-
Notifications
You must be signed in to change notification settings - Fork 25
139 lines (125 loc) · 4.51 KB
/
package-helm.yaml
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
name: Package Helm charts
on:
push:
tags:
- v[0-9]+.[0-9]+.[0-9]+
branches:
- main
- release-*
env:
CHARTS_DIR: deployment/helm/
UNSTABLE_CHARTS: unstable-helm-charts
REGISTRY: ghcr.io
REGISTRY_USER: ${{ github.repository_owner }}
REGISTRY_PATH: ${{ github.repository }}
jobs:
release:
if: ${{ startsWith(github.ref, 'refs/tags/v') }}
permissions:
contents: write
runs-on: ubuntu-latest
steps:
- name: Checkout
uses: actions/checkout@v4
- name: Import GPG key
uses: crazy-max/ghaction-import-gpg@v6
id: import-gpg
with:
gpg_private_key: ${{ secrets.BOT_GPG_PRIVATE_KEY }}
passphrase: ${{ secrets.BOT_PASSPHRASE }}
- name: Export GPG private key
run: |
gpg --batch \
--yes \
--pinentry-mode loopback \
--passphrase ${{ secrets.BOT_PASSPHRASE }} \
--export-secret-keys ${{ secrets.BOT_GPG_ID }} \
> ~/.gnupg/secring.gpg
- name: Verify GPG secret key file
run: |
if [ ! -f ~/.gnupg/secring.gpg ]; then
echo "Error: GPG secret key file '~/.gnupg/secring.gpg' not found!" >&2
exit 1
fi
- name: Install Helm
uses: azure/setup-helm@v4.0.0
- name: Package Stable Helm Charts
run: |
find "$CHARTS_DIR" -name values.yaml | xargs -I '{}' \
sed -e s"/pullPolicy:.*/pullPolicy: IfNotPresent/" -i '{}'
echo ${{ secrets.BOT_PASSPHRASE }} | helm package \
--sign \
--key ${{ steps.import-gpg.outputs.email }} \
--keyring ~/.gnupg/secring.gpg \
--version "$GITHUB_REF_NAME" \
--app-version "$GITHUB_REF_NAME" \
"$CHARTS_DIR"/* \
--passphrase-file "-"
find . -name '*.tgz' -print | while read SRC_FILE; do
DEST_FILE=$(echo $SRC_FILE | sed 's/v/helm-chart-v/g')
mv $SRC_FILE $DEST_FILE
done
- name: Upload Stable Helm Charts to GitHub Release
uses: softprops/action-gh-release@v1
with:
name: ${{ github.ref_name }}
draft: true
append_body: true
files: |
nri-*helm-chart*.tgz
nri-*helm-chart*.tgz.prov
unstable:
if: ${{ !startsWith(github.ref, 'refs/tags/v') }}
concurrency:
group: unstable-helm-charts
cancel-in-progress: false
permissions:
packages: write
runs-on: ubuntu-latest
steps:
- name: Deep Checkout
uses: actions/checkout@v4
with:
fetch-depth: 0
- name: Install Helm
uses: azure/setup-helm@v4.0.0
- name: Package Unstable Helm Charts
id: package-charts
run: |
# For unstable chart version we use:
# - chart version: x.y-unstable derived from the latest tag x.y.z
# - image version: 'unstable'.
majmin="$(git describe --tags | sed -E 's/(v[0-9]*\.[0-9]*).*$/\1/')"
CHART_VERSION="${majmin}-unstable"
if [ $GITHUB_REF_NAME = "main" ]; then
APP_VERSION=unstable
else
APP_VERSION="${majmin}-unstable"
fi
# Package charts
find "$CHARTS_DIR" -name values.yaml | xargs -I '{}' \
sed -e s"/pullPolicy:.*/pullPolicy: Always/" -i '{}'
helm package --version "$CHART_VERSION" --app-version $APP_VERSION "$CHARTS_DIR"/*
find "$CHARTS_DIR" -name values.yaml | xargs -I '{}' \
git checkout '{}'
mkdir ../$UNSTABLE_CHARTS
find . -name '*.tgz' -print | while read SRC_FILE; do
DEST_FILE=$(echo $SRC_FILE | sed 's/v/helm-chart-v/g')
mv -v $SRC_FILE ../$UNSTABLE_CHARTS/$DEST_FILE
done
- name: Log In To Registry
run: |
echo "${{ secrets.GITHUB_TOKEN }}" | \
helm registry login ${{ env.REGISTRY }}/${{ env.REGISTRY_PATH }} -u ${{ env.REGISTRY_USER }} --password-stdin
- name: Push Unstable Helm Charts To Registry
shell: bash
run: |
# Notes:
# Currently we only publish unstable Helm charts from main/HEAD.
# We have no active cleanup of old unstable charts in place. In
# between new tags unstable chart have the same version, though.
pushd ../$UNSTABLE_CHARTS
for i in ./*.tgz; do
helm push $i oci://${{ env.REGISTRY }}/${{ env.REGISTRY_PATH }}/helm-charts
done
popd