-
Notifications
You must be signed in to change notification settings - Fork 8
133 lines (119 loc) · 4.13 KB
/
publish-chart-packages.yml
File metadata and controls
133 lines (119 loc) · 4.13 KB
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
name: publish-chart-packages
on:
push:
branches: [main]
workflow_dispatch:
inputs:
chart_version:
description: "Chart version to publish (default: read from Chart.yaml)"
required: false
type: string
ref:
description: "Git ref to package from (default: main)"
required: false
type: string
permissions:
contents: write
pull-requests: read
packages: write
env:
OCI_REGISTRY: ghcr.io
jobs:
gate:
runs-on: ubuntu-latest
outputs:
allow: ${{ steps.allow_manual.outputs.allow || steps.allow_push.outputs.allow }}
steps:
- name: Checkout
uses: actions/checkout@v6
- name: Allow manual run
id: allow_manual
if: ${{ github.event_name == 'workflow_dispatch' }}
run: echo "allow=true" >> "$GITHUB_OUTPUT"
- name: Check chart-bump label on merged PR
id: allow_push
if: ${{ github.event_name == 'push' }}
env:
GH_TOKEN: ${{ secrets.GITHUB_TOKEN }}
run: |
python tools/allow_chart_bump.py
publish:
needs: gate
runs-on: ubuntu-latest
if: ${{ needs.gate.outputs.allow == 'true' }}
steps:
- uses: actions/checkout@v6
with:
fetch-depth: 0
ref: ${{ inputs.ref || 'main' }}
- name: Setup Helm
uses: azure/setup-helm@v4
- name: Login to GHCR for Helm OCI
run: printf "%s" "${{ secrets.PR_AUTOMATION_TOKEN }}" | helm registry login ghcr.io -u "${{ github.actor }}" --password-stdin
- name: Determine chart version
id: meta
run: |
set -euo pipefail
INPUT_VER="${{ inputs.chart_version }}"
FILE_VER=$(awk '/^version:/ {print $2}' infrastructure/rag/Chart.yaml | tr -d "\"'")
CHART_VERSION="${INPUT_VER:-$FILE_VER}"
if [ -z "$CHART_VERSION" ]; then
echo "Could not determine chart version" >&2
exit 1
fi
echo "chart_version=$CHART_VERSION" >> $GITHUB_OUTPUT
- name: Verify chart version matches input (if provided)
env:
INPUT_VER: ${{ inputs.chart_version }}
FILE_VER: ${{ steps.meta.outputs.chart_version }}
run: |
if [ -n "$INPUT_VER" ] && [ "$INPUT_VER" != "$FILE_VER" ]; then
echo "Chart.yaml version ($FILE_VER) does not match input $INPUT_VER" >&2
exit 1
fi
- name: Package chart
run: |
set -euo pipefail
CHART_DIR="infrastructure/rag"
mkdir -p dist
helm dependency update "$CHART_DIR" || true
helm package "$CHART_DIR" --destination dist
ls -la dist
- name: Push chart to GHCR (OCI)
env:
CHART_VERSION: ${{ steps.meta.outputs.chart_version }}
run: |
set -euo pipefail
PKG=$(ls dist/*.tgz)
helm show chart "$PKG" | grep -E "^version: "
helm push "$PKG" oci://$OCI_REGISTRY/${{ github.repository_owner }}/charts
- name: Build Helm repo index for gh-pages
env:
CHART_VERSION: ${{ steps.meta.outputs.chart_version }}
run: |
set -euo pipefail
PKG=$(ls dist/*.tgz)
REPO="${GITHUB_REPOSITORY#*/}"
BASE_URL="https://${GITHUB_REPOSITORY_OWNER}.github.io/${REPO}"
if git ls-remote --exit-code origin gh-pages >/dev/null 2>&1; then
git fetch origin gh-pages:gh-pages
if git show gh-pages:index.yaml > dist/index.yaml 2>/dev/null; then
helm repo index dist --url "$BASE_URL" --merge dist/index.yaml
else
helm repo index dist --url "$BASE_URL"
fi
else
helm repo index dist --url "$BASE_URL"
fi
echo "Index generated for $BASE_URL"
- name: Allow chart archives in gh-pages
run: |
set -euo pipefail
printf "%s\n" ".DS_Store" > dist/.gitignore
- name: Publish Helm repo to gh-pages
uses: peaceiris/actions-gh-pages@v4
with:
github_token: ${{ secrets.GITHUB_TOKEN }}
publish_branch: gh-pages
publish_dir: dist
keep_files: true