Bump Helm Chart Version => v0.86.0 (#759) #98
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| name: Package Helm Chart | |
| on: | |
| # Only push Helm Chart if the deployment templates have changed | |
| push: | |
| branches: | |
| - main | |
| paths: | |
| - deployment/chainloop/** | |
| permissions: | |
| contents: read | |
| jobs: | |
| package: | |
| name: Package and push Helm Chart | |
| runs-on: ubuntu-latest | |
| permissions: | |
| packages: write | |
| env: | |
| CHAINLOOP_VERSION: 0.83.0 # Min version that includes HELM_CHART material type | |
| CHAINLOOP_ROBOT_ACCOUNT: ${{ secrets.CHAINLOOP_ROBOT_ACCOUNT_CHART_PACKAGE }} | |
| steps: | |
| - name: Install Chainloop | |
| run: | | |
| curl -sfL https://raw.githubusercontent.com/chainloop-dev/chainloop/01ad13af08950b7bfbc83569bea207aeb4e1a285/docs/static/install.sh | bash -s -- --version v${{ env.CHAINLOOP_VERSION }} | |
| - name: Docker login to Github Packages | |
| uses: docker/login-action@465a07811f14bebb1938fbed4728c6a1ff8901fc # v2.2.0 | |
| with: | |
| registry: ghcr.io | |
| username: ${{ github.actor }} | |
| password: ${{ secrets.GITHUB_TOKEN }} | |
| - name: Install Helm | |
| uses: azure/setup-helm@5119fcb9089d432beecbf79bb2c7915207344b78 # v3.5 | |
| - uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 # v4.1.1 | |
| - name: Initialize Attestation | |
| run: | | |
| chainloop attestation init | |
| - name: Package Chart | |
| run: helm package deployment/chainloop/ | |
| - name: Add Attestation (Helm Chart) | |
| run: | | |
| export PACKAGED_VERSION=$(cat ./deployment/chainloop/Chart.yaml | yq .appVersion) | |
| export CONTAINER_CP=$(cat deployment/chainloop/values.yaml | yq .controlplane.image.repository) | |
| export CONTAINER_CAS=$(cat deployment/chainloop/values.yaml | yq .cas.image.repository) | |
| # Attest Chart | |
| chainloop attestation add --name helm-chart --value chainloop*.tgz | |
| # Attest Control plane image | |
| chainloop attestation add --name control-plane-image --value "${CONTAINER_CP}:${PACKAGED_VERSION}" | |
| # Attest CAS image | |
| chainloop attestation add --name artifact-cas-image --value "${CONTAINER_CAS}:${PACKAGED_VERSION}" | |
| - name: Push Chart | |
| run: | | |
| for pkg in chainloop*.tgz; do | |
| helm push ${pkg} oci://ghcr.io/chainloop-dev/charts | |
| done | |
| - name: Finish and Record Attestation | |
| if: ${{ success() }} | |
| run: | | |
| chainloop attestation status --full | |
| chainloop attestation push --key env://CHAINLOOP_SIGNING_KEY | |
| env: | |
| CHAINLOOP_SIGNING_PASSWORD: ${{ secrets.COSIGN_PASSWORD }} | |
| CHAINLOOP_SIGNING_KEY: ${{ secrets.COSIGN_KEY }} | |
| - name: Mark attestation as failed | |
| if: ${{ failure() }} | |
| run: | | |
| chainloop attestation reset | |
| - name: Mark attestation as cancelled | |
| if: ${{ cancelled() }} | |
| run: | | |
| chainloop attestation reset --trigger cancellation |