forked from Gitea/helm-actions
Compare commits
6 Commits
check-rele
...
update-run
| Author | SHA1 | Date | |
|---|---|---|---|
|
30221a7b89 | ||
|
|
c178f67344 | ||
|
|
2a9d274dea | ||
|
|
8a89d8bf21 | ||
|
|
bb50a19f4d | ||
|
|
b2459f322b |
@@ -1,68 +1,70 @@
|
||||
name: check-secrets
|
||||
name: generate-chart
|
||||
|
||||
on:
|
||||
push:
|
||||
tags:
|
||||
- "*"
|
||||
|
||||
env:
|
||||
# renovate: datasource=docker depName=alpine/helm
|
||||
HELM_VERSION: "3.17.1"
|
||||
|
||||
jobs:
|
||||
check-secrets:
|
||||
generate-chart-publish:
|
||||
runs-on: ubuntu-latest
|
||||
steps:
|
||||
- uses: actions/checkout@v4
|
||||
|
||||
- name: Check all required secrets
|
||||
- name: install tools
|
||||
run: |
|
||||
echo "=== Checking availability of required secrets ==="
|
||||
|
||||
# List of all secrets used in the original workflow
|
||||
SECRETS=(
|
||||
"GPGSIGN_KEY"
|
||||
"GPGSIGN_PASSPHRASE"
|
||||
"DOCKER_CHARTS_PASSWORD"
|
||||
"DOCKER_CHARTS_USERNAME"
|
||||
"AWS_KEY_ID"
|
||||
"AWS_SECRET_ACCESS_KEY"
|
||||
"AWS_REGION"
|
||||
"AWS_S3_BUCKET"
|
||||
)
|
||||
|
||||
MISSING_SECRETS=()
|
||||
AVAILABLE_SECRETS=()
|
||||
|
||||
for secret in "${SECRETS[@]}"; do
|
||||
# Check if secret is set (not empty)
|
||||
if [ -z "${!secret:-}" ]; then
|
||||
echo "❌ Secret '$secret' is NOT available or empty"
|
||||
MISSING_SECRETS+=("$secret")
|
||||
else
|
||||
echo "✅ Secret '$secret' is available"
|
||||
AVAILABLE_SECRETS+=("$secret")
|
||||
fi
|
||||
done
|
||||
|
||||
echo ""
|
||||
echo "=== Summary ==="
|
||||
echo "Available secrets: ${#AVAILABLE_SECRETS[@]}"
|
||||
echo "Missing secrets: ${#MISSING_SECRETS[@]}"
|
||||
|
||||
if [ ${#MISSING_SECRETS[@]} -gt 0 ]; then
|
||||
echo ""
|
||||
echo "Missing secrets:"
|
||||
for secret in "${MISSING_SECRETS[@]}"; do
|
||||
echo " - $secret"
|
||||
done
|
||||
echo ""
|
||||
echo "❌ Some secrets are missing. Please configure them in repository settings."
|
||||
exit 1
|
||||
else
|
||||
echo ""
|
||||
echo "✅ All required secrets are available!"
|
||||
fi
|
||||
env:
|
||||
GPGSIGN_KEY: ${{ secrets.GPGSIGN_KEY }}
|
||||
GPGSIGN_PASSPHRASE: ${{ secrets.GPGSIGN_PASSPHRASE }}
|
||||
DOCKER_CHARTS_PASSWORD: ${{ secrets.DOCKER_CHARTS_PASSWORD }}
|
||||
DOCKER_CHARTS_USERNAME: ${{ secrets.DOCKER_CHARTS_USERNAME }}
|
||||
AWS_KEY_ID: ${{ secrets.AWS_KEY_ID }}
|
||||
AWS_SECRET_ACCESS_KEY: ${{ secrets.AWS_SECRET_ACCESS_KEY }}
|
||||
AWS_REGION: ${{ secrets.AWS_REGION }}
|
||||
AWS_S3_BUCKET: ${{ secrets.AWS_S3_BUCKET }}
|
||||
apt update -y
|
||||
apt install -y curl ca-certificates curl gnupg
|
||||
# helm
|
||||
curl -O https://get.helm.sh/helm-v${{ env.HELM_VERSION }}-linux-amd64.tar.gz
|
||||
tar -xzf helm-v${{ env.HELM_VERSION }}-linux-amd64.tar.gz
|
||||
mv linux-amd64/helm /usr/local/bin/
|
||||
rm -rf linux-amd64 helm-v${{ env.HELM_VERSION }}-linux-amd64.tar.gz
|
||||
helm version
|
||||
# docker
|
||||
install -m 0755 -d /etc/apt/keyrings
|
||||
curl -fsSL https://download.docker.com/linux/ubuntu/gpg | gpg --dearmor -o /etc/apt/keyrings/docker.gpg
|
||||
