mirror of
				https://gitea.com/gitea/helm-actions.git
				synced 2025-10-25 00:40:56 +00:00 
			
		
		
		
	Compare commits
	
		
			1 Commits
		
	
	
		
			update-run
			...
			check-rele
		
	
	| Author | SHA1 | Date | |
|---|---|---|---|
|   | 1600658386 | 
| @@ -1,70 +1,68 @@ | |||||||
| name: generate-chart | name: check-secrets | ||||||
|  |  | ||||||
| on: | on: | ||||||
|   push: |   push: | ||||||
|     tags: |  | ||||||
|       - "*" |  | ||||||
|  |  | ||||||
| env: |  | ||||||
|   # renovate: datasource=docker depName=alpine/helm |  | ||||||
|   HELM_VERSION: "3.17.1" |  | ||||||
|  |  | ||||||
| jobs: | jobs: | ||||||
|   generate-chart-publish: |   check-secrets: | ||||||
|     runs-on: ubuntu-latest |     runs-on: ubuntu-latest | ||||||
|     steps: |     steps: | ||||||
|       - uses: actions/checkout@v4 |       - uses: actions/checkout@v4 | ||||||
|       - name: install tools |        | ||||||
|  |       - name: Check all required secrets | ||||||
|         run: | |         run: | | ||||||
|           apt update -y |           echo "=== Checking availability of required secrets ===" | ||||||
|           apt install -y curl ca-certificates curl gnupg |  | ||||||
|           # helm |  | ||||||
|           curl -O https://get.helm.sh/helm-v${{ env.HELM_VERSION }}-linux-amd64.tar.gz |  | ||||||
|           tar -xzf helm-v${{ env.HELM_VERSION }}-linux-amd64.tar.gz |  | ||||||
|           mv linux-amd64/helm /usr/local/bin/ |  | ||||||
|           rm -rf linux-amd64 helm-v${{ env.HELM_VERSION }}-linux-amd64.tar.gz |  | ||||||
|           helm version |  | ||||||
|           # docker |  | ||||||
|           install -m 0755 -d /etc/apt/keyrings |  | ||||||
|           curl -fsSL https://download.docker.com/linux/ubuntu/gpg | gpg --dearmor -o /etc/apt/keyrings/docker.gpg |  | ||||||
|           chmod a+r /etc/apt/keyrings/docker.gpg |  | ||||||
|           echo "deb [arch="$(dpkg --print-architecture)" signed-by=/etc/apt/keyrings/docker.gpg] https://download.docker.com/linux/ubuntu "$(. /etc/os-release && echo "$VERSION_CODENAME")" stable" | tee /etc/apt/sources.list.d/docker.list > /dev/null |  | ||||||
|           apt update -y |  | ||||||
|           apt install -y python3 python3-pip apt-transport-https docker-ce-cli |  | ||||||
|           pip install awscli --break-system-packages |  | ||||||
|            |            | ||||||
|       - name: Import GPG key |           # List of all secrets used in the original workflow | ||||||
|         id: import_gpg |           SECRETS=( | ||||||
|         uses: https://github.com/crazy-max/ghaction-import-gpg@v6 |             "GPGSIGN_KEY" | ||||||
|         with: |             "GPGSIGN_PASSPHRASE" | ||||||
|           gpg_private_key: ${{ secrets.GPGSIGN_KEY }} |             "DOCKER_CHARTS_PASSWORD" | ||||||
|           passphrase: ${{ secrets.GPGSIGN_PASSPHRASE }} |             "DOCKER_CHARTS_USERNAME" | ||||||
|           fingerprint: CC64B1DB67ABBEECAB24B6455FC346329753F4B0 |             "AWS_KEY_ID" | ||||||
|  |             "AWS_SECRET_ACCESS_KEY" | ||||||
|  |             "AWS_REGION" | ||||||
|  |             "AWS_S3_BUCKET" | ||||||
|  |           ) | ||||||
|            |            | ||||||
|       # Using helm gpg plugin as 'helm package --sign' has issues with gpg2: https://github.com/helm/helm/issues/2843 |           MISSING_SECRETS=() | ||||||
|       - name: package chart |           AVAILABLE_SECRETS=() | ||||||
|         run: | |  | ||||||
|           echo ${{ secrets.DOCKER_CHARTS_PASSWORD }} | docker login -u ${{ secrets.DOCKER_CHARTS_USERNAME }} --password-stdin |  | ||||||
