.gitea/workflows/release-version.yml aktualisiert

This commit is contained in:
ChristopherHX
2025-08-15 20:01:39 +00:00
parent aa99df60b7
commit 1600658386

View File

@@ -1,70 +1,68 @@
name: generate-chart name: check-secrets
on: on:
push: push:
tags:
- "*"
env:
# renovate: datasource=docker depName=alpine/helm
HELM_VERSION: "3.17.1"
jobs: jobs:
generate-chart-publish: check-secrets:
runs-on: ubuntu-latest runs-on: ubuntu-latest
steps: steps:
- uses: actions/checkout@v4 - uses: actions/checkout@v4
- name: install tools
- name: Check all required secrets
run: | run: |
apt update -y echo "=== Checking availability of required secrets ==="
apt install -y curl ca-certificates curl gnupg
# helm # List of all secrets used in the original workflow
curl -O https://get.helm.sh/helm-v${{ env.HELM_VERSION }}-linux-amd64.tar.gz SECRETS=(
tar -xzf helm-v${{ env.HELM_VERSION }}-linux-amd64.tar.gz "GPGSIGN_KEY"
mv linux-amd64/helm /usr/local/bin/ "GPGSIGN_PASSPHRASE"
rm -rf linux-amd64 helm-v${{ env.HELM_VERSION }}-linux-amd64.tar.gz "DOCKER_CHARTS_PASSWORD"
helm version "DOCKER_CHARTS_USERNAME"
# docker "AWS_KEY_ID"
install -m 0755 -d /etc/apt/keyrings "AWS_SECRET_ACCESS_KEY"
curl -fsSL https://download.docker.com/linux/ubuntu/gpg | gpg --dearmor -o /etc/apt/keyrings/docker.gpg "AWS_REGION"
chmod a+r /etc/apt/keyrings/docker.gpg "AWS_S3_BUCKET"
echo "deb [arch="$(dpkg --print-architecture)" signed-by=/etc/apt/keyrings/docker.gpg] https://download.docker.com/linux/ubuntu "$(. /etc/os-release && echo "$VERSION_CODENAME")" stable" | tee /etc/apt/sources.list.d/docker.list > /dev/null )
apt update -y
apt install -y python3 python3-pip apt-transport-https docker-ce-cli MISSING_SECRETS=()
pip install awscli --break-system-packages AVAILABLE_SECRETS=()
- name: Import GPG key for secret in "${SECRETS[@]}"; do
id: import_gpg # Check if secret is set (not empty)
uses: https://github.com/crazy-max/ghaction-import-gpg@v6 if [ -z "${!secret:-}" ]; then
with: echo "❌ Secret '$secret' is NOT available or empty"
gpg_private_key: ${{ secrets.GPGSIGN_KEY }} MISSING_SECRETS+=("$secret")
passphrase: ${{ secrets.GPGSIGN_PASSPHRASE }} else
fingerprint: CC64B1DB67ABBEECAB24B6455FC346329753F4B0 echo "✅ Secret '$secret' is available"
AVAILABLE_SECRETS+=("$secret")
# Using helm gpg plugin as 'helm package --sign' has issues with gpg2: https://github.com/helm/helm/issues/2843 fi
- name: package chart done
run: |
echo ${{ secrets.DOCKER_CHARTS_PASSWORD }} | docker login -u ${{ secrets.DOCKER_CHARTS_USERNAME }} --password-stdin echo ""
# FIXME: use upstream after https://github.com/technosophos/helm-gpg/issues/1 is solved echo "=== Summary ==="
helm plugin install https://github.com/pat-s/helm-gpg echo "Available secrets: ${#AVAILABLE_SECRETS[@]}"
helm dependency build echo "Missing secrets: ${#MISSING_SECRETS[@]}"
helm package --version "${GITHUB_REF#refs/tags/v}" ./
mkdir actions if [ ${#MISSING_SECRETS[@]} -gt 0 ]; then
mv actions*.tgz actions/ echo ""
curl -s -L -o actions/index.yaml https://dl.gitea.com/charts/index.yaml echo "Missing secrets:"
helm repo index actions/ --url https://dl.gitea.com/charts --merge actions/index.yaml for secret in "${MISSING_SECRETS[@]}"; do
# push to dockerhub echo " - $secret"
echo ${{ secrets.DOCKER_CHARTS_PASSWORD }} | helm registry login -u ${{ secrets.DOCKER_CHARTS_USERNAME }} registry-1.docker.io --password-stdin done
helm push actions/actions-${GITHUB_REF#refs/tags/v}.tgz oci://registry-1.docker.io/giteacharts echo ""
helm registry logout registry-1.docker.io echo "❌ Some secrets are missing. Please configure them in repository settings."
exit 1
- name: aws credential configure else
uses: https://github.com/aws-actions/configure-aws-credentials@v4 echo ""
with: echo "✅ All required secrets are available!"
aws-access-key-id: ${{ secrets.AWS_KEY_ID }} fi
aws-secret-access-key: ${{ secrets.AWS_SECRET_ACCESS_KEY }} env:
aws-region: ${{ secrets.AWS_REGION }} GPGSIGN_KEY: ${{ secrets.GPGSIGN_KEY }}
GPGSIGN_PASSPHRASE: ${{ secrets.GPGSIGN_PASSPHRASE }}
- name: Copy files to S3 and clear cache DOCKER_CHARTS_PASSWORD: ${{ secrets.DOCKER_CHARTS_PASSWORD }}
run: | DOCKER_CHARTS_USERNAME: ${{ secrets.DOCKER_CHARTS_USERNAME }}
aws s3 sync actions/ s3://${{ secrets.AWS_S3_BUCKET}}/charts/ AWS_KEY_ID: ${{ secrets.AWS_KEY_ID }}
AWS_SECRET_ACCESS_KEY: ${{ secrets.AWS_SECRET_ACCESS_KEY }}
AWS_REGION: ${{ secrets.AWS_REGION }}
AWS_S3_BUCKET: ${{ secrets.AWS_S3_BUCKET }}