helm-charts/.github/workflows/publish-chart.yaml at ee249d05c8197b3f89dfad77d365f2c4db4c3a2a · Mailu/helm-charts · GitHub

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
---
name: release-pipeline

permissions:
  id-token: write
  contents: write
  attestations: write
  packages: write

on:
  workflow_dispatch:
    inputs:
      package:
        description: Name of the package that will be published
        required: true
        type: string
        default: charts/mailu
      version:
        description: Version of the package that will be published
        required: true
        type: string

jobs:
  publish:
    runs-on: ubuntu-latest
    outputs:
      release_body: ${{ fromJSON(steps.get_release.outputs.data).body }}
    env:
      OCI_REGISTRY: ghcr.io
      OCI_NAMESPACE: ${{ github.repository_owner }}/helm-charts
    steps:
      - name: Checkout
        uses: actions/checkout@v3
        with:
          fetch-depth: 0

      - name: Extract chart name
        id: extract_chart_name
        run: echo "chart_name=$(basename '${{ github.event.inputs.package }}')" >> "$GITHUB_OUTPUT"

      - name: Checkout Github Pages to gh-pages folder
        uses: actions/checkout@v3
        with:
          repository: ${{ github.repository }}
          ref: gh-pages
          path: gh-pages
          fetch-depth: 0

      - name: Install Helm
        uses: azure/setup-helm@v3
        with:
          version: v3.10.0

      - name: Install dependencies
        run: |
          helm repo add bitnami https://charts.bitnami.com/bitnami
          helm repo update
          helm dependency build ${{ github.event.inputs.package }}

      - name: Run helm lint
        run: helm lint --strict --values ${{ github.event.inputs.package }}/ci/helm-lint-values.yaml ${{ github.event.inputs.package }}

      - name: Install chart-releaser
        uses: helm/chart-releaser-action@v1.7.0
        with:
          install_only: true

      - name: Package Chart with chart-releaser
        run: |
          cr package ${{ github.event.inputs.package }}

      - name: Login to OCI registry (ghcr.io)
        run: |
          echo "${{ secrets.GITHUB_TOKEN }}" | helm registry login ${{ env.OCI_REGISTRY }} --username "${{ github.actor }}" --password-stdin

      - name: Push chart to OCI
        run: |
          CHART_FILE=".cr-release-packages/${{ steps.extract_chart_name.outputs.chart_name }}-${{ github.event.inputs.version }}.tgz"
          helm push "$CHART_FILE" oci://${{ env.OCI_REGISTRY }}/${{ env.OCI_NAMESPACE }}
      - name: Attest Build Provenance
        uses: actions/attest-build-provenance@v2
        id: attest
        with:
          subject-path: .cr-release-packages/${{ steps.extract_chart_name.outputs.chart_name }}-${{ github.event.inputs.version }}.tgz
        env:
          GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}

      - name: Get Release
        uses: octokit/request-action@v2.x
        id: get_release
        with:
          route: GET /repos/{repo}/releases/tags/{tag}
          repo: ${{ github.repository }}
          tag: ${{ steps.extract_chart_name.outputs.chart_name }}-${{ github.event.inputs.version }}
        env:
          GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}

      - name: Upload Chart build to Release
        uses: softprops/action-gh-release@v1
        with:
          name: "${{ steps.extract_chart_name.outputs.chart_name }}: v${{ github.event.inputs.version }}"
          tag_name: "${{ steps.extract_chart_name.outputs.chart_name }}-${{ github.event.inputs.version }}"
          generate_release_notes: false
          body: ${{ fromJSON(steps.get_release.outputs.data).body }}
          files: |
            .cr-release-packages/${{ steps.extract_chart_name.outputs.chart_name }}-${{ github.event.inputs.version }}.tgz
            ${{ steps.attest.outputs.bundle-path }}

      - name: Update chart index and publish to Github pages
        run: |
          git config --global user.email "actions@github.com"
          git config --global user.name "Github actions"
          REPO_NAME=$(echo "${{ github.repository }}" | cut -d "/" -f 2)
          cr -t $GITHUB_TOKEN index -o ${{ github.repository_owner }} -r ${REPO_NAME} -i gh-pages/index.yaml --release-name-template "{{ .Name }}-{{ .Version }}"
          cd gh-pages
          git add .
          git commit -m "New Chart Release for ${{ github.event.inputs.package }}: ${{ github.event.inputs.version }}"
          git push origin gh-pages
        env:
          GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}

  notify-matrix:
    needs:
      - publish
    runs-on: ubuntu-latest
    name: Send message via Matrix
    steps:
      - name: Send message to mailu-helm-chart channel
        # Only run this job if the release-please job created a release
        id: matrix-chat-message
        uses: fadenb/matrix-chat-message@v0.0.6
        with:
          homeserver: "matrix.org"
          token: ${{ secrets.MATRIX_TOKEN }}
          channel: "!KluZWhQwHDYrOfqJdD:make-it.fr"
          message: |
            # New release of ${{ github.event.inputs.package }} helm chart: ${{ github.event.inputs.version }}

            [${{ github.event.inputs.version }}](https://github.com/${{ github.repository }}/releases/tag/${{ github.event.inputs.package }}-${{ github.event.inputs.version }}) has been released.

            ${{ needs.publish.outputs.release_body }}