Skip to content

Commit

Permalink
feat(ci): Use reusable workflow creation on Helm package
Browse files Browse the repository at this point in the history 
Signed-off-by: Javier Rodriguez <[email protected]>
  • Loading branch information
@javirln
javirln committed May 14, 2024
1 parent bdf3810 commit ab83dd7
Showing 1 changed file with 83 additions and 73 deletions.
156 changes: 83 additions & 73 deletions .github/workflows/package_chart.yaml
View file
Original file line number Diff line number Diff line change
@@ -1,83 +1,93 @@
name: Package Helm Chart

on:
pull_request:
# Only push Helm Chart if the deployment templates have changed
push:
branches:
- main
paths:
- deployment/chainloop/**
# push:
# branches:
# - main
# paths:
# - deployment/chainloop/**

permissions:
contents: read

jobs:
package:
name: Package and push Helm Chart
runs-on: ubuntu-latest
permissions:
packages: write
env:
CHAINLOOP_VERSION: 0.86.0
CHAINLOOP_ROBOT_ACCOUNT: ${{ secrets.CHAINLOOP_ROBOT_ACCOUNT_CHART_PACKAGE }}
steps:
- name: Install Chainloop
run: |
curl -sfL https://raw.githubusercontent.com/chainloop-dev/chainloop/01ad13af08950b7bfbc83569bea207aeb4e1a285/docs/static/install.sh | bash -s -- --version v${{ env.CHAINLOOP_VERSION }}
onboard_workflow:
name: Onboard Chainloop Workflow
uses: chainloop-dev/labs/.github/workflows/chainloop_onboard.yaml@4173e015dbd5dc2a8802555c268da63d57bbe576
with:
project: "chainloop"
workflow_name: "chainloop-vault-helm-package"
secrets:
api_token: ${{ secrets.CHAINLOOP_ONBOARDING_API_TOKEN }}

- name: Docker login to Github Packages
uses: docker/login-action@465a07811f14bebb1938fbed4728c6a1ff8901fc # v2.2.0
with:
registry: ghcr.io
username: ${{ github.actor }}
password: ${{ secrets.GITHUB_TOKEN }}

- name: Install Helm
uses: azure/setup-helm@5119fcb9089d432beecbf79bb2c7915207344b78 # v3.5

- uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 # v4.1.1

- name: Initialize Attestation
run: |
chainloop attestation init
- name: Package Chart
run: helm package deployment/chainloop/

- name: Add Attestation (Helm Chart)
run: |
export PACKAGED_VERSION=$(cat ./deployment/chainloop/Chart.yaml | yq .appVersion)
export CONTAINER_CP=$(cat deployment/chainloop/values.yaml | yq .controlplane.image.repository)
export CONTAINER_CAS=$(cat deployment/chainloop/values.yaml | yq .cas.image.repository)
# Attest Chart
chainloop attestation add --name helm-chart --value chainloop*.tgz
# Attest Control plane image
chainloop attestation add --name control-plane-image --value "${CONTAINER_CP}:${PACKAGED_VERSION}"
# Attest CAS image
chainloop attestation add --name artifact-cas-image --value "${CONTAINER_CAS}:${PACKAGED_VERSION}"
- name: Push Chart
run: |
for pkg in chainloop*.tgz; do
helm push ${pkg} oci://ghcr.io/chainloop-dev/charts
done
- name: Finish and Record Attestation
if: ${{ success() }}
run: |
chainloop attestation status --full
chainloop attestation push --key env://CHAINLOOP_SIGNING_KEY
env:
CHAINLOOP_SIGNING_PASSWORD: ${{ secrets.COSIGN_PASSWORD }}
CHAINLOOP_SIGNING_KEY: ${{ secrets.COSIGN_KEY }}

- name: Mark attestation as failed
if: ${{ failure() }}
run: |
chainloop attestation reset
- name: Mark attestation as cancelled
if: ${{ cancelled() }}
run: |
chainloop attestation reset --trigger cancellation
# package:
# name: Package and push Helm Chart
# runs-on: ubuntu-latest
# permissions:
# packages: write
# env:
# CHAINLOOP_VERSION: 0.86.0
# CHAINLOOP_ROBOT_ACCOUNT: ${{ secrets.CHAINLOOP_ONBOARDING_API_TOKEN }}
# steps:
# - name: Install Chainloop
# run: |
# curl -sfL https://raw.githubusercontent.com/chainloop-dev/chainloop/01ad13af08950b7bfbc83569bea207aeb4e1a285/docs/static/install.sh | bash -s -- --version v${{ env.CHAINLOOP_VERSION }}
#
# - name: Docker login to Github Packages
# uses: docker/login-action@465a07811f14bebb1938fbed4728c6a1ff8901fc # v2.2.0
# with:
# registry: ghcr.io
# username: ${{ github.actor }}
# password: ${{ secrets.GITHUB_TOKEN }}
#
# - name: Install Helm
# uses: azure/setup-helm@5119fcb9089d432beecbf79bb2c7915207344b78 # v3.5
#
# - uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 # v4.1.1
#
# - name: Initialize Attestation
# run: |
# chainloop attestation init --workflow_name chainloop-vault-helm-package
#
# - name: Package Chart
# run: helm package deployment/chainloop/
#
# - name: Add Attestation (Helm Chart)
# run: |
# export PACKAGED_VERSION=$(cat ./deployment/chainloop/Chart.yaml | yq .appVersion)
# export CONTAINER_CP=$(cat deployment/chainloop/values.yaml | yq .controlplane.image.repository)
# export CONTAINER_CAS=$(cat deployment/chainloop/values.yaml | yq .cas.image.repository)
#
# # Attest Chart
# chainloop attestation add --name helm-chart --value chainloop*.tgz
# # Attest Control plane image
# chainloop attestation add --name control-plane-image --value "${CONTAINER_CP}:${PACKAGED_VERSION}"
# # Attest CAS image
# chainloop attestation add --name artifact-cas-image --value "${CONTAINER_CAS}:${PACKAGED_VERSION}"
#
# - name: Push Chart
# run: |
# for pkg in chainloop*.tgz; do
# helm push ${pkg} oci://ghcr.io/chainloop-dev/charts
# done
#
# - name: Finish and Record Attestation
# if: ${{ success() }}
# run: |
# chainloop attestation status --full
# chainloop attestation push --key env://CHAINLOOP_SIGNING_KEY
# env:
# CHAINLOOP_SIGNING_PASSWORD: ${{ secrets.COSIGN_PASSWORD }}
# CHAINLOOP_SIGNING_KEY: ${{ secrets.COSIGN_KEY }}
#
# - name: Mark attestation as failed
# if: ${{ failure() }}
# run: |
# chainloop attestation reset
#
# - name: Mark attestation as cancelled
# if: ${{ cancelled() }}
# run: |
# chainloop attestation reset --trigger cancellation

0 comments on commit ab83dd7

Please sign in to comment.