mirror of
https://gitea.com/gitea/helm-actions.git
synced 2025-10-22 07:28:17 +00:00
Compare commits
2 Commits
check-rele
...
christophe
Author | SHA1 | Date | |
---|---|---|---|
![]() |
4afe065177 | ||
![]() |
b2459f322b |
@@ -1,68 +1,70 @@
|
|||||||
name: check-secrets
|
name: generate-chart
|
||||||
|
|
||||||
on:
|
on:
|
||||||
push:
|
push:
|
||||||
|
tags:
|
||||||
|
- "*"
|
||||||
|
|
||||||
|
env:
|
||||||
|
# renovate: datasource=docker depName=alpine/helm
|
||||||
|
HELM_VERSION: "3.17.1"
|
||||||
|
|
||||||
jobs:
|
jobs:
|
||||||
check-secrets:
|
generate-chart-publish:
|
||||||
runs-on: ubuntu-latest
|
runs-on: ubuntu-latest
|
||||||
steps:
|
steps:
|
||||||
- uses: actions/checkout@v4
|
- uses: actions/checkout@v4
|
||||||
|
- name: install tools
|
||||||
- name: Check all required secrets
|
|
||||||
run: |
|
run: |
|
||||||
echo "=== Checking availability of required secrets ==="
|
apt update -y
|
||||||
|
apt install -y curl ca-certificates curl gnupg
|
||||||
# List of all secrets used in the original workflow
|
# helm
|
||||||
SECRETS=(
|
curl -O https://get.helm.sh/helm-v${{ env.HELM_VERSION }}-linux-amd64.tar.gz
|
||||||
"GPGSIGN_KEY"
|
tar -xzf helm-v${{ env.HELM_VERSION }}-linux-amd64.tar.gz
|
||||||
"GPGSIGN_PASSPHRASE"
|
mv linux-amd64/helm /usr/local/bin/
|
||||||
"DOCKER_CHARTS_PASSWORD"
|
rm -rf linux-amd64 helm-v${{ env.HELM_VERSION }}-linux-amd64.tar.gz
|
||||||
"DOCKER_CHARTS_USERNAME"
|
helm version
|
||||||
"AWS_KEY_ID"
|
# docker
|
||||||
"AWS_SECRET_ACCESS_KEY"
|
install -m 0755 -d /etc/apt/keyrings
|
||||||
"AWS_REGION"
|
curl -fsSL https://download.docker.com/linux/ubuntu/gpg | gpg --dearmor -o /etc/apt/keyrings/docker.gpg
|
||||||
"AWS_S3_BUCKET"
|
chmod a+r /etc/apt/keyrings/docker.gpg
|
||||||
)
|
echo "deb [arch="$(dpkg --print-architecture)" signed-by=/etc/apt/keyrings/docker.gpg] https://download.docker.com/linux/ubuntu "$(. /etc/os-release && echo "$VERSION_CODENAME")" stable" | tee /etc/apt/sources.list.d/docker.list > /dev/null
|
||||||
|
apt update -y
|
||||||
MISSING_SECRETS=()
|
apt install -y python3 python3-pip apt-transport-https docker-ce-cli
|
||||||
AVAILABLE_SECRETS=()
|
pip install awscli --break-system-packages
|
||||||
|
|
||||||
for secret in "${SECRETS[@]}"; do
|
- name: Import GPG key
|
||||||
# Check if secret is set (not empty)
|
id: import_gpg
|
||||||
if [ -z "${!secret:-}" ]; then
|
uses: https://github.com/crazy-max/ghaction-import-gpg@v6
|
||||||
echo "❌ Secret '$secret' is NOT available or empty"
|
with:
|
||||||
MISSING_SECRETS+=("$secret")
|
gpg_private_key: ${{ secrets.GPGSIGN_KEY }}
|
||||||
else
|
passphrase: ${{ secrets.GPGSIGN_PASSPHRASE }}
|
||||||
echo "✅ Secret '$secret' is available"
|
fingerprint: CC64B1DB67ABBEECAB24B6455FC346329753F4B0
|
||||||
AVAILABLE_SECRETS+=("$secret")
|
|
||||||
fi
|
# Using helm gpg plugin as 'helm package --sign' has issues with gpg2: https://github.com/helm/helm/issues/2843
|
||||||
done
|
- name: package chart
|
||||||
|
run: |
