Skip to content

Commit 1cabc31

Browse files
peppescgclaude
peppescg
and
claude
committed
fix(ci): update checkout action and improve cosign error handling
- Update checkout action to v5.0.1 SHA matching repo standard - Add strict error handling with set -euo pipefail - Fix stderr/stdout redirection for better portability - Add digest extraction validation with helpful error output Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
1 parent ee69107 commit 1cabc31

1 file changed

Lines changed: 12 additions & 5 deletions

File tree

.github/workflows/releaser-helm-chart.yml

Lines changed: 12 additions & 5 deletions
Original file line numberDiff line numberDiff line change
@@ -47,7 +47,7 @@ jobs:
4747

4848
steps:
4949
- name: Checkout
50-
uses: actions/checkout@8e8c483db84b4bee98b60c0593521ed34d9990e8 # v6
50+
uses: actions/checkout@93cb6efe18208431cddfb8368fd83d5badbf9bfd # v5.0.1
5151

5252
- name: Set up Helm
5353
uses: azure/setup-helm@1a275c3b69536ee54be43f2070a358922e12c8d4 # v4.3.1
@@ -85,15 +85,22 @@ jobs:
8585
8686
- name: Push and Sign Helm Chart to OCI
8787
run: |
88+
set -euo pipefail
8889
for chart in .helm-packages/*.tgz; do
8990
echo "Pushing ${chart} to OCI registry..."
90-
helm push "${chart}" oci://${{ env.REGISTRY_PATH }} |& tee helm-push-output.log
91-
91+
helm push "${chart}" oci://${{ env.REGISTRY_PATH }} 2>&1 | tee helm-push-output.log
92+
9293
# Extract chart name and digest for signing
9394
file_name="${chart##*/}"
9495
chart_name="${file_name%-*}"
95-
digest=$(awk -F "[, ]+" '/Digest/{print $NF}' < helm-push-output.log)
96-
96+
digest=$(grep -oP 'Digest: \K\S+' helm-push-output.log)
97+
98+
if [[ -z "$digest" ]]; then
99+
echo "ERROR: Failed to extract digest from helm push output"
100+
cat helm-push-output.log
101+
exit 1
102+
fi
103+
97104
echo "Signing chart: ${{ env.REGISTRY_PATH }}/${chart_name}@${digest}"
98105
cosign sign -y "${{ env.REGISTRY_PATH }}/${chart_name}@${digest}"
99106
done

0 commit comments

Comments
 (0)