volker.raschek/prometheus-postgres-exporter
1
1
Fork 0
Code Issues Pull Requests 2 Actions Packages Projects Releases Wiki Activity
Files
991d7d813859ceac9b1db11552a2f24128c0b6f6
prometheus-postgres-exporter/.gitea/workflows/release.yaml

150 lines
6.5 KiB
YAML
Raw Blame History

name: Release
env:
GPG_PRIVATE_KEY_FILE: ${{ runner.temp }}/private.key
GPG_PRIVATE_KEY_FINGERPRINT: ${{ vars.GPG_PRIVATE_KEY_FINGERPRINT }}
GPG_PRIVATE_KEY_PASSPHRASE_FILE: ${{ runner.temp }}/passphrase.txt
on:
push:
tags:
- "**"
jobs:
publish-chart:
runs-on: ubuntu-latest
steps:
- uses: sigstore/cosign-installer@v4.0.0
with:
cosign-release: "v2.6.2" # renovate: datasource=github-tags depName=sigstore/cosign
- uses: azure/setup-helm@v4.3.1
with:
version: "v4.0.1" # renovate: datasource=github-tags depName=helm/helm
- name: Install helm plugins
env:
HELM_SIGSTORE_VERSION: "0.3.0" # renovate: datasource=github-tags depName=sigstore/helm-sigstore extractVersion='^v(?<version>\d+\.\d+\.\d+)$'
HELM_SCHEMA_VALUES_VERSION: "2.3.1" # renovate: datasource=github-tags depName=losisin/helm-values-schema-json extractVersion='^v(?<version>\d+\.\d+\.\d+)$'
HELM_UNITTEST_VERSION: "1.0.3" # renovate: datasource=github-tags depName=helm-unittest/helm-unittest extractVersion='^v(?<version>\d+\.\d+\.\d+)$'
run: |
helm plugin install --verify=false https://github.com/sigstore/helm-sigstore.git --version "${HELM_SIGSTORE_VERSION}" 1> /dev/null
helm plugin install --verify=false https://github.com/losisin/helm-values-schema-json.git --version "${HELM_SCHEMA_VALUES_VERSION}" 1> /dev/null
helm plugin install --verify=false https://github.com/helm-unittest/helm-unittest.git --version "${HELM_UNITTEST_VERSION}" 1> /dev/null
helm plugin list
- name: GPG configuration
env:
GPG_PRIVATE_KEY_PASSPHRASE: ${{ secrets.GPG_PRIVATE_KEY_PASSPHRASE }}
GPG_PRIVATE_KEY: ${{ secrets.GPG_PRIVATE_KEY }}
run: |
# Configure GPG and GPG Agent
mkdir --parents "${HOME}/.gnupg"
chmod 0700 "${HOME}/.gnupg"
cat > "${HOME}/.gnupg/gpg.conf" <<EOF
use-agent
pinentry-mode loopback
EOF
cat > "${HOME}/.gnupg/gpg-agent.conf" <<EOF
allow-loopback-pinentry
max-cache-ttl 86400
default-cache-ttl 86400
EOF
gpgconf --kill gpg-agent
gpgconf --launch gpg-agent
# Import GPG private key
cat 1> "${GPG_PRIVATE_KEY_PASSPHRASE_FILE}" <<< "${GPG_PRIVATE_KEY_PASSPHRASE}"
cat 1> "${GPG_PRIVATE_KEY_FILE}" <<< "${GPG_PRIVATE_KEY}"
gpg --batch --yes --passphrase-fd 0 --import "${GPG_PRIVATE_KEY_FILE}" <<< "${GPG_PRIVATE_KEY_PASSPHRASE}"
# Export GPG keyring
gpg --batch --yes --export "${GPG_PRIVATE_KEY_FINGERPRINT}" 1> "${HOME}/.gnupg/pubring.gpg"
gpg --batch --yes --passphrase-fd 0 --export-secret-keys "${GPG_PRIVATE_KEY_FINGERPRINT}" 1> "${HOME}/.gnupg/secring.gpg" <<< "${GPG_PRIVATE_KEY_PASSPHRASE}"
- uses: actions/checkout@v6.0.2
with:
fetch-depth: 0
- name: Add Artifacthub.io annotations
run: |
NEW_TAG="$(git tag --sort=-version:refname | head -n 1)"
