feat(ci): Use reusable workflow creation on Helm package #105

Workflow file for this run

.github/workflows/package_chart.yaml at 1a06c36

	name: Package Helm Chart

	on:
	pull_request:
	# Only push Helm Chart if the deployment templates have changed
	# push:
	# branches:
	# - main
	# paths:
	# - deployment/chainloop/**

	permissions:
	contents: read

	jobs:
	onboard_workflow:
	name: Onboard Chainloop Workflow
	uses: chainloop-dev/labs/.github/workflows/chainloop_onboard.yml@4173e015dbd5dc2a8802555c268da63d57bbe576
	with:
	project: "chainloop"
	workflow_name: "chainloop-vault-helm-package"
	secrets:
	api_token: ${{ secrets.CHAINLOOP_ONBOARDING_API_TOKEN }}

	package:
	name: Package and push Helm Chart
	runs-on: ubuntu-latest
	permissions:
	packages: write
	env:
	CHAINLOOP_VERSION: 0.87.1
	CHAINLOOP_ROBOT_ACCOUNT: ${{ secrets.CHAINLOOP_ONBOARDING_API_TOKEN }}
	steps:
	- name: Install Chainloop
	run: \|
	curl -sfL https://raw.githubusercontent.com/chainloop-dev/chainloop/01ad13af08950b7bfbc83569bea207aeb4e1a285/docs/static/install.sh \| bash -s -- --version v${{ env.CHAINLOOP_VERSION }}

	- name: Docker login to Github Packages
	uses: docker/login-action@465a07811f14bebb1938fbed4728c6a1ff8901fc # v2.2.0
	with:
	registry: ghcr.io
	username: ${{ github.actor }}
	password: ${{ secrets.GITHUB_TOKEN }}

	- name: Install Helm
	uses: azure/setup-helm@5119fcb9089d432beecbf79bb2c7915207344b78 # v3.5

	- uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 # v4.1.1

	- name: Initialize Attestation
	run: \|
	chainloop attestation init --workflow-name chainloop-vault-helm-package
	#
	# - name: Package Chart
	# run: helm package deployment/chainloop/
	#
	# - name: Add Attestation (Helm Chart)
	# run: \|
	# export PACKAGED_VERSION=$(cat ./deployment/chainloop/Chart.yaml \| yq .appVersion)
	# export CONTAINER_CP=$(cat deployment/chainloop/values.yaml \| yq .controlplane.image.repository)
	# export CONTAINER_CAS=$(cat deployment/chainloop/values.yaml \| yq .cas.image.repository)
	#
	# # Attest Chart
	# chainloop attestation add --name helm-chart --value chainloop*.tgz
	# # Attest Control plane image
	# chainloop attestation add --name control-plane-image --value "${CONTAINER_CP}:${PACKAGED_VERSION}"
	# # Attest CAS image
	# chainloop attestation add --name artifact-cas-image --value "${CONTAINER_CAS}:${PACKAGED_VERSION}"
	#
	# - name: Push Chart
	# run: \|
	# for pkg in chainloop*.tgz; do
	# helm push ${pkg} oci://ghcr.io/chainloop-dev/charts
	# done
	#
	- name: Finish and Record Attestation
	if: ${{ success() }}
	run: \|
	chainloop attestation status --full
	chainloop attestation push --key env://CHAINLOOP_SIGNING_KEY
	env:
	CHAINLOOP_SIGNING_PASSWORD: ${{ secrets.COSIGN_PASSWORD }}
	CHAINLOOP_SIGNING_KEY: ${{ secrets.COSIGN_KEY }}

	- name: Mark attestation as failed
	if: ${{ failure() }}
	run: \|
	chainloop attestation reset

	- name: Mark attestation as cancelled
	if: ${{ cancelled() }}
	run: \|
	chainloop attestation reset --trigger cancellation

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

feat(ci): Use reusable workflow creation on Helm package #105

Workflow file

feat(ci): Use reusable workflow creation on Helm package #105

Jobs

Run details

Workflow file for this run