fix(chart): quote .Release.Name in label values to prevent YAML int c… #435
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| name: Build and push head images | |
| on: | |
| push: | |
| branches: | |
| - main | |
| jobs: | |
| chart-changes: | |
| if: github.repository_owner == 'loft-sh' # do not run on forks | |
| uses: ./.github/workflows/detect_changes.yaml | |
| with: | |
| paths: | | |
| - "chart/**" | |
| - ".github/workflows/push-head-images.yaml" | |
| helm-unit-tests: | |
| name: Execute all helm tests | |
| if: github.repository_owner == 'loft-sh' # do not run on forks | |
| runs-on: ubuntu-latest | |
| permissions: | |
| contents: read | |
| steps: | |
| - name: Checkout | |
| uses: actions/checkout@v6 | |
| - name: Install Helm Unit Test Plugin | |
| run: | | |
| helm plugin install https://github.com/helm-unittest/helm-unittest --version v0.4.4 | |
| - name: Run Helm Unit Tests | |
| run: | | |
| helm unittest chart | |
| go-unit-test: | |
| name: Execute all go tests | |
| if: github.repository_owner == 'loft-sh' # do not run on forks | |
| runs-on: ubuntu-22.04 | |
| permissions: | |
| contents: read | |
| steps: | |
| - name: Check out code into the Go module directory | |
| uses: actions/checkout@v6 | |
| - name: Set up Go | |
| uses: actions/setup-go@v6 | |
| with: | |
| go-version-file: go.mod | |
| cache: false | |
| - name: Execute unit tests | |
| run: ./hack/test.sh | |
| build-head-images: | |
| runs-on: ubuntu-latest | |
| needs: [helm-unit-tests, go-unit-test] | |
| name: Publish head images | |
| if: | | |
| github.repository_owner == 'loft-sh' && | |
| github.ref_name == 'main' | |
| permissions: | |
| contents: read | |
| id-token: write # This is the key for OIDC cosign! | |
| packages: write | |
| steps: | |
| - name: Checkout repository | |
| uses: actions/checkout@v6 | |
| with: | |
| fetch-depth: 0 | |
| - name: Set up Go | |
| uses: actions/setup-go@v6 | |
| with: | |
| cache: false | |
| go-version-file: go.mod | |
| - name: Install just | |
| uses: extractions/setup-just@v1 | |
| - name: Set up QEMU | |
| uses: docker/setup-qemu-action@v3 | |
| - name: Set up Docker Buildx | |
| uses: docker/setup-buildx-action@v3 | |
| - name: Setup Cosgin | |
| uses: sigstore/cosign-installer@main | |
| with: | |
| cosign-release: "v2.2.3" | |
| - name: Log in to GitHub Container Registry | |
| uses: docker/login-action@v3 | |
| with: | |
| registry: ghcr.io | |
| username: ${{ github.actor }} | |
| password: ${{ secrets.GITHUB_TOKEN }} | |
| - name: Setup GoReleaser and Build Images | |
| uses: goreleaser/goreleaser-action@v6 | |
| with: | |
| distribution: goreleaser | |
| version: latest | |
| args: release --config .goreleaser.head_images.yaml --clean --skip=announce,archive,validate | |
| env: | |
| GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} | |
| TELEMETRY_PRIVATE_KEY: "" | |
| CI_BRANCH: ${{ github.ref_name }} | |
| push-head-chart: | |
| needs: [chart-changes, helm-unit-tests] | |
| if: needs.chart-changes.outputs.has_changed == 'true' | |
| runs-on: ubuntu-latest | |
| name: Push Head Chart | |
| permissions: | |
| contents: read | |
| steps: | |
| - name: Checkout | |
| uses: actions/checkout@v6 | |
| - uses: azure/setup-helm@v4 | |
| with: | |
| version: "v3.20.0" | |
| - name: Install helm-push plugin | |
| run: helm plugin install https://github.com/chartmuseum/helm-push.git | |
| - name: Add ChartMuseum repo | |
| run: helm repo add chartmuseum "$CHART_MUSEUM_URL" --username "$CHART_MUSEUM_USER" --password "$CHART_MUSEUM_PASSWORD" | |
| env: | |
| CHART_MUSEUM_URL: "https://charts.loft.sh/" | |
| CHART_MUSEUM_USER: ${{ secrets.CHART_MUSEUM_USER }} | |
| CHART_MUSEUM_PASSWORD: ${{ secrets.CHART_MUSEUM_PASSWORD }} | |
| - name: Set Chart.yaml name to vcluster-head | |
| uses: "mikefarah/yq@v4.52.2" | |
| with: | |
| cmd: yq -i '.name = "vcluster-head"' 'chart/Chart.yaml' | |
| - name: Set Chart.yaml description | |
| uses: "mikefarah/yq@v4.52.2" | |
| with: | |
| cmd: yq -i '.description = "vCluster HEAD - Development builds from main branch"' 'chart/Chart.yaml' | |
| - name: Set Chart.yaml appVersion | |
| uses: "mikefarah/yq@v4.52.2" | |
| with: | |
| cmd: yq -i '.appVersion = "head-${{ github.sha }}"' 'chart/Chart.yaml' | |
| - name: Package head charts | |
| run: | | |
| SHORT_SHA=$(echo "${{ github.sha }}" | cut -c1-7) | |
| # Package chart with version 0.0.0-latest | |
| helm package chart --version "0.0.0-latest" --destination /tmp | |
| # Package chart with version 0.0.0-<short-sha> | |
| helm package chart --version "0.0.0-${SHORT_SHA}" --destination /tmp | |
| - name: Push head charts to ChartMuseum | |
| run: | | |
| SHORT_SHA=$(echo "${{ github.sha }}" | cut -c1-7) | |
| # Push both versions | |
| helm cm-push --force /tmp/vcluster-head-0.0.0-latest.tgz chartmuseum | |
| helm cm-push --force "/tmp/vcluster-head-0.0.0-${SHORT_SHA}.tgz" chartmuseum | |
| env: | |
| CHART_MUSEUM_URL: "https://charts.loft.sh/" | |
| CHART_MUSEUM_USER: ${{ secrets.CHART_MUSEUM_USER }} | |
| CHART_MUSEUM_PASSWORD: ${{ secrets.CHART_MUSEUM_PASSWORD }} |