chmod a+r /etc/apt/keyrings/docker.gpg
|
||||
echo "deb [arch="$(dpkg --print-architecture)" signed-by=/etc/apt/keyrings/docker.gpg] https://download.docker.com/linux/ubuntu "$(. /etc/os-release && echo "$VERSION_CODENAME")" stable" | tee /etc/apt/sources.list.d/docker.list > /dev/null
|
||||
apt update -y
|
||||
apt install -y python3 python3-pip apt-transport-https docker-ce-cli
|
||||
pip install awscli --break-system-packages
|
||||
|
||||
- name: Import GPG key
|
||||
id: import_gpg
|
||||
uses: https://github.com/crazy-max/ghaction-import-gpg@v6
|
||||
with:
|
||||
gpg_private_key: ${{ secrets.GPGSIGN_KEY }}
|
||||
passphrase: ${{ secrets.GPGSIGN_PASSPHRASE }}
|
||||
fingerprint: CC64B1DB67ABBEECAB24B6455FC346329753F4B0
|
||||
|
||||
# Using helm gpg plugin as 'helm package --sign' has issues with gpg2: https://github.com/helm/helm/issues/2843
|
||||
- name: package chart
|
||||
run: |
|
||||
echo ${{ secrets.DOCKER_CHARTS_PASSWORD }} | docker login -u ${{ secrets.DOCKER_CHARTS_USERNAME }} --password-stdin
|
||||
# FIXME: use upstream after https://github.com/technosophos/helm-gpg/issues/1 is solved
|
||||
helm plugin install https://github.com/pat-s/helm-gpg
|
||||
helm dependency build
|
||||
helm package --version "${GITHUB_REF#refs/tags/v}" ./
|
||||
mkdir actions
|
||||
mv actions*.tgz actions/
|
||||
curl -s -L -o actions/index.yaml https://dl.gitea.com/charts/index.yaml
|
||||
helm repo index actions/ --url https://dl.gitea.com/charts --merge actions/index.yaml
|
||||
# push to dockerhub
|
||||
echo ${{ secrets.DOCKER_CHARTS_PASSWORD }} | helm registry login -u ${{ secrets.DOCKER_CHARTS_USERNAME }} registry-1.docker.io --password-stdin
|
||||
helm push actions/actions-${GITHUB_REF#refs/tags/v}.tgz oci://registry-1.docker.io/giteacharts
|
||||
helm registry logout registry-1.docker.io
|
||||
|
||||
- name: aws credential configure
|
||||
uses: https://github.com/aws-actions/configure-aws-credentials@v4
|
||||
with:
|
||||
aws-access-key-id: ${{ secrets.AWS_KEY_ID }}
|
||||
aws-secret-access-key: ${{ secrets.AWS_SECRET_ACCESS_KEY }}
|
||||
aws-region: ${{ secrets.AWS_REGION }}
|
||||
|
||||
- name: Copy files to S3 and clear cache
|
||||
run: |
|
||||
aws s3 sync actions/ s3://${{ secrets.AWS_S3_BUCKET}}/charts/
|
||||
|
||||
1
CODEOWNERS
Normal file
1
CODEOWNERS
Normal file
@@ -0,0 +1 @@
|
||||
* @DaanSelen @volker.raschek @ChristopherHX
|
||||
15
Chart.yaml
15
Chart.yaml
@@ -13,7 +13,18 @@ keywords:
|
||||
sources:
|
||||
- https://gitea.com/gitea/helm-actions
|
||||
- https://gitea.com/gitea/act
|
||||
# FIXME:
|
||||
# maintainers:
|
||||
|
||||
maintainers:
|
||||
# https://gitea.com/DaanSelen
|
||||
- name: Daan Selen
|
||||
email: dselen@nerthus.nl
|
||||
|
||||
# https://gitea.com/volker.raschek
|
||||
- name: Markus Pesch
|
||||
email: markus.pesch+apps@cryptic.systems
|
||||
|
||||
# https://gitea.com/ChristopherHX
|
||||
- name: Christopher Homberger
|
||||
email: christopher.homberger@web.de
|
||||
|
||||
dependencies: []
|
||||
|
||||
@@ -30,12 +30,12 @@ If `.Values.image.rootless: true`, then the following will occur. In case you us
