From bec440645bd3ab430ccd1a5f78633849220927ca Mon Sep 17 00:00:00 2001 From: Markus Pesch Date: Sat, 7 Feb 2026 21:42:20 +0100 Subject: [PATCH] feat: support OCI --- .gitea/workflows/helm.yaml | 4 +- .gitea/workflows/release.yaml | 74 +++++++++++++++++++++++++---------- .gitignore | 1 + Chart.yaml | 29 +++++++------- README.md | 2 +- 5 files changed, 73 insertions(+), 37 deletions(-) diff --git a/.gitea/workflows/helm.yaml b/.gitea/workflows/helm.yaml index efed87f..f0cf47e 100644 --- a/.gitea/workflows/helm.yaml +++ b/.gitea/workflows/helm.yaml @@ -17,7 +17,7 @@ jobs: - uses: actions/checkout@v6.0.2 - uses: azure/setup-helm@v4.3.1 with: - version: v4.0.1 # renovate: datasource=github-releases depName=helm/helm + version: "v4.0.1" # renovate: datasource=github-tags depName=helm/helm - name: Lint helm files run: | helm lint --values values.yaml . @@ -28,7 +28,7 @@ jobs: - uses: actions/checkout@v6.0.2 - uses: azure/setup-helm@v4.3.1 with: - version: v4.0.1 # renovate: datasource=github-releases depName=helm/helm + version: "v4.0.1" # renovate: datasource=github-tags depName=helm/helm - env: HELM_UNITTEST_VERSION: v1.0.0 #renovate: datasource=github-releases depName=helm-unittest/helm-unittest name: Install helm-unittest diff --git a/.gitea/workflows/release.yaml b/.gitea/workflows/release.yaml index b3b9c08..3c9c128 100644 --- a/.gitea/workflows/release.yaml +++ b/.gitea/workflows/release.yaml @@ -7,14 +7,26 @@ on: jobs: publish-chart: - container: - image: docker.io/volkerraschek/helm:3.19.2 runs-on: ubuntu-latest steps: - - name: Install packages via apk + - uses: sigstore/cosign-installer@v4.0.0 + with: + cosign-release: "v2.6.2" # renovate: datasource=github-tags depName=sigstore/cosign + + - uses: azure/setup-helm@v4.3.1 + with: + version: "v4.0.1" # renovate: datasource=github-tags depName=helm/helm + + - name: Install helm plugins + env: + HELM_SIGSTORE_VERSION: "0.3.0" # renovate: datasource=github-tags depName=sigstore/helm-sigstore extractVersion='^v(?\d+\.\d+\.\d+)$' + HELM_SCHEMA_VALUES_VERSION: "2.3.1" # renovate: datasource=github-tags depName=losisin/helm-values-schema-json extractVersion='^v(?\d+\.\d+\.\d+)$' + HELM_UNITTEST_VERSION: "1.0.3" # renovate: datasource=github-tags depName=helm-unittest/helm-unittest extractVersion='^v(?\d+\.\d+\.\d+)$' run: | - apk update - apk add git npm jq yq + helm plugin install --verify=false https://github.com/sigstore/helm-sigstore.git --version "${HELM_SIGSTORE_VERSION}" 1> /dev/null + helm plugin install --verify=false https://github.com/losisin/helm-values-schema-json.git --version "${HELM_SCHEMA_VALUES_VERSION}" 1> /dev/null + helm plugin install --verify=false https://github.com/helm-unittest/helm-unittest.git --version "${HELM_UNITTEST_VERSION}" 1> /dev/null + helm plugin list - uses: actions/checkout@v6.0.2 with: @@ -28,6 +40,7 @@ jobs: - name: Extract meta information run: | + echo "GITEA_SERVER_HOSTNAME=$(echo "${GITHUB_SERVER_URL}" | cut -d '/' -f 3)" >> $GITHUB_ENV echo "PACKAGE_VERSION=${GITHUB_REF#refs/tags/}" >> $GITHUB_ENV echo "REPOSITORY_NAME=$(echo ${GITHUB_REPOSITORY} | cut -d '/' -f 2 | sed --regexp-extended 's/-charts?//g')" >> $GITHUB_ENV echo "REPOSITORY_OWNER=$(echo ${GITHUB_REPOSITORY} | cut -d '/' -f 1)" >> $GITHUB_ENV @@ -40,22 +53,43 @@ jobs: helm dependency build helm package --version "${PACKAGE_VERSION}" ./ - - name: Upload Chart to ChartMuseum + - uses: docker/login-action@v3.7.0 + with: + registry: ${{ github.server_url }} + username: ${{ github.repository_owner }} + password: ${{ secrets.GIT_CRYPTIC_SYSTEMS_PACKAGE_REGISTRY_TOKEN }} + + - name: Upload Chart to Gitea (OCI) env: + COSIGN_PASSWORD: ${{ secrets.COSIGN_PASSWORD }} + COSIGN_PRIVATE_KEY: ${{ secrets.COSIGN_PRIVATE_KEY }} + run: | + helm push ${REPOSITORY_NAME}-${PACKAGE_VERSION}.tgz oci://${GITEA_SERVER_HOSTNAME}/${REPOSITORY_OWNER} + cosign sign --yes --upload=true --key=env://COSIGN_PRIVATE_KEY ${GITEA_SERVER_HOSTNAME}/${REPOSITORY_OWNER}/${REPOSITORY_NAME}:${PACKAGE_VERSION} + + - name: Upload Chart to Gitea (Helm) + env: + GITEA_REGISTRY_TOKEN: ${{ secrets.GIT_CRYPTIC_SYSTEMS_PACKAGE_REGISTRY_TOKEN }} + run: | + curl \ + --fail \ + --show-error \ + --request POST \ + --user "${REPOSITORY_OWNER}:${GITEA_REGISTRY_TOKEN}" \ + --upload-file "${REPOSITORY_NAME}-${PACKAGE_VERSION}.tgz" \ + https://git.cryptic.systems/api/packages/${REPOSITORY_OWNER}/helm/api/charts + + - name: Upload Chart to Chartmuseum (Helm) + env: + CHARTMUSEUM_HOSTNAME: ${{ vars.CHARTMUSEUM_HOSTNAME }} + CHARTMUSEUM_USERNAME: ${{ secrets.CHARTMUSEUM_USERNAME }} CHARTMUSEUM_PASSWORD: ${{ secrets.CHARTMUSEUM_PASSWORD }} CHARTMUSEUM_REPOSITORY: ${{ vars.CHARTMUSEUM_REPOSITORY }} - CHARTMUSEUM_USERNAME: ${{ secrets.CHARTMUSEUM_USERNAME }} - CHARTMUSEUM_HOSTNAME: ${{ vars.CHARTMUSEUM_HOSTNAME }} run: | - helm repo add --username ${CHARTMUSEUM_USERNAME} --password ${CHARTMUSEUM_PASSWORD} chartmuseum https://${CHARTMUSEUM_HOSTNAME}/${CHARTMUSEUM_REPOSITORY} - helm cm-push ${REPOSITORY_NAME}-${PACKAGE_VERSION}.tgz chartmuseum - helm repo remove chartmuseum - - - name: Upload Chart to Gitea - env: - GITEA_PACKAGE_REGISTRY_TOKEN: ${{ secrets.GIT_CRYPTIC_SYSTEMS_PACKAGE_REGISTRY_TOKEN }} - GITEA_SERVER_URL: ${{ github.server_url }} - run: | - helm repo add --username ${REPOSITORY_OWNER} --password ${GITEA_PACKAGE_REGISTRY_TOKEN} gitea ${GITEA_SERVER_URL}/api/packages/${REPOSITORY_OWNER}/helm - helm cm-push ${REPOSITORY_NAME}-${PACKAGE_VERSION}.tgz gitea - helm repo remove gitea + curl \ + --fail \ + --show-error \ + --request POST \ + --user "${CHARTMUSEUM_USERNAME}:${CHARTMUSEUM_PASSWORD}" \ + --upload-file "${REPOSITORY_NAME}-${PACKAGE_VERSION}.tgz" \ + https://${CHARTMUSEUM_HOSTNAME}/api/${CHARTMUSEUM_REPOSITORY}/charts diff --git a/.gitignore b/.gitignore index ba69fff..ef4288f 100644 --- a/.gitignore +++ b/.gitignore @@ -1,4 +1,5 @@ charts +cosign* node_modules target values2.yml diff --git a/Chart.yaml b/Chart.yaml index c74a1ac..605d29a 100644 --- a/Chart.yaml +++ b/Chart.yaml @@ -1,24 +1,25 @@ annotations: + artifacthub.io/license: MIT artifacthub.io/links: | - name: Prometheus PostgreSQL exporter (binary) url: https://github.com/prometheus-community/postgres_exporter - name: support url: https://git.cryptic.systems/volker.raschek/prometheus-postgres-exporter/issues + artifacthub.io/operator: "false" + artifacthub.io/prerelease: "false" apiVersion: v2 -name: prometheus-postgres-exporter +appVersion: "0.18.1" description: Prometheus metric exporter for PostgreSQL +home: https://git.cryptic.systems/volker.raschek/prometheus-postgres-exporter +# icon: https://annotations.example.com/icon.png +keywords: + - prometheus + - prometheus-exporter + - postgres-postgres-exporter + - postgres-exporter +name: prometheus-postgres-exporter +sources: + - https://github.com/prometheus-community/postgres_exporter + - https://git.cryptic.systems/volker.raschek/prometheus-postgres-exporter type: application version: "0.1.0" -appVersion: "0.18.1" - -# icon: https://annotations.example.com/icon.png - -keywords: -- prometheus -- prometheus-exporter -- postgres-postgres-exporter -- postgres-exporter - -sources: -- https://github.com/prometheus-community/postgres_exporter -- https://git.cryptic.systems/volker.raschek/prometheus-postgres-exporter \ No newline at end of file diff --git a/README.md b/README.md index bf5c351..12b67de 100644 --- a/README.md +++ b/README.md @@ -34,7 +34,7 @@ separate [chapter](#argocd). > time is not possible. ```bash -helm repo add prometheus-exporters https://charts.cryptic.systems/prometheus-exporters +helm repo add prometheus-postgres-exporters https://git.cryptic.systems/prometheus-exporters helm repo update CHART_VERSION=0.5.5 helm install --version "${CHART_VERSION}" prometheus-postgres-exporter prometheus-exporters/prometheus-postgres-exporter \