Skip to content

publish-chart

publish-chart #100

---
# This is a manually triggered workflow to package and upload the Helm chart from the
# main branch to Aqua Security repository at https://github.com/aquasecurity/helm-charts.
name: Publish Helm chart
on:
repository_dispatch:
types: [publish-chart]
paths:
- deploy/helm/Chart.yaml
env:
HELM_REP: helm-charts
GH_OWNER: aquasecurity
CHART_DIR: deploy/helm
KIND_VERSION: v0.17.0
KIND_IMAGE: kindest/node:v1.21.1@sha256:69860bda5563ac81e3c0057d654b5253219618a22ec3a346306239bba8cfa1a6
jobs:
release:
# this job will only run if the PR has been merged
if: github.event.client_payload.action == 'chart-release' || github.event.client_payload.action == 'chart-and-app-release'
runs-on: ubuntu-latest
steps:
- uses: actions/checkout@v4
with:
fetch-depth: 0
- name: Install Helm
uses: azure/setup-helm@5119fcb9089d432beecbf79bb2c7915207344b78 # v1.1
with:
version: v3.5.0
- name: Set up python
uses: actions/setup-python@65d7f2d534ac1bc67fcd62888c5f4f3d2cb2b236
with:
python-version: 3.7
- name: Setup Chart Linting
id: lint
uses: helm/[email protected]
- name: Setup Kubernetes cluster (KIND)
uses: helm/[email protected] # v1.5.0
with:
version: ${{ env.KIND_VERSION }}
image: ${{ env.KIND_IMAGE }}
- name: Run chart-testing
run: ct lint-and-install --validate-maintainers=false --charts deploy/helm
- name: Install chart-releaser
run: |
wget https://github.com/helm/chart-releaser/releases/download/v1.3.0/chart-releaser_1.3.0_linux_amd64.tar.gz
echo "baed2315a9bb799efb71d512c5198a2a3b8dcd139d7f22f878777cffcd649a37 chart-releaser_1.3.0_linux_amd64.tar.gz" | sha256sum -c -
tar xzvf chart-releaser_1.3.0_linux_amd64.tar.gz cr
- name: Package helm chart
run: |
./cr package ${{ env.CHART_DIR }}
- name: Upload helm chart
# Failed with upload the same version: https://github.com/helm/chart-releaser/issues/101
continue-on-error: true
run: |
./cr upload -o ${{ env.GH_OWNER }} -r ${{ env.HELM_REP }} --token ${{ secrets.ORG_REPO_TOKEN }} -p .cr-release-packages
- name: Index helm chart
run: |
./cr index -o ${{ env.GH_OWNER }} -r ${{ env.HELM_REP }} -c https://${{ env.GH_OWNER }}.github.io/${{ env.HELM_REP }}/ -i index.yaml
- name: Push index file
uses: dmnemec/copy_file_to_another_repo_action@c93037aa10fa8893de271f19978c980d0c1a9b37 # v1.1.1
env:
API_TOKEN_GITHUB: ${{ secrets.ORG_REPO_TOKEN }}
with:
source_file: "index.yaml"
destination_repo: "${{ env.GH_OWNER }}/${{ env.HELM_REP }}"
destination_folder: "."
destination_branch: "gh-pages"
user_email: [email protected]
user_name: "aqua-bot"
- name: Get latest tag
id: latest_tag
run: |
latest_tag=$(git describe --tags --abbrev=0)
echo "::set-output name=tag::$latest_tag"
- name: Repository Dispatch Publish docs
if: github.event.client_payload.action == 'chart-and-app-release' && !contains(steps.latest_tag.outputs.tag, 'rc')
uses: peter-evans/repository-dispatch@v2
with:
token: ${{ secrets.GITHUB_TOKEN }}
event-type: publish-docs
client-payload: '{"action": "docs-release", "tag": "${{ steps.latest_tag.outputs.tag }}"}'