# yaml-language-server: $schema=https://json.schemastore.org/github-workflow.json
name: helm-release
permissions: {}
on:
push:
tags:
- 'kyverno-chart-v*'
- 'kyverno-policies-chart-v*'
- 'kyverno-chart-*'
- 'kyverno-policies-chart-*'
jobs:
helm-tests:
runs-on: ubuntu-latest
steps:
- name: Checkout
uses: actions/checkout@9bb56186c3b09b4f86b1c65136769dd318469633 # v4.1.2
- name: Setup caches
uses: ./.github/actions/setup-caches
timeout-minutes: 5
continue-on-error: true
- name: Setup build env
uses: ./.github/actions/setup-build-env
timeout-minutes: 10
- uses: actions/setup-python@82c7e631bb3cdc910f68e0081d67478d79c6982d # v5.1.0
with:
python-version: 3.7
- name: Set up chart-testing
uses: helm/chart-testing-action@e6669bcd63d7cb57cb4380c33043eebe5d111992 # v2.6.1
- name: Run chart-testing (lint)
run: ct lint --target-branch=main --check-version-increment=false --validate-maintainers=false
linter-artifacthub:
runs-on: ubuntu-latest
container:
image: artifacthub/ah
options: --user root
steps:
- name: Checkout
uses: actions/checkout@9bb56186c3b09b4f86b1c65136769dd318469633 # v4.1.2
- name: Run ah lint
working-directory: ./charts/
run: ah lint
create-release:
runs-on: ubuntu-latest
needs: helm-tests
permissions:
contents: write
packages: write
id-token: write
pages: write
steps:
- name: Checkout
uses: actions/checkout@9bb56186c3b09b4f86b1c65136769dd318469633 # v4.1.2
- name: Setup caches
uses: ./.github/actions/setup-caches
timeout-minutes: 5
continue-on-error: true
- name: Setup build env
uses: ./.github/actions/setup-build-env
timeout-minutes: 10
- name: Install Helm
uses: azure/setup-helm@fe7b79cd5ee1e45176fcad797de68ecaf3ca4814 # v4.2.0
with:
version: v3.10.3
- name: Install Cosign
uses: sigstore/cosign-installer@59acb6260d9c0ba8f4a2f9d9b48431a222b68e20 # v3.5.0
- name: Set version
run: echo "RELEASE_VERSION=${GITHUB_REF#refs/*/}" >> $GITHUB_ENV
- name: Create charts tmp directory
run: |
mkdir charts-tmp
if [[ "$RELEASE_VERSION" = "kyverno-policies-chart-v"* ]]; then
cp -a charts/kyverno-policies charts-tmp/kyverno-policies
fi
if [[ "$RELEASE_VERSION" = "kyverno-chart-v"* ]]; then
cp -a charts/kyverno charts-tmp/kyverno
fi
if [[ "$RELEASE_VERSION" = "kyverno-policies-chart-"* ]]; then
cp -a charts/kyverno-policies charts-tmp/kyverno-policies
fi
if [[ "$RELEASE_VERSION" = "kyverno-chart-"* ]]; then
cp -a charts/kyverno charts-tmp/kyverno
fi
- name: Run chart-releaser
uses: stefanprodan/helm-gh-pages@0ad2bb377311d61ac04ad9eb6f252fb68e207260 #v1.7.0
with:
token: "${{ secrets.GITHUB_TOKEN }}"
linting: off
charts_dir: charts-tmp
- name: Login to GitHub Container Registry
run: |
helm registry login --username ${GITHUB_ACTOR} --password ${{ secrets.GITHUB_TOKEN }} ghcr.io
- name: Publish OCI Charts
run: |
for dir in `find charts-tmp -maxdepth 1 -mindepth 1 -type d -print`; do
chart=${dir##*/}
echo "Found chart: ${chart}"
helm package charts-tmp/${chart} --destination .dist
helm push .dist/${chart}-*.tgz oci://ghcr.io/${{ github.repository_owner }}/charts |& tee .digest
cosign login --username ${GITHUB_ACTOR} --password ${{ secrets.GITHUB_TOKEN }} ghcr.io
cosign sign --yes ghcr.io/${{ github.repository_owner }}/charts/${chart}@$(cat .digest | awk -F "[, ]+" '/Digest/{print $NF}')
done