-
Notifications
You must be signed in to change notification settings - Fork 57
91 lines (80 loc) · 2.59 KB
/
Copy pathrelease-chart.yml
File metadata and controls
91 lines (80 loc) · 2.59 KB
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
name: Release
on:
workflow_dispatch:
push:
branches:
- main
paths:
- 'charts/**'
jobs:
check-versions:
runs-on: ubuntu-latest
permissions:
contents: read
outputs:
should_release: ${{ steps.check-versions.outputs.should_release }}
steps:
- name: Checkout
uses: actions/checkout@08c6903cd8c0fde910a37f88322edcfb5dd907a8 # v5.0.0
with:
fetch-depth: 0
persist-credentials: false
- name: Check latest version
id: check-versions
env:
GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
run: |
current_version=$(yq .version ./charts/openbao/Chart.yaml)
url="https://api.github.com/repos/openbao/openbao-helm/releases/latest"
latest_version=$(curl -sSfL -H "Authorization: Bearer ${GITHUB_TOKEN}" "$url" | jq -r '.tag_name' | sed 's/openbao-//')
if [ "$current_version" != "$latest_version" ]; then
echo "should_release=true" >> "$GITHUB_OUTPUT"
else
echo "should_release=false" >> "$GITHUB_OUTPUT"
fi
release:
needs: check-versions
if: needs.check-versions.outputs.should_release == 'true'
environment: helm-release
permissions:
contents: write
packages: write
runs-on: ubuntu-latest
steps:
- name: Checkout
uses: actions/checkout@08c6903cd8c0fde910a37f88322edcfb5dd907a8 # v5.0.0
with:
fetch-depth: 0
- name: Configure Git
run: |
git config user.name "$GITHUB_ACTOR"
git config user.email "$GITHUB_ACTOR@users.noreply.github.com"
- name: Run chart-releaser
id: helm-release
uses: helm/chart-releaser-action@cae68fefc6b5f367a0275617c9f83181ba54714f # v1.7.0
env:
CR_TOKEN: "${{ secrets.GITHUB_TOKEN }}"
CR_GENERATE_RELEASE_NOTES: true
- name: Login to GHCR
uses: docker/login-action@5e57cd118135c172c3672efd75eb46360885c0ef # v3.6.0
with:
registry: ghcr.io
username: ${{ github.actor }}
password: ${{ secrets.GITHUB_TOKEN }}
- name: Push Helm chart to GHCR as OCI artifact
run: |
chart_registry="ghcr.io/${GITHUB_REPOSITORY_OWNER}/charts"
for pkg in .cr-release-packages/*.tgz; do
if [ -z "${pkg:-}" ]; then
break
fi
helm push "${pkg}" "oci://${chart_registry}"
done
ocm:
permissions:
packages: write
needs:
- release
name: Release OCM Artifact
uses: ./.github/workflows/job-ocm.yaml
secrets: inherit