSITORY_NAME}-${PACKAGE_VERSION}.tgz" \
+              https://git.cryptic.systems/api/packages/${REPOSITORY_OWNER}/helm/api/charts
+
+      - name: Upload Chart to Chartmuseum (Helm)
+        env:
+          CHARTMUSEUM_HOSTNAME: ${{ vars.CHARTMUSEUM_HOSTNAME }}
+          CHARTMUSEUM_USERNAME: ${{ secrets.CHARTMUSEUM_USERNAME }}
           CHARTMUSEUM_PASSWORD: ${{ secrets.CHARTMUSEUM_PASSWORD }}
           CHARTMUSEUM_REPOSITORY: ${{ vars.CHARTMUSEUM_REPOSITORY }}
-          CHARTMUSEUM_USERNAME: ${{ secrets.CHARTMUSEUM_USERNAME }}
-          CHARTMUSEUM_HOSTNAME: ${{ vars.CHARTMUSEUM_HOSTNAME }}
         run: |
-          helm repo add --username ${CHARTMUSEUM_USERNAME} --password ${CHARTMUSEUM_PASSWORD} chartmuseum https://${CHARTMUSEUM_HOSTNAME}/${CHARTMUSEUM_REPOSITORY}
-          helm cm-push ${REPOSITORY_NAME}-${PACKAGE_VERSION}.tgz chartmuseum
-          helm repo remove chartmuseum
-
-      - name: Upload Chart to Gitea
-        env:
-          GITEA_PACKAGE_REGISTRY_TOKEN: ${{ secrets.GIT_CRYPTIC_SYSTEMS_PACKAGE_REGISTRY_TOKEN }}
-          GITEA_SERVER_URL: ${{ github.server_url }}
-        run: |
-          helm repo add --username ${REPOSITORY_OWNER} --password ${GITEA_PACKAGE_REGISTRY_TOKEN} gitea ${GITEA_SERVER_URL}/api/packages/${REPOSITORY_OWNER}/helm
-          helm cm-push ${REPOSITORY_NAME}-${PACKAGE_VERSION}.tgz gitea
-          helm repo remove gitea
+          curl \
+            --fail \
+            --show-error \
+            --request POST \
+            --user "${CHARTMUSEUM_USERNAME}:${CHARTMUSEUM_PASSWORD}" \
+            --upload-file "${REPOSITORY_NAME}-${PACKAGE_VERSION}.tgz" \
+              https://${CHARTMUSEUM_HOSTNAME}/api/${CHARTMUSEUM_REPOSITORY}/charts

.gitignore

@@ -1,4 +1,5 @@
 charts
+cosign*
 node_modules
 target
 values2.yml

Chart.yaml

@@ -1,24 +1,25 @@
 annotations:
+  artifacthub.io/license: MIT
   artifacthub.io/links: |
     - name: Prometheus PostgreSQL exporter (binary)
       url: https://github.com/prometheus-community/postgres_exporter
     - name: support
       url: https://git.cryptic.systems/volker.raschek/prometheus-postgres-exporter/issues
+  artifacthub.io/operator: "false"
+  artifacthub.io/prerelease: "false"
 apiVersion: v2
-name: prometheus-postgres-exporter
+appVersion: "0.18.1"
 description: Prometheus metric exporter for PostgreSQL
+home: https://git.cryptic.systems/volker.raschek/prometheus-postgres-exporter
+# icon: https://annotations.example.com/icon.png
+keywords:
+  - prometheus
+  - prometheus-exporter
+  - postgres-postgres-exporter
+  - postgres-exporter
+name: prometheus-postgres-exporter
+sources:
+  - https://github.com/prometheus-community/postgres_exporter
+  - https://git.cryptic.systems/volker.raschek/prometheus-postgres-exporter
 type: application
 version: "0.1.0"
-appVersion: "0.18.1"
-
-# icon: https://annotations.example.com/icon.png
-
-keywords:
-- prometheus
-- prometheus-exporter
-- postgres-postgres-exporter
-- postgres-exporter
-
-sources:
-- https://github.com/prometheus-community/postgres_exporter
-- https://git.cryptic.systems/volker.raschek/prometheus-postgres-exporter

README.md

@@ -34,7 +34,7 @@ separate [chapter](#argocd).
 > time is not possible.
 
 ```bash
-helm repo add prometheus-exporters https://charts.cryptic.systems/prometheus-exporters
+helm repo add prometheus-postgres-exporters https://git.cryptic.systems/prometheus-exporters
 helm repo update
 CHART_VERSION=0.5.5
 helm install --version "${CHART_VERSION}" prometheus-postgres-exporter prometheus-exporters/prometheus-postgres-exporter \