feat: add Helm chart for Kubernetes deployment #10

Workflow file for this run

	name: Helm Chart

	on:
	push:
	branches:
	- main
	paths:
	- 'helm/**'
	- '.github/workflows/helm.yaml'
	pull_request:
	paths:
	- 'helm/**'
	- '.github/workflows/helm.yaml'
	release:
	types: [published]

	env:
	CHART_DIR: helm
	CHART_NAME: tempo-monitor
	OCI_REGISTRY: ghcr.io

	jobs:
	lint:
	name: Lint Helm chart
	runs-on: ubuntu-latest
	steps:
	- uses: actions/checkout@v4

	- name: Set up Helm
	uses: azure/setup-helm@v4
	with:
	version: v3.17.0

	- name: Helm lint
	run: \|
	helm lint --strict \
	--set profile=full \
	--set tempo.image=ghcr.io/tempoxyz/tempo:1.4.1 \
	./helm

	validate:
	name: Validate Kubernetes install (dry-run)
	runs-on: ubuntu-latest
	steps:
	- uses: actions/checkout@v4

	- name: Set up Helm
	uses: azure/setup-helm@v4
	with:
	version: v3.17.0

	- name: Create genesis placeholder
	run: \|
	mkdir -p consensus
	echo '{"config":{},"genesis_time":"","nonce":"0x0","extradata":"","alloc":{},"number":"0","gas_limit":"0","difficulty":"0"}' > consensus/genesis.json

	- name: Helm dry-run (consensus profile)
	run: \|
	helm template release-test ./helm \
	--namespace tempo-test \
	--create-namespace \
	--set profile=consensus \
	--set tempo.image=ghcr.io/tempoxyz/tempo:1.4.1 \
	--set validators.count=2 \
	--set rpc.count=1 \
	--set faucet.enabled=true \
	--set monitoring.enabled=false \
	--dry-run=server 2>&1 \| head -100

	- name: Helm dry-run (full profile)
	run: \|
	helm template release-test ./helm \
	--namespace tempo-test \
	--create-namespace \
	--set profile=full \
	--set tempo.image=ghcr.io/tempoxyz/tempo:1.4.1 \
	--set validators.count=4 \
	--set rpc.count=2 \
	--set monitoring.enabled=true \
	--dry-run=server 2>&1 \| head -100

	package:
	name: Package Helm chart
	runs-on: ubuntu-latest
	needs: [lint, validate]
	outputs:
	version: ${{ steps.meta.outputs.version }}
	filename: ${{ steps.meta.outputs.filename }}
	steps:
	- uses: actions/checkout@v4

	- name: Set up Helm
	uses: azure/setup-helm@v4
	with:
	version: v3.17.0

	- name: Create genesis placeholder
	run: mkdir -p consensus && echo '{"config":{},"genesis_time":"","nonce":"0x0","extradata":"","alloc":{},"number":"0","gas_limit":"0","difficulty":"0"}' > consensus/genesis.json

	- name: Extract chart version
	id: meta
	run: \|
	python3 -c "
	import yaml, os
	with open('./helm/Chart.yaml') as f:
	doc = yaml.safe_load(f)
	v = doc['version']
	fname = 'tempo-monitor-' + v + '.tgz'
	with open(os.environ['GITHUB_OUTPUT'], 'a') as f:
	f.write(f'version={v}\n')
	f.write(f'filename={fname}\n')
	print(f'Chart version: {v}')
	print(f'Package filename: {fname}')
	"

	- name: Helm package
	run: \|
	helm package ./helm/ --destination /tmp/helm-charts/
	ls -la /tmp/helm-charts/

	- name: Upload chart artifact
	uses: actions/upload-artifact@v4
	with:
	name: ${{ steps.meta.outputs.filename }}
	path: /tmp/helm-charts/${{ steps.meta.outputs.filename }}
	retention-days: 5

	publish:
	name: Publish Helm chart to GHCR
	runs-on: ubuntu-latest
	needs: [package]
	permissions:
	contents: read
	packages: write
	if: github.event_name == 'push' && github.ref == 'refs/heads/main'
	env:
	HELM_EXPERIMENTAL_OCI: 1
	steps:
	- uses: actions/checkout@v4

	- name: Set up Helm
	uses: azure/setup-helm@v4
	with:
	version: v3.17.0
	key: ${{ secrets.GITHUB_TOKEN }}

	- name: Log in to GHCR
	uses: docker/login-action@v3
	with:
	registry: ${{ env.OCI_REGISTRY }}
	username: ${{ github.actor }}
	password: ${{ secrets.GITHUB_TOKEN }}

	- name: Download chart artifact
	uses: actions/download-artifact@v4
	with:
	name: ${{ needs.package.outputs.filename }}
	path: /tmp/helm-charts/

	- name: Push chart to GHCR
	run: \|
	CHART_REF="${{ env.OCI_REGISTRY }}/${{ github.repository_owner }}/${{ env.CHART_NAME }}"
	FILE="/tmp/helm-charts/${{ needs.package.outputs.filename }}"
	helm chart save "${FILE}" "${CHART_REF}:${{ needs.package.outputs.version }}"
	helm chart push "${CHART_REF}:${{ needs.package.outputs.version }}"
	helm chart save "${FILE}" "${CHART_REF}:latest"
	helm chart push "${CHART_REF}:latest"

	- name: Show published tags
	run: \|
	echo "Published: ${{ env.OCI_REGISTRY }}/${{ github.repository_owner }}/${{ env.CHART_NAME }}:${{ needs.package.outputs.version }}"
	echo "Published: ${{ env.OCI_REGISTRY }}/${{ github.repository_owner }}/${{ env.CHART_NAME }}:latest"

	provenance:
	name: Generate SLSA provenance
	runs-on: ubuntu-latest
	needs: [publish]
	permissions:
	actions: read
	id-token: write
	contents: write
	if: github.event_name == 'push' && github.ref == 'refs/heads/main'
	steps:
	- uses: actions/checkout@v4

	- name: Download chart artifact
	uses: actions/download-artifact@v4
	with:
	name: ${{ needs.package.outputs.filename }}
	path: /tmp/

	- name: Generate SLSA provenance
	uses: actions/attest-build-provenance@v2
	with:
	subject-name: "${{ env.OCI_REGISTRY }}/${{ github.repository_owner }}/${{ env.CHART_NAME }}"
	sha512: ${{ hashFiles('/tmp/*.tgz') }}

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

feat: add Helm chart for Kubernetes deployment #10

Workflow file

feat: add Helm chart for Kubernetes deployment #10

Uh oh!

Workflow file for this run