Skip to content

Updated core and web versions (#199) #407

Updated core and web versions (#199)

Updated core and web versions (#199) #407

Workflow file for this run

name: Build
on:
push:
branches-ignore:
- "gh-pages"
paths-ignore:
- ".github/workflows/**"
workflow_dispatch:
jobs:
build:
name: Build Helm charts
runs-on: ubuntu-22.04
environment: Production
strategy:
fail-fast: false
matrix:
include:
- chart_name: self-host
- chart_name: sm-operator
steps:
- name: Checkout repo
uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2
- name: Set up Helm
uses: Azure/setup-helm@5119fcb9089d432beecbf79bb2c7915207344b78 # v3.5
with:
version: 'v3.13.1'
- name: Login to Azure - CI Subscription
uses: Azure/login@e15b166166a8746d1a47596803bd8c1b595455cf # v1.6.0
with:
creds: ${{ secrets.AZURE_KV_CI_SERVICE_PRINCIPAL }}
- name: Set up GPG key and passphrase
run: |
az keyvault secret download \
--vault-name bitwarden-ci \
--name helm-signing-gpg-private-key \
--file private
az keyvault secret download \
--vault-name bitwarden-ci \
--name helm-signing-gpg-private-key-passphrase \
--file .passphrase
az keyvault secret download \
--vault-name bitwarden-ci \
--name helm-signing-gpg-public-key \
--file public
gpg --dearmor private
gpg --dearmor public
- name: Package Helm chart
id: helm_package
run: |
helm package \
--sign \
--key "DevOps Team" \
--keyring private.gpg \
--passphrase-file .passphrase \
charts/${{ matrix.chart_name }}
PKG_NAME=$(ls *.tgz)
echo "name=$PKG_NAME" >> "$GITHUB_OUTPUT"
- name: Verify Helm chart
run: helm verify ${{ steps.helm_package.outputs.name }} --keyring public.gpg
- name: Upload Helm chart artifact
uses: actions/upload-artifact@b4b15b8c7c6ac21ea08fcf65892d2ee8f75cf882 # v4.4.3
with:
name: ${{ matrix.chart_name }}
path: |
${{ steps.helm_package.outputs.name }}
${{ steps.helm_package.outputs.name }}.prov
if-no-files-found: error