|
||||||
echo ""
|
echo ${{ secrets.DOCKER_CHARTS_PASSWORD }} | docker login -u ${{ secrets.DOCKER_CHARTS_USERNAME }} --password-stdin
|
||||||
echo "=== Summary ==="
|
# FIXME: use upstream after https://github.com/technosophos/helm-gpg/issues/1 is solved
|
||||||
echo "Available secrets: ${#AVAILABLE_SECRETS[@]}"
|
helm plugin install https://github.com/pat-s/helm-gpg
|
||||||
echo "Missing secrets: ${#MISSING_SECRETS[@]}"
|
helm dependency build
|
||||||
|
helm package --version "${GITHUB_REF#refs/tags/v}" ./
|
||||||
if [ ${#MISSING_SECRETS[@]} -gt 0 ]; then
|
mkdir actions
|
||||||
echo ""
|
mv actions*.tgz actions/
|
||||||
echo "Missing secrets:"
|
curl -s -L -o actions/index.yaml https://dl.gitea.com/charts/index.yaml
|
||||||
for secret in "${MISSING_SECRETS[@]}"; do
|
helm repo index actions/ --url https://dl.gitea.com/charts --merge actions/index.yaml
|
||||||
echo " - $secret"
|
# push to dockerhub
|
||||||
done
|
echo ${{ secrets.DOCKER_CHARTS_PASSWORD }} | helm registry login -u ${{ secrets.DOCKER_CHARTS_USERNAME }} registry-1.docker.io --password-stdin
|
||||||
echo ""
|
helm push actions/actions-${GITHUB_REF#refs/tags/v}.tgz oci://registry-1.docker.io/giteacharts
|
||||||
echo "❌ Some secrets are missing. Please configure them in repository settings."
|
helm registry logout registry-1.docker.io
|
||||||
exit 1
|
|
||||||
else
|
- name: aws credential configure
|
||||||
echo ""
|
uses: https://github.com/aws-actions/configure-aws-credentials@v4
|
||||||
echo "✅ All required secrets are available!"
|
with:
|
||||||
fi
|
aws-access-key-id: ${{ secrets.AWS_KEY_ID }}
|
||||||
env:
|
aws-secret-access-key: ${{ secrets.AWS_SECRET_ACCESS_KEY }}
|
||||||
GPGSIGN_KEY: ${{ secrets.GPGSIGN_KEY }}
|
aws-region: ${{ secrets.AWS_REGION }}
|
||||||
GPGSIGN_PASSPHRASE: ${{ secrets.GPGSIGN_PASSPHRASE }}
|
|
||||||
DOCKER_CHARTS_PASSWORD: ${{ secrets.DOCKER_CHARTS_PASSWORD }}
|
- name: Copy files to S3 and clear cache
|
||||||
DOCKER_CHARTS_USERNAME: ${{ secrets.DOCKER_CHARTS_USERNAME }}
|
run: |
|
||||||
AWS_KEY_ID: ${{ secrets.AWS_KEY_ID }}
|
aws s3 sync actions/ s3://${{ secrets.AWS_S3_BUCKET}}/charts/
|
||||||
AWS_SECRET_ACCESS_KEY: ${{ secrets.AWS_SECRET_ACCESS_KEY }}
|
|
||||||
AWS_REGION: ${{ secrets.AWS_REGION }}
|
|
||||||
AWS_S3_BUCKET: ${{ secrets.AWS_S3_BUCKET }}
|
|
||||||
|
11
Chart.yaml
11
Chart.yaml
@@ -13,7 +13,14 @@ keywords:
|
|||||||
sources:
|
sources:
|
||||||
- https://gitea.com/gitea/helm-actions
|
- https://gitea.com/gitea/helm-actions
|
||||||
- https://gitea.com/gitea/act
|
- https://gitea.com/gitea/act
|
||||||
# FIXME:
|
|
||||||
# maintainers:
|
maintainers:
|
||||||
|
# https://gitea.com/DaanSelen
|
||||||
|
- name: Daan Selen
|
||||||
|
email: dselen@nerthus.nl
|
||||||
|
|
||||||
|
# https://gitea.com/ChristopherHX
|
||||||
|
- name: Christopher Homberger
|
||||||
|
email: christopher.homberger@web.de
|
||||||
|
|
||||||
dependencies: []
|
dependencies: []
|
||||||
|
Reference in New Issue
Block a user