mirror of
https://github.com/stakater/Reloader.git
synced 2026-02-14 18:09:50 +00:00
124 lines
4.1 KiB
YAML
124 lines
4.1 KiB
YAML
name: Push Helm Chart
|
|
|
|
# TODO: fix: workflows have a problem where only code owners' PRs get the actions running
|
|
|
|
on:
|
|
pull_request:
|
|
types:
|
|
- closed
|
|
branches:
|
|
- master
|
|
paths:
|
|
- 'deployments/kubernetes/chart/reloader/**'
|
|
- '.github/workflows/push-helm-chart.yaml'
|
|
- '.github/workflows/release-helm-chart.yaml'
|
|
|
|
env:
|
|
HELM_REGISTRY_URL: "https://stakater.github.io/stakater-charts"
|
|
REGISTRY: ghcr.io # container registry
|
|
|
|
jobs:
|
|
verify-and-push-helm-chart:
|
|
|
|
permissions:
|
|
contents: read
|
|
id-token: write # needed for signing the images with GitHub OIDC Token
|
|
packages: write # for pushing and signing container images
|
|
|
|
name: Verify and Push Helm Chart
|
|
if: ${{ (github.event.pull_request.merged == true) && (contains(github.event.pull_request.labels.*.name, 'release/helm-chart')) }}
|
|
runs-on: ubuntu-latest
|
|
|
|
steps:
|
|
- name: Check out code
|
|
uses: actions/checkout@v4
|
|
with:
|
|
token: ${{ secrets.PUBLISH_TOKEN }}
|
|
fetch-depth: 0 # otherwise, you will fail to push refs to dest repo
|
|
submodules: recursive
|
|
|
|
# Setting up helm binary
|
|
- name: Set up Helm
|
|
uses: azure/setup-helm@v4
|
|
with:
|
|
version: v3.11.3
|
|
|
|
- name: Add Stakater Helm Repo
|
|
run: |
|
|
helm repo add stakater https://stakater.github.io/stakater-charts
|
|
|
|
- name: Get version for chart from helm repo
|
|
id: chart_eval
|
|
run: |
|
|
current_chart_version=$(helm search repo stakater/reloader | tail -n 1 | awk '{print $2}')
|
|
echo "CURRENT_CHART_VERSION=$(echo ${current_chart_version})" >> $GITHUB_OUTPUT
|
|
|
|
- name: Get Updated Chart version from Chart.yaml
|
|
uses: mikefarah/yq@master
|
|
id: new_chart_version
|
|
with:
|
|
cmd: yq e '.version' deployments/kubernetes/chart/reloader/Chart.yaml
|
|
|
|
- name: Check Version
|
|
uses: aleoyakas/check-semver-increased-action@v1
|
|
id: check-version
|
|
with:
|
|
current-version: ${{ steps.new_chart_version.outputs.result }}
|
|
previous-version: ${{ steps.chart_eval.outputs.CURRENT_CHART_VERSION }}
|
|
|
|
- name: Fail if Helm Chart version isnt updated
|
|
if: steps.check-version.outputs.is-version-increased != 'true'
|
|
run: |
|
|
echo "Helm Chart Version wasnt updated"
|
|
exit 1
|
|
|
|
- name: Install Cosign
|
|
uses: sigstore/cosign-installer@v3.10.1
|
|
|
|
- name: Login to GHCR Registry
|
|
uses: docker/login-action@v3
|
|
with:
|
|
registry: ${{ env.REGISTRY }}
|
|
username: stakater-user
|
|
password: ${{ secrets.GITHUB_TOKEN }}
|
|
|
|
- name: Publish Helm chart to ghcr.io
|
|
run: |
|
|
helm package ./deployments/kubernetes/chart/reloader --destination ./packaged-chart
|
|
helm push ./packaged-chart/*.tgz oci://ghcr.io/stakater/charts
|
|
rm -rf ./packaged-chart
|
|
|
|
- name: Sign artifacts with Cosign
|
|
run: cosign sign --yes ghcr.io/stakater/charts/reloader:${{ steps.new_chart_version.outputs.result }}
|
|
|
|
- name: Publish Helm chart to gh-pages
|
|
uses: stefanprodan/helm-gh-pages@master
|
|
with:
|
|
branch: master
|
|
repository: stakater-charts
|
|
target_dir: docs
|
|
token: ${{ secrets.GHCR_TOKEN }}
|
|
charts_dir: deployments/kubernetes/chart/
|
|
charts_url: ${{ env.HELM_REGISTRY_URL }}
|
|
owner: stakater
|
|
linting: on
|
|
commit_username: stakater-user
|
|
commit_email: stakater@gmail.com
|
|
|
|
- name: Push new chart tag
|
|
uses: anothrNick/github-tag-action@1.71.0
|
|
env:
|
|
GITHUB_TOKEN: ${{ secrets.PUBLISH_TOKEN }}
|
|
WITH_V: false
|
|
CUSTOM_TAG: chart-v${{ steps.new_chart_version.outputs.result }}
|
|
|
|
- name: Notify Slack
|
|
uses: 8398a7/action-slack@v3
|
|
if: always() # Pick up events even if the job fails or is canceled.
|
|
with:
|
|
status: ${{ job.status }}
|
|
fields: repo,author,action,eventName,ref,workflow
|
|
env:
|
|
GITHUB_TOKEN: ${{ secrets.PUBLISH_TOKEN }}
|
|
SLACK_WEBHOOK_URL: ${{ secrets.STAKATER_DELIVERY_SLACK_WEBHOOK }}
|