build(deps): bump sigstore/cosign-installer from 9e9de2292db7abb3f51b7f4808d98f0d347a8919 to 4a861528be5e691840a69536975ada1d4c30349d #228
Workflow file for this run
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
name: Helm charts | |
on: | |
push: | |
branches: | |
- main | |
tags: | |
- "deploy/charts/v[0-9]+.[0-9]+.[0-9]+" | |
pull_request: | |
env: | |
HELM_PLUGIN_CHARTMUSEUM_PUSH_VERSION: 0.9.0 | |
HELM_PUSH_REPOSITORY_NAME: chartmuseum | |
HELM_VERSION: 3.1.1 | |
jobs: | |
helm: | |
name: Helm | |
runs-on: ubuntu-latest | |
steps: | |
- name: Check out code | |
uses: actions/checkout@v3 | |
- uses: azure/setup-helm@v3 | |
with: | |
version: ${{ env.HELM_VERSION }} | |
- name: Add Helm repositories | |
run: | | |
helm repo add incubator https://charts.helm.sh/incubator | |
helm repo add chartmuseum https://kubernetes-charts.banzaicloud.com | |
helm repo add banzaicloud-stable http://kubernetes-charts.banzaicloud.com/branch/master | |
helm repo add rimusz https://charts.rimusz.net | |
- name: Update Helm repositories | |
run: | | |
helm repo update | |
helm repo list | |
- name: Update Helm dependencies | |
run: | | |
find -H 'deploy/charts/' \ | |
-maxdepth 2 \ | |
-name 'Chart.yaml' \ | |
-execdir helm dependency update \; | |
- name: Lint Helm charts | |
run: | | |
find -H 'deploy/charts/.' \ | |
-maxdepth 2 \ | |
-name 'Chart.yaml' \ | |
-printf '%h\n' \ | |
| xargs helm lint | |
- name: Set Git refname | |
id: set-git-refname | |
run: | | |
GIT_REFNAME="$(echo "${{ github.ref }}" | sed -r 's@refs/(heads|pull|tags)/@@g')" | |
echo "GIT_REFNAME=${GIT_REFNAME}" | |
echo "git_refname=${GIT_REFNAME}" >> $GITHUB_OUTPUT | |
- name: Set Helm push enabled | |
id: set-helm-push-enabled | |
run: | | |
HELM_PUSH_ENABLED="" | |
if [ "${{ github.event_name }}" == "push" ] && echo "${{ steps.set-git-refname.outputs.git_refname }}" | grep -E -q "deploy/charts/v[0-9]+\.[0-9]+\.[0-9]+"; then | |
HELM_PUSH_ENABLED=1 | |
else | |
printf >&2 "Unstable chart (%s) from %s event, chart will not be pushed" "${{ steps.set-git-refname.outputs.git_refname }}" "${{ github.event_name }}" | |
fi | |
echo "HELM_PUSH_ENABLED=${HELM_PUSH_ENABLED}" | |
echo "helm_push_enabled=${HELM_PUSH_ENABLED}" >> $GITHUB_OUTPUT | |
- if: ${{ steps.set-helm-push-enabled.outputs.helm_push_enabled == 1 }} | |
name: Set chart name | |
id: set-chart-name | |
run: | | |
CHART_NAME="imagepullsecrets" | |
echo "CHART_NAME=${CHART_NAME}" | |
echo "chart_name=${CHART_NAME}" >> $GITHUB_OUTPUT | |
- if: ${{ steps.set-helm-push-enabled.outputs.helm_push_enabled == 1 }} | |
name: Package Helm chart | |
id: package-chart | |
run: | | |
HELM_PACKAGE_OUTPUT=$(helm package "${{ github.workspace }}/deploy/charts/${{ steps.set-chart-name.outputs.chart_name }}") || exit 1 | |
HELM_PACKAGE_PATH="${HELM_PACKAGE_OUTPUT##"Successfully packaged chart and saved it to: "}" | |
echo "HELM_PACKAGE_PATH=${HELM_PACKAGE_PATH}" | |
echo "helm_package_path=${HELM_PACKAGE_PATH}" >> $GITHUB_OUTPUT | |
- if: ${{ steps.set-helm-push-enabled.outputs.helm_push_enabled == 1 }} | |
name: Check Helm chart version in repository | |
run: | | |
CHART_PATH="${{ github.workspace }}/deploy/charts/${{ steps.set-chart-name.outputs.chart_name }}" | |
EXPECTED_CHART_VERSION="$(echo "${{ steps.set-git-refname.outputs.git_refname }}" | awk -F '/v' '{print $NF}')" || exit 1 | |
ACTUAL_CHART_VERSION="$(awk '/version: [0-9]+\.[0-9]+\.[0-9]+/ {print $2}' "${CHART_PATH}/Chart.yaml")" || exit 1 | |
if [ "${EXPECTED_CHART_VERSION}" != "${ACTUAL_CHART_VERSION}" ]; then | |
printf >&2 "chart version mismatches, name: %s, expected version (from tag): %s, actual version (from chart): %s" "${{ steps.set-chart-name.outputs.chart_name }}" "${EXPECTED_CHART_VERSION}" "${ACTUAL_CHART_VERSION}" | |
exit 1 | |
fi | |
if helm search repo "${{ env.HELM_PUSH_REPOSITORY_NAME }}/${{ steps.set-chart-name.outputs.chart_name }}" --version "${ACTUAL_CHART_VERSION}" --output json | jq --exit-status 'length > 0'; then | |
printf >&2 "chart version already exists in the repository, repository: %s, name: %s, version: %s" "${{ env.HELM_PUSH_REPOSITORY_NAME }}" "${{ steps.set-chart-name.outputs.chart_name }}" "${ACTUAL_CHART_VERSION}" | |
exit 1 | |
fi | |
- if: ${{ steps.set-helm-push-enabled.outputs.helm_push_enabled == 1 }} | |
name: Install Helm ChartMuseum push plugin | |
run: helm plugin install "https://github.com/chartmuseum/helm-push.git" --version "${{ env.HELM_PLUGIN_CHARTMUSEUM_PUSH_VERSION }}" | |
- if: ${{ steps.set-helm-push-enabled.outputs.helm_push_enabled == 1 }} | |
name: Push Helm chart | |
env: | |
HELM_REPO_PASSWORD: ${{ secrets.HELM_REPO_PASSWORD }} | |
HELM_REPO_USERNAME: ${{ secrets.HELM_REPO_USERNAME }} | |
run: helm push "${{ steps.package-chart.outputs.helm_package_path }}" "${{ env.HELM_PUSH_REPOSITORY_NAME }}" |