Update Chart workflow

Signed-off-by: Frank Jogeleit <frank.jogeleit@web.de>

.github/workflows/release-chart.yaml

@@ -9,8 +9,10 @@ jobs:
   helm-chart:
     runs-on: ubuntu-latest
     permissions:
+      packages: write
       contents: write
       pages: write
+      id-token: write 
     steps:
       - name: Checkout
         uses: actions/checkout@d632683dd7b4114ad314bca15554477dd762a938 # v4.2.0
@@ -57,9 +59,27 @@ jobs:
       - name: Install Cosign
         uses: sigstore/cosign-installer@dc72c7d5c4d10cd6bcb8cf6e3fd625a9e5e537da # v3.7.0
 
+      - name: Login to Github Packages
+        uses: docker/login-action@9780b0c442fbb1117ed29e0efdff1e18412f7567 # v3.3.0
+        with:
+          registry: ghcr.io
+          username: ${{ github.actor }}
+          password: ${{ secrets.GITHUB_TOKEN }}
+
+      - name: Set version
+        run: |
+          set -e
+          TAG=${{ github.ref_name }}
+          echo "VERSION=${TAG#policy-reporter-chart-v}" >> $GITHUB_ENV
+
       - name: Push to OCI
         run: |
           set -e
-          output=$(helm push .cr-release-packages/policy-reporter-{{ steps.cr.outputs.chart_version }}.tgz oci://ghcr.io/kyverno/charts 2>&1)
+          output=$(helm push .cr-release-packages/policy-reporter-${{ env.VERSION }}.tgz oci://ghcr.io/kyverno/charts 2>&1)
           digest=$( echo "$output" | grep Digest | cut -c9-)
-          cosign sign --yes ghcr.io/kyverno/charts/policy-reporter@$digest
+          echo CR_DIGEST=$digest
+          echo "CR_DIGEST=$digest" >> "$GITHUB_ENV"
+      
+      - name: Sign Chart
+        run: |
+          cosign sign --yes ghcr.io/kyverno/charts/policy-reporter@${{ env.CR_DIGEST }}

.github/workflows/release-image.yaml

@@ -21,11 +21,11 @@ jobs:
       - name: Checkout
         uses: actions/checkout@d632683dd7b4114ad314bca15554477dd762a938 # v4.2.0
 
-      - name: Push image
+      - name: Parse Version
         id: params
         run: |
           # Strip git ref prefix from version
-          VERSION=$(git rev-parse --short "$GITHUB_SHA")
+          VERSION=$(echo "${{ github.ref }}" | sed -e 's,.*/\(.*\),\1,')
           # Strip "v" prefix from tag name
           [[ "${{ github.ref }}" == "refs/tags/"* ]] && VERSION=$(echo $VERSION | sed -e 's/^v//')
           echo VERSION=$VERSION

charts/policy-reporter/README.md

@@ -49,7 +49,7 @@ Open `http://localhost:8082/` in your browser.
 | image.registry | string | `"ghcr.io"` | Image registry |
 | image.repository | string | `"kyverno/policy-reporter"` | Image repository |
 | image.pullPolicy | string | `"IfNotPresent"` | Image pullPolicy |
-| image.tag | string | `"12da466"` | Image tag |
+| image.tag | string | `"3.0.0-rc.1"` | Image tag |
 | imagePullSecrets | list | `[]` | Image pullSecrets |
 | priorityClassName | string | `""` | Deployment priorityClassName |
 | replicaCount | int | `1` | Deployment replica count |
@@ -75,8 +75,8 @@ Open `http://localhost:8082/` in your browser.
 | securityContext.readOnlyRootFilesystem | bool | `true` |  |
 | securityContext.capabilities.drop[0] | string | `"ALL"` |  |
 | securityContext.seccompProfile.type | string | `"RuntimeDefault"` |  |
-| securityContext.podAnnotations | object | `{}` | Additional annotations to add to each pod |
-| securityContext.podLabels | object | `{}` | Additional labels to add to each pod |
+| podAnnotations | object | `{}` | Additional annotations to add to each pod |
+| podLabels | object | `{}` | Additional labels to add to each pod |
 | resources | object | `{}` | Resource constraints |
 | networkPolicy.enabled | bool | `false` | Create NetworkPolicy |
 | networkPolicy.egress | list | `[{"ports":[{"port":6443,"protocol":"TCP"}],"to":null}]` | Egress rule to allowe Kubernetes API Server access |

charts/policy-reporter/templates/plugins/kyverno/deployment.yaml

@@ -56,11 +56,11 @@ spec:
               protocol: TCP
           livenessProbe:
             httpGet:
-              path: /api/v1/policies
+              path: /v1/policies
               port: http
           readinessProbe:
             httpGet:
-              path: /api/v1/policies
+              path: /v1/policies
               port: http
           resources:
             {{- toYaml .Values.plugin.kyverno.resources | nindent 12 }}

charts/policy-reporter/templates/plugins/trivy/deployment.yaml

@@ -56,11 +56,11 @@ spec:
               protocol: TCP
           livenessProbe:
             httpGet:
-              path: /api/vulnr/v1/policies
+              path: /vulnr/v1/policies
               port: http
           readinessProbe:
             httpGet:
-              path: /api/vulnr/v1/policies
+              path: /vulnr/v1/policies
               port: http
           resources:
             {{- toYaml .Values.plugin.trivy.resources | nindent 12 }}

charts/policy-reporter/values.yaml

@@ -15,7 +15,7 @@ image:
   # -- (string) Image pullPolicy
   pullPolicy: IfNotPresent
   # -- (string) Image tag
-  tag: 12da466
+  tag: 3.0.0-rc.1
 
 # -- Image pullSecrets
 imagePullSecrets: []
@@ -86,11 +86,11 @@ securityContext:
   seccompProfile:
     type: RuntimeDefault
 
-  # -- Additional annotations to add to each pod
-  podAnnotations: {}
+# -- Additional annotations to add to each pod
+podAnnotations: {}
 
-  # -- Additional labels to add to each pod
-  podLabels: {}
+# -- Additional labels to add to each pod
+podLabels: {}
 
 # -- Resource constraints
 resources: {}