|
||||
| `statefulset.affinity` | Affinity for the statefulset | `{}` |
|
||||
| `statefulset.extraVolumes` | Extra volumes for the statefulset | `[]` |
|
||||
| `statefulset.actRunner.repository` | The Gitea act runner image | `gitea/act_runner` |
|
||||
| `statefulset.actRunner.tag` | The Gitea act runner tag | `0.2.11` |
|
||||
| `statefulset.actRunner.tag` | The Gitea act runner tag | `0.2.12` |
|
||||
| `statefulset.actRunner.pullPolicy` | The Gitea act runner pullPolicy | `IfNotPresent` |
|
||||
| `statefulset.actRunner.extraVolumeMounts` | Allows mounting extra volumes in the act runner container | `[]` |
|
||||
| `statefulset.actRunner.config` | Act runner custom configuration. See [Act Runner documentation](https://docs.gitea.com/usage/actions/act-runner#configuration) for details. | `Too complex. See values.yaml` |
|
||||
| `statefulset.dind.repository` | The Docker-in-Docker image | `docker` |
|
||||
| `statefulset.dind.tag` | The Docker-in-Docker image tag | `25.0.2-dind` |
|
||||
| `statefulset.dind.tag` | The Docker-in-Docker image tag | `28.3.3-dind` |
|
||||
| `statefulset.dind.pullPolicy` | The Docker-in-Docker pullPolicy | `IfNotPresent` |
|
||||
| `statefulset.dind.extraVolumeMounts` | Allows mounting extra volumes in the Docker-in-Docker container | `[]` |
|
||||
| `statefulset.dind.extraEnvs` | Allows adding custom environment variables, such as `DOCKER_IPTABLES_LEGACY` | `[]` |
|
||||
|
||||
@@ -54,7 +54,7 @@ spec:
|
||||
- name: DOCKER_TLS_VERIFY
|
||||
value: "1"
|
||||
- name: DOCKER_CERT_PATH
|
||||
value: /certs/server
|
||||
value: /certs/client
|
||||
- name: GITEA_RUNNER_REGISTRATION_TOKEN
|
||||
valueFrom:
|
||||
secretKeyRef:
|
||||
@@ -70,7 +70,7 @@ spec:
|
||||
- mountPath: /actrunner/config.yaml
|
||||
name: act-runner-config
|
||||
subPath: config.yaml
|
||||
- mountPath: /certs/server
|
||||
- mountPath: /certs/client
|
||||
name: docker-certs
|
||||
- mountPath: /data
|
||||
name: data-act-runner
|
||||
@@ -86,7 +86,7 @@ spec:
|
||||
- name: DOCKER_TLS_VERIFY
|
||||
value: "1"
|
||||
- name: DOCKER_CERT_PATH
|
||||
value: /certs/server
|
||||
value: /certs/client
|
||||
{{- if .Values.statefulset.dind.extraEnvs }}
|
||||
{{- toYaml .Values.statefulset.dind.extraEnvs | nindent 12 }}
|
||||
{{- end }}
|
||||
@@ -95,7 +95,7 @@ spec:
|
||||
resources:
|
||||
{{- toYaml .Values.statefulset.resources | nindent 12 }}
|
||||
volumeMounts:
|
||||
- mountPath: /certs/server
|
||||
- mountPath: /certs/client
|
||||
name: docker-certs
|
||||
{{- with .Values.statefulset.dind.extraVolumeMounts }}
|
||||
{{- toYaml . | nindent 12 }}
|
||||
|
||||
@@ -39,7 +39,7 @@ statefulset:
|
||||
|
||||
actRunner:
|
||||
repository: gitea/act_runner
|
||||
tag: 0.2.11
|
||||
tag: 0.2.12
|
||||
pullPolicy: IfNotPresent
|
||||
extraVolumeMounts: []
|
||||
|
||||
@@ -52,7 +52,7 @@ statefulset:
|
||||
|
||||
dind:
|
||||
repository: docker
|
||||
tag: 25.0.2-dind
|
||||
tag: 28.3.3-dind
|
||||
pullPolicy: IfNotPresent
|
||||
extraVolumeMounts: []
|
||||
|
||||
|
||||
Reference in New Issue
Block a user