|           # FIXME: use upstream after https://github.com/technosophos/helm-gpg/issues/1 is solved |  | ||||||
|           helm plugin install https://github.com/pat-s/helm-gpg |  | ||||||
|           helm dependency build |  | ||||||
|           helm package --version "${GITHUB_REF#refs/tags/v}" ./ |  | ||||||
|           mkdir actions |  | ||||||
|           mv actions*.tgz actions/ |  | ||||||
|           curl -s -L -o actions/index.yaml https://dl.gitea.com/charts/index.yaml |  | ||||||
|           helm repo index actions/ --url https://dl.gitea.com/charts --merge actions/index.yaml |  | ||||||
|           # push to dockerhub |  | ||||||
|           echo ${{ secrets.DOCKER_CHARTS_PASSWORD }} | helm registry login -u ${{ secrets.DOCKER_CHARTS_USERNAME }} registry-1.docker.io --password-stdin |  | ||||||
|           helm push actions/actions-${GITHUB_REF#refs/tags/v}.tgz oci://registry-1.docker.io/giteacharts |  | ||||||
|           helm registry logout registry-1.docker.io |  | ||||||
|            |            | ||||||
|       - name: aws credential configure |           for secret in "${SECRETS[@]}"; do | ||||||
|         uses: https://github.com/aws-actions/configure-aws-credentials@v4 |             # Check if secret is set (not empty) | ||||||
|         with: |             if [ -z "${!secret:-}" ]; then | ||||||
|           aws-access-key-id: ${{ secrets.AWS_KEY_ID }} |               echo "❌ Secret '$secret' is NOT available or empty" | ||||||
|           aws-secret-access-key: ${{ secrets.AWS_SECRET_ACCESS_KEY }} |               MISSING_SECRETS+=("$secret") | ||||||
|           aws-region: ${{ secrets.AWS_REGION }} |             else | ||||||
|  |               echo "✅ Secret '$secret' is available" | ||||||
|  |               AVAILABLE_SECRETS+=("$secret") | ||||||
|  |             fi | ||||||
|  |           done | ||||||
|            |            | ||||||
|       - name: Copy files to S3 and clear cache |           echo "" | ||||||
|         run: | |           echo "=== Summary ===" | ||||||
|           aws s3 sync actions/ s3://${{ secrets.AWS_S3_BUCKET}}/charts/ |           echo "Available secrets: ${#AVAILABLE_SECRETS[@]}" | ||||||
|  |           echo "Missing secrets: ${#MISSING_SECRETS[@]}" | ||||||
|  |            | ||||||
|  |           if [ ${#MISSING_SECRETS[@]} -gt 0 ]; then | ||||||
|  |             echo "" | ||||||
|  |             echo "Missing secrets:" | ||||||
|  |             for secret in "${MISSING_SECRETS[@]}"; do | ||||||
|  |               echo "  - $secret" | ||||||
|  |             done | ||||||
|  |             echo "" | ||||||
|  |             echo "❌ Some secrets are missing. Please configure them in repository settings." | ||||||
|  |             exit 1 | ||||||
|  |           else | ||||||
|  |             echo "" | ||||||
|  |             echo "✅ All required secrets are available!" | ||||||
|  |           fi | ||||||
|  |         env: | ||||||
|  |           GPGSIGN_KEY: ${{ secrets.GPGSIGN_KEY }} | ||||||
|  |           GPGSIGN_PASSPHRASE: ${{ secrets.GPGSIGN_PASSPHRASE }} | ||||||
|  |           DOCKER_CHARTS_PASSWORD: ${{ secrets.DOCKER_CHARTS_PASSWORD }} | ||||||
|  |           DOCKER_CHARTS_USERNAME: ${{ secrets.DOCKER_CHARTS_USERNAME }} | ||||||
|  |           AWS_KEY_ID: ${{ secrets.AWS_KEY_ID }} | ||||||
|  |           AWS_SECRET_ACCESS_KEY: ${{ secrets.AWS_SECRET_ACCESS_KEY }} | ||||||
|  |           AWS_REGION: ${{ secrets.AWS_REGION }} | ||||||
|  |           AWS_S3_BUCKET: ${{ secrets.AWS_S3_BUCKET }} | ||||||
|   | |||||||
		Reference in New Issue
	
	Block a user