-
Notifications
You must be signed in to change notification settings - Fork 9
133 lines (119 loc) · 3.87 KB
/
publish-chart-packages.yml
File metadata and controls
133 lines (119 loc) · 3.87 KB
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
name: publish-chart-packages
on:
push:
branches: [main]
workflow_dispatch:
inputs:
chart_version:
description: "Chart version to publish (default: read from Chart.yaml)"
required: false
type: string
ref:
description: "Git ref to package from (default: main)"
required: false
type: string
permissions:
contents: write
pull-requests: read
packages: write
pages: write
id-token: write
env:
OCI_REGISTRY: ghcr.io
jobs:
gate:
runs-on: ubuntu-latest
outputs:
allow: ${{ steps.allow_manual.outputs.allow || steps.allow_push.outputs.allow }}
steps:
- name: Checkout
uses: actions/checkout@v4
- name: Allow manual run
id: allow_manual
if: ${{ github.event_name == 'workflow_dispatch' }}
run: echo "allow=true" >> "$GITHUB_OUTPUT"
- name: Check chart-bump label on merged PR
id: allow_push
if: ${{ github.event_name == 'push' }}
env:
GH_TOKEN: ${{ secrets.GITHUB_TOKEN }}
run: |
python tools/allow_chart_bump.py
publish:
needs: gate
runs-on: ubuntu-latest
if: ${{ needs.gate.outputs.allow == 'true' }}
steps:
- uses: actions/checkout@v4
with:
fetch-depth: 0
ref: ${{ inputs.ref || 'main' }}
- name: Setup Helm
uses: azure/setup-helm@v4
- name: Login to GHCR for Helm OCI
run: printf "%s" "${{ secrets.PR_AUTOMATION_TOKEN }}" | helm registry login ghcr.io -u "${{ github.actor }}" --password-stdin
- name: Determine chart version
id: meta
run: |
set -euo pipefail
INPUT_VER="${{ inputs.chart_version }}"
FILE_VER=$(awk '/^version:/ {print $2}' infrastructure/rag/Chart.yaml | tr -d "\"'")
CHART_VERSION="${INPUT_VER:-$FILE_VER}"
if [ -z "$CHART_VERSION" ]; then
echo "Could not determine chart version" >&2
exit 1
fi
echo "chart_version=$CHART_VERSION" >> $GITHUB_OUTPUT
- name: Verify chart version matches input (if provided)
env:
INPUT_VER: ${{ inputs.chart_version }}
FILE_VER: ${{ steps.meta.outputs.chart_version }}
run: |
if [ -n "$INPUT_VER" ] && [ "$INPUT_VER" != "$FILE_VER" ]; then
echo "Chart.yaml version ($FILE_VER) does not match input $INPUT_VER" >&2
exit 1
fi
- name: Package chart
run: |
set -euo pipefail
CHART_DIR="infrastructure/rag"
mkdir -p dist
helm dependency update "$CHART_DIR" || true
helm package "$CHART_DIR" --destination dist
ls -la dist
- name: Push chart to GHCR (OCI)
env:
CHART_VERSION: ${{ steps.meta.outputs.chart_version }}
run: |
set -euo pipefail
PKG=$(ls dist/*.tgz)
helm show chart "$PKG" | grep -E "^version: "
helm push "$PKG" oci://$OCI_REGISTRY/${{ github.repository_owner }}/charts
- name: Build Helm repo index for Pages
env:
CHART_VERSION: ${{ steps.meta.outputs.chart_version }}
run: |
set -euo pipefail
PKG=$(ls dist/*.tgz)
REPO="${GITHUB_REPOSITORY#*/}"
BASE_URL="https://${GITHUB_REPOSITORY_OWNER}.github.io/${REPO}"
helm repo index dist --url "$BASE_URL"
echo "Index generated for $BASE_URL"
- name: Upload Pages artifact
uses: actions/upload-pages-artifact@v3
with:
path: dist
deploy-pages:
needs: publish
runs-on: ubuntu-latest
if: ${{ needs.publish.result == 'success' }}
permissions:
pages: write
id-token: write
environment:
name: github-pages
url: ${{ steps.deployment.outputs.page_url }}
steps:
- name: Deploy to GitHub Pages
id: deployment
uses: actions/deploy-pages@v4