OLD_TAG="$(git tag --sort=-version:refname | head -n 2 | tail -n 1)"
.gitea/scripts/add-annotations.sh "${OLD_TAG}" "${NEW_TAG}"
- name: Extract meta information
run: |
echo "GITEA_SERVER_HOSTNAME=$(echo "${GITHUB_SERVER_URL}" | cut --delimiter '/' --fields 3)" >> $GITHUB_ENV
echo "PACKAGE_VERSION=${GITHUB_REF#refs/tags/}" >> $GITHUB_ENV
echo "REPOSITORY_NAME=$(echo ${GITHUB_REPOSITORY} | cut --delimiter '/' --fields 2 | sed --regexp-extended 's/-charts?//g')" >> $GITHUB_ENV
echo "REPOSITORY_OWNER=$(echo ${GITHUB_REPOSITORY} | cut --delimiter '/' --fields 1)" >> $GITHUB_ENV
- name: Update Helm Chart version in README.md
run: sed -i -E "s/^CHART_VERSION=.*/CHART_VERSION=${PACKAGE_VERSION}/g" README.md
- name: Package chart
run: |
helm dependency build
helm package \
--sign \
--key "$(gpg --with-colons --list-keys "${GPG_PRIVATE_KEY_FINGERPRINT}" | grep uid | cut --delimiter ':' --fields 10)" \
--keyring "${HOME}/.gnupg/secring.gpg" \
--passphrase-file "${GPG_PRIVATE_KEY_PASSPHRASE_FILE}" \
--version "${PACKAGE_VERSION}" ./
- uses: docker/login-action@v3.7.0
with:
registry: ${{ github.server_url }}
username: ${{ github.repository_owner }}
password: ${{ secrets.GIT_CRYPTIC_SYSTEMS_PACKAGE_REGISTRY_TOKEN }}
- name: Upload Chart to Gitea (OCI)
env:
COSIGN_PASSWORD: ${{ secrets.COSIGN_PASSWORD }}
COSIGN_PRIVATE_KEY: ${{ secrets.COSIGN_PRIVATE_KEY }}
run: |
helm push ${REPOSITORY_NAME}-${PACKAGE_VERSION}.tgz oci://${GITEA_SERVER_HOSTNAME}/${REPOSITORY_OWNER}
cosign sign --yes --upload=true --key=env://COSIGN_PRIVATE_KEY ${GITEA_SERVER_HOSTNAME}/${REPOSITORY_OWNER}/${REPOSITORY_NAME}:${PACKAGE_VERSION}
- name: Upload Chart to Gitea (Helm)
env:
GITEA_REGISTRY_TOKEN: ${{ secrets.GIT_CRYPTIC_SYSTEMS_PACKAGE_REGISTRY_TOKEN }}
run: |
for package in "${REPOSITORY_NAME}-${PACKAGE_VERSION}.tgz"*; do
curl \
--fail \
--show-error \
--request POST \
--user "${REPOSITORY_OWNER}:${GITEA_REGISTRY_TOKEN}" \
--upload-file "${REPOSITORY_NAME}-${PACKAGE_VERSION}.tgz" \
https://git.cryptic.systems/api/packages/${REPOSITORY_OWNER}/helm/api/charts
done
- name: Upload Chart to Chartmuseum (Helm)
env:
CHARTMUSEUM_HOSTNAME: ${{ vars.CHARTMUSEUM_HOSTNAME }}
CHARTMUSEUM_USERNAME: ${{ secrets.CHARTMUSEUM_USERNAME }}
CHARTMUSEUM_PASSWORD: ${{ secrets.CHARTMUSEUM_PASSWORD }}
CHARTMUSEUM_REPOSITORY: ${{ vars.CHARTMUSEUM_REPOSITORY }}
run: |
curl \
--fail \
--show-error \
--request POST \
--user "${CHARTMUSEUM_USERNAME}:${CHARTMUSEUM_PASSWORD}" \
--upload-file "${REPOSITORY_NAME}-${PACKAGE_VERSION}.tgz" \
https://${CHARTMUSEUM_HOSTNAME}/api/${CHARTMUSEUM_REPOSITORY}/charts
if [ -f "${REPOSITORY_NAME}-${PACKAGE_VERSION}.tgz.prov" ]; then
curl \
--fail \
--show-error \
--request POST \
--user "${CHARTMUSEUM_USERNAME}:${CHARTMUSEUM_PASSWORD}" \
--upload-file ${REPOSITORY_NAME}-${PACKAGE_VERSION}.tgz.prov \
https://${CHARTMUSEUM_HOSTNAME}/api/${CHARTMUSEUM_REPOSITORY}/prov
fi
Reference in New Issue View Git Blame Copy Permalink