-
Notifications
You must be signed in to change notification settings - Fork 710
106 lines (91 loc) · 3.46 KB
/
helm-release.yml
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
name: Release Charts
on:
push:
branches:
- main
# legacy support
- master
jobs:
release:
# depending on default permission settings for your org (contents being read-only or read-write for workloads), you will have to add permissions
# see: https://docs.github.com/en/actions/security-guides/automatic-token-authentication#modifying-the-permissions-for-the-github_token
permissions:
contents: write
packages: write
runs-on: ubuntu-latest
steps:
- name: Checkout
uses: actions/checkout@v3
with:
fetch-depth: 0
- name: Configure Git
run: |
git config user.name "$GITHUB_ACTOR"
git config user.email "$GITHUB_ACTOR@users.noreply.github.com"
- name: Install Helm
uses: azure/setup-helm@v3
with:
version: v3.12.1
- name: Import GPG key
run: |
echo "${{ secrets.GPG_PRIVATE_KEY }}" | gpg --dearmor --output keyring.gpg
echo "${{ secrets.GPG_PASSPHRASE }}" > passphrase-file.txt
- name: Run chart-releaser
# for use with make-release-latest
uses: helm/chart-releaser-action@v1.6.0
env:
CR_TOKEN: "${{ secrets.GITHUB_TOKEN }}"
CR_SKIP_EXISTING: true
CR_KEY: Collabora Productivity
CR_KEYRING: keyring.gpg
CR_PASSPHRASE_FILE: passphrase-file.txt
CR_SIGN: true
with:
charts_dir: "kubernetes/helm"
config: kubernetes/helm/cr.yaml
# see https://github.com/helm/chart-releaser/issues/183
- name: Login to GitHub Container Registry
uses: docker/login-action@v3
with:
registry: ghcr.io
username: ${{ github.actor }}
password: ${{ secrets.GITHUB_TOKEN }}
- name: Push charts to GHCR
run: |
shopt -s nullglob
for pkg in .cr-release-packages/*; do
if [ -z "${pkg:-}" ]; then
break
fi
# Check if the package has a ".prov" extension and skip if true
# prov doesn't need to be pushed they are already pushed as layer in manifest
if [[ "${pkg}" == *.prov ]]; then
echo "Skipping package - ${pkg} with '.prov' extension"
continue
fi
# convert uppercase->lowercase to make sure it follows oci rules
lowercase=$(echo "${GITHUB_REPOSITORY_OWNER}" | tr '[:upper:]' '[:lower:]')
echo "Pushing package - ${pkg} to ghcr.io repository - ${lowercase}"
helm push "${pkg}" "oci://ghcr.io/${lowercase}/charts"
done
- name: Login to Docker Hub
uses: docker/login-action@v3
with:
username: ${{ secrets.DOCKERHUB_USERNAME }}
password: ${{ secrets.DOCKERHUB_TOKEN }}
- name: Push charts to Docker Hub
run: |
shopt -s nullglob
for pkg in .cr-release-packages/*; do
if [ -z "${pkg:-}" ]; then
break
fi
# Check if the package has a ".prov" extension and skip if true
# prov doesn't need to be pushed they are already pushed as layer in manifest
if [[ "${pkg}" == *.prov ]]; then
echo "Skipping package - ${pkg} with '.prov' extension"
continue
fi
echo "Pushing package - ${pkg} to docker.io repository - collabora"
helm push "${pkg}" "oci://registry-1.docker.io/collabora"
done