From fed2d68dcc9c276ac5bc961bbbdbf6d790b158db Mon Sep 17 00:00:00 2001
From: Stephan Butler <stephan@interledger.foundation>
Date: Fri, 19 Jun 2026 12:17:18 +0200
Subject: [PATCH 1/2] ci: should now be able to publish helm from release
 workflow

---
 .github/workflows/helm-publish.yml | 12 ++++++++++--
 .github/workflows/release.yml      |  9 +++++++++
 2 files changed, 19 insertions(+), 2 deletions(-)

diff --git a/.github/workflows/helm-publish.yml b/.github/workflows/helm-publish.yml
index 15596fe3b..5f63f294f 100644
--- a/.github/workflows/helm-publish.yml
+++ b/.github/workflows/helm-publish.yml
@@ -4,6 +4,14 @@ on:
   release:
     types:
       - published
+  workflow_call:
+    inputs:
+      tag_name:
+        required: true
+        type: string
+    secrets:
+      HELM_PUBLISH_TOKEN:
+        required: true
 
 jobs:
   publish:
@@ -20,7 +28,7 @@ jobs:
 
       - name: Update and package all charts
         run: |
-          TAG="${{ github.event.release.tag_name }}"
+          TAG="${{ inputs.tag_name || github.event.release.tag_name }}"
           VERSION="${TAG#v}"
           APP_VERSION="$TAG"
           mkdir -p /tmp/helm-package
@@ -43,7 +51,7 @@ jobs:
           cp /tmp/helm-package/*.tgz charts-branch/
           cd charts-branch
           helm repo index . \
-            --url https://${{ github.repository_owner }}.github.io/${{ github.event.repository.name }}
+            --url https://${{ github.repository_owner }}.github.io/${{ github.event.repository.name || 'testnet' }}
 
       - name: Commit and push to charts branch
         run: |
diff --git a/.github/workflows/release.yml b/.github/workflows/release.yml
index 360d7f8d1..267e67380 100644
--- a/.github/workflows/release.yml
+++ b/.github/workflows/release.yml
@@ -118,6 +118,15 @@ jobs:
         env:
           GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
 
+  helm-publish:
+    name: Publish Helm charts
+    needs: release
+    if: needs.release.outputs.new_release_published == 'true'
+    uses: ./.github/workflows/helm-publish.yml
+    with:
+      tag_name: v${{ needs.release.outputs.new_release_version }}
+    secrets: inherit
+
   publish:
     name: Publish Docker images
     runs-on: ubuntu-latest

From b43a84bf9dde1044b1e98b243d8f24a48cee1ca3 Mon Sep 17 00:00:00 2001
From: Stephan Butler <stephan@interledger.foundation>
Date: Fri, 19 Jun 2026 12:36:10 +0200
Subject: [PATCH 2/2] ci: will now use publish token for the actions

---
 .github/workflows/helm-publish.yml | 2 ++
 .github/workflows/release.yml      | 3 ++-
 2 files changed, 4 insertions(+), 1 deletion(-)

diff --git a/.github/workflows/helm-publish.yml b/.github/workflows/helm-publish.yml
index 5f63f294f..b8343fe45 100644
--- a/.github/workflows/helm-publish.yml
+++ b/.github/workflows/helm-publish.yml
@@ -19,6 +19,8 @@ jobs:
     runs-on: ubuntu-latest
     steps:
       - uses: actions/checkout@v5
+        with:
+          ref: ${{ inputs.tag_name || github.event.release.tag_name }}
 
       - name: Install Helm
         uses: azure/setup-helm@v4
diff --git a/.github/workflows/release.yml b/.github/workflows/release.yml
index 267e67380..46a165a8d 100644
--- a/.github/workflows/release.yml
+++ b/.github/workflows/release.yml
@@ -125,7 +125,8 @@ jobs:
     uses: ./.github/workflows/helm-publish.yml
     with:
       tag_name: v${{ needs.release.outputs.new_release_version }}
-    secrets: inherit
+    secrets:
+      HELM_PUBLISH_TOKEN: ${{ secrets.HELM_PUBLISH_TOKEN }}
 
   publish:
     name: Publish Docker images