feat: add Helm chart for Kubernetes deployment #4

Workflow file for this run

	name: Helm Chart

	on:
	push:
	branches:
	- main
	paths:
	- 'helm/**'
	- '.github/workflows/helm.yaml'
	pull_request:
	paths:
	- 'helm/**'
	- '.github/workflows/helm.yaml'
	release:
	types: [published]

	env:
	CHART_DIR: helm
	CHART_NAME: tempo-monitor
	OCI_REGISTRY: ghcr.io

	jobs:
	# ── Lint ──────────────────────────────────────────────────────────────
	lint:
	name: Lint Helm chart
	runs-on: ubuntu-latest
	steps:
	- uses: actions/checkout@v4

	- name: Set up Helm
	uses: azure/setup-helm@v4
	with:
	version: v3.17.0

	- name: Add Bitnami repo
	run: \|
	helm repo add bitnami https://charts.bitnami.com/bitnami --force-update
	helm repo update

	- name: Helm lint
	run: \|
	helm lint --strict --set profile=full --set tempo.image=ghcr.io/tempoxyz/tempo:1.4.1 ./helm

	# ── Validate (dry-run install) ────────────────────────────────────────
	validate:
	name: Validate Kubernetes install (dry-run)
	runs-on: ubuntu-latest
	steps:
	- uses: actions/checkout@v4

	- name: Set up Helm
	uses: azure/setup-helm@v4
	with:
	version: v3.17.0

	- name: Create genesis placeholder
	run: \|
	mkdir -p consensus
	echo '{"config":{},"genesis_time":"","nonce":"0x0000000000000000","extradata":"","alloc":{},"number":"0","gas_limit":"0","difficulty":"0"}' \
	> consensus/genesis.json

	- name: Helm dry-run (consensus profile)
	run: \|
	helm template release-test ./helm \
	--namespace tempo-test \
	--create-namespace \
	--set profile=consensus \
	--set tempo.image=ghcr.io/tempoxyz/tempo:1.4.1 \
	--set validators.count=2 \
	--set rpc.count=1 \
	--set faucet.enabled=true \
	--set monitoring.enabled=false \
	--debug --dry-run=server 2>&1 \| head -200

	- name: Helm dry-run (full profile)
	run: \|
	helm template release-test ./helm \
	--namespace tempo-test \
	--create-namespace \
	--set profile=full \
	--set tempo.image=ghcr.io/tempoxyz/tempo:1.4.1 \
	--set validators.count=4 \
	--set rpc.count=2 \
	--set monitoring.enabled=true \
	--debug --dry-run=server 2>&1 \| head -200

	# ── Package ─────────────────────────────────────────────────────────
	package:
	name: Package Helm chart
	runs-on: ubuntu-latest
	needs: [lint, validate]
	outputs:
	chart_version: ${{ steps.meta.outputs.version }}
	chart_basename: ${{ steps.meta.outputs.basename }}
	steps:
	- uses: actions/checkout@v4

	- name: Set up Helm
	uses: azure/setup-helm@v4
	with:
	version: v3.17.0

	- name: Copy genesis placeholder into chart
	run: \|
	mkdir -p consensus
	echo '{"config":{},"genesis_time":"","nonce":"0x0000000000000000","extradata":"","alloc":{},"number":"0","gas_limit":"0","difficulty":"0"}' \
	> consensus/genesis.json

	- id: meta
	run: \|
	VERSION=$(helm show chart ./helm/Chart.yaml \| grep '^version:' \| awk '{print $2}' \| xargs)
	echo "version=${VERSION}" >> $GITHUB_OUTPUT
	echo "basename=tempo-monitor-${VERSION}.tgz" >> $GITHUB_OUTPUT

	- name: Helm package
	run: \|
	helm package ./helm/Chart.yaml --destination /tmp/helm-charts/
	ls -la /tmp/helm-charts/

	- name: Upload chart artifact
	uses: actions/upload-artifact@v4
	with:
	name: ${{ steps.meta.outputs.chart_basename }}
	path: /tmp/helm-charts/${{ steps.meta.outputs.chart_basename }}
	retention-days: 5

	# ── Publish to GHCR (on main / release only) ──────────────────────────
	publish:
	name: Publish Helm chart to GHCR
	runs-on: ubuntu-latest
	needs: [package]
	permissions:
	contents: read
	packages: write
	if: github.event_name == 'push' && github.ref == 'refs/heads/main'
	env:
	HELM_EXPERIMENTAL_OCI: 1
	steps:
	- uses: actions/checkout@v4

	- name: Set up Helm
	uses: azure/setup-helm@v4
	with:
	version: v3.17.0
	key: ${{ secrets.GITHUB_TOKEN }}

	- name: Log in to GHCR
	uses: docker/login-action@v3
	with:
	registry: ${{ env.OCI_REGISTRY }}
	username: ${{ github.actor }}
	password: ${{ secrets.GITHUB_TOKEN }}

	- name: Download chart artifact
	uses: actions/download-artifact@v4
	with:
	name: ${{ needs.package.outputs.chart_basename }}
	path: /tmp/helm-charts/

	- name: Push chart to GHCR
	env:
	HELM_EXPERIMENTAL_OCI: 1
	run: \|
	CHART_REF="${{ env.OCI_REGISTRY }}/${{ github.repository_owner }}/${{ env.CHART_NAME }}"
	VERSION="${{ needs.package.outputs.chart_version }}"
	FILE="${{ needs.package.outputs.chart_basename }}"

	helm chart save /tmp/helm-charts/${FILE} ${CHART_REF}:${VERSION}
	helm chart push ${CHART_REF}:${VERSION}
	helm chart save /tmp/helm-charts/${FILE} ${CHART_REF}:latest
	helm chart push ${CHART_REF}:latest

	- name: Show published tags
	run: \|
	CHART_REF="${{ env.OCI_REGISTRY }}/${{ github.repository_owner }}/${{ env.CHART_NAME }}"
	VERSION="${{ needs.package.outputs.chart_version }}"
	echo "Published: ${CHART_REF}:${VERSION}"
	echo "Published: ${CHART_REF}:latest"

	# ── SLSA provenance ─────────────────────────────────────────────────
	provenance:
	name: Generate SLSA provenance
	runs-on: ubuntu-latest
	needs: [publish]
	permissions:
	actions: read
	id-token: write
	contents: write
	if: github.event_name == 'push' && github.ref == 'refs/heads/main'
	steps:
	- uses: actions/checkout@v4

	- name: Download chart artifact
	uses: actions/download-artifact@v4
	with:
	name: ${{ needs.package.outputs.chart_basename }}
	path: /tmp/

	- name: Generate SLSA provenance
	uses: actions/attest-build-provenance@v2
	with:
	subject-name: "${{ env.OCI_REGISTRY }}/${{ github.repository_owner }}/${{ env.CHART_NAME }}"
	sha512: ${{ hashFiles('/tmp/*.tgz') }}

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

feat: add Helm chart for Kubernetes deployment #4

Workflow file

feat: add Helm chart for Kubernetes deployment #4

Uh oh!

Workflow file for this run