name: Release on: push: tags: - "**" jobs: publish-chart: runs-on: ubuntu-latest steps: - uses: sigstore/cosign-installer@v4.0.0 with: cosign-release: "v2.6.2" # renovate: datasource=github-tags depName=sigstore/cosign - uses: azure/setup-helm@v4.3.1 with: version: "v4.1.0" # renovate: datasource=github-tags depName=helm/helm - name: Install helm plugins env: HELM_SIGSTORE_VERSION: "0.3.0" # renovate: datasource=github-tags depName=sigstore/helm-sigstore extractVersion='^v(?\d+\.\d+\.\d+)$' HELM_SCHEMA_VALUES_VERSION: "2.3.1" # renovate: datasource=github-tags depName=losisin/helm-values-schema-json extractVersion='^v(?\d+\.\d+\.\d+)$' HELM_UNITTEST_VERSION: "1.0.3" # renovate: datasource=github-tags depName=helm-unittest/helm-unittest extractVersion='^v(?\d+\.\d+\.\d+)$' run: | helm plugin install --verify=false https://github.com/sigstore/helm-sigstore.git --version "${HELM_SIGSTORE_VERSION}" 1> /dev/null helm plugin install --verify=false https://github.com/losisin/helm-values-schema-json.git --version "${HELM_SCHEMA_VALUES_VERSION}" 1> /dev/null helm plugin install --verify=false https://github.com/helm-unittest/helm-unittest.git --version "${HELM_UNITTEST_VERSION}" 1> /dev/null helm plugin list - uses: actions/checkout@v6.0.2 with: fetch-depth: 0 - name: Add Artifacthub.io annotations run: | NEW_TAG="$(git tag --sort=-version:refname | head -n 1)" OLD_TAG="$(git tag --sort=-version:refname | head -n 2 | tail -n 1)" .gitea/scripts/add-annotations.sh "${OLD_TAG}" "${NEW_TAG}" - name: Extract meta information run: | echo "GITEA_SERVER_HOSTNAME=$(echo "${GITHUB_SERVER_URL}" | cut -d '/' -f 3)" >> $GITHUB_ENV echo "PACKAGE_VERSION=${GITHUB_REF#refs/tags/}" >> $GITHUB_ENV echo "REPOSITORY_NAME=$(echo ${GITHUB_REPOSITORY} | cut -d '/' -f 2 | sed --regexp-extended 's/-charts?//g')" >> $GITHUB_ENV echo "REPOSITORY_OWNER=$(echo ${GITHUB_REPOSITORY} | cut -d '/' -f 1)" >> $GITHUB_ENV - name: Update Helm Chart version in README.md run: sed -i -E "s/^CHART_VERSION=.*/CHART_VERSION=${PACKAGE_VERSION}/g" README.md - name: Package chart run: | helm dependency build helm package --version "${PACKAGE_VERSION}" ./ - uses: docker/login-action@v3.7.0 with: registry: ${{ github.server_url }} username: ${{ github.repository_owner }} password: ${{ secrets.GIT_CRYPTIC_SYSTEMS_PACKAGE_REGISTRY_TOKEN }} - name: Upload Chart to Gitea (OCI) env: COSIGN_PASSWORD: ${{ secrets.COSIGN_PASSWORD }} COSIGN_PRIVATE_KEY: ${{ secrets.COSIGN_PRIVATE_KEY }} run: | helm push ${REPOSITORY_NAME}-${PACKAGE_VERSION}.tgz oci://${GITEA_SERVER_HOSTNAME}/${REPOSITORY_OWNER} cosign sign --yes --upload=true --key=env://COSIGN_PRIVATE_KEY ${GITEA_SERVER_HOSTNAME}/${REPOSITORY_OWNER}/${REPOSITORY_NAME}:${PACKAGE_VERSION} - name: Upload Chart to Gitea (Helm) env: GITEA_REGISTRY_TOKEN: ${{ secrets.GIT_CRYPTIC_SYSTEMS_PACKAGE_REGISTRY_TOKEN }} run: | curl \ --fail \ --show-error \ --request POST \ --user "${REPOSITORY_OWNER}:${GITEA_REGISTRY_TOKEN}" \ --upload-file "${REPOSITORY_NAME}-${PACKAGE_VERSION}.tgz" \ https://git.cryptic.systems/api/packages/${REPOSITORY_OWNER}/helm/api/charts - name: Upload Chart to Chartmuseum (Helm) env: CHARTMUSEUM_HOSTNAME: ${{ vars.CHARTMUSEUM_HOSTNAME }} CHARTMUSEUM_USERNAME: ${{ secrets.CHARTMUSEUM_USERNAME }} CHARTMUSEUM_PASSWORD: ${{ secrets.CHARTMUSEUM_PASSWORD }} CHARTMUSEUM_REPOSITORY: ${{ vars.CHARTMUSEUM_REPOSITORY }} run: | curl \ --fail \ --show-error \ --request POST \ --user "${CHARTMUSEUM_USERNAME}:${CHARTMUSEUM_PASSWORD}" \ --upload-file "${REPOSITORY_NAME}-${PACKAGE_VERSION}.tgz" \ https://${CHARTMUSEUM_HOSTNAME}/api/${CHARTMUSEUM_REPOSITORY}/charts