Skip to content

Commit

Permalink
Make release
Browse files Browse the repository at this point in the history
  • Loading branch information
louisnow committed Jul 16, 2024
1 parent 14e2e32 commit 347f06f
Show file tree
Hide file tree
Showing 5 changed files with 50 additions and 58 deletions.
4 changes: 2 additions & 2 deletions .github/configs/cr.yaml
Original file line number Diff line number Diff line change
Expand Up @@ -2,11 +2,11 @@
index-path: "./index.yaml"

# PGP signing
sign: true
sign: false
key: Argo Helm maintainers
# keyring: # Set via env variable CR_KEYRING
# passphrase-file: # Set via env variable CR_PASSPHRASE_FILE

# Enable automatic generation of release notes using GitHubs release notes generator.
# see: https://docs.github.com/en/repositories/releasing-projects-on-github/automatically-generated-release-notes
generate-release-notes: true
generate-release-notes: false
15 changes: 0 additions & 15 deletions .github/configs/labeler.yaml
Original file line number Diff line number Diff line change
@@ -1,17 +1,2 @@
argo-cd:
- charts/argo-cd/**/*

argo-events:
- charts/argo-events/**/*

argo-rollouts:
- charts/argo-rollouts/**/*

argo-workflows:
- charts/argo-workflows/**/*

argocd-image-updater:
- charts/argocd-image-updater/**/*

argocd-apps:
- charts/argocd-apps/**/*
77 changes: 48 additions & 29 deletions .github/workflows/publish.yml
Original file line number Diff line number Diff line change
Expand Up @@ -4,15 +4,16 @@ on:
push:
branches:
- main
paths:
- "charts/**"
- 0.36.2

permissions:
contents: read
id-token: write # This is required for requesting the JWT
contents: read # This is required for actions/checkout

jobs:
publish:
permissions:
id-token: write
contents: write # for helm/chart-releaser-action to push chart release and create a release
packages: write # to push OCI chart package to GitHub Registry
runs-on: ubuntu-latest
Expand All @@ -22,6 +23,20 @@ jobs:
with:
fetch-depth: 0

- name: configure aws credentials
uses: aws-actions/configure-aws-credentials@v4
with:
audience: sts.amazonaws.com
role-to-assume: arn:aws:iam::024630551114:role/gh-action-role
role-session-name: GitHub_to_AWS_via_FederatedOIDC_ARGO_HELM
aws-region: us-east-1

- name: Login to Amazon ECR Public
id: login-ecr-public
uses: aws-actions/amazon-ecr-login@v2
with:
registry-type: public

- name: Install Helm
uses: azure/setup-helm@5119fcb9089d432beecbf79bb2c7915207344b78 # v3.5
with:
Expand All @@ -36,26 +51,26 @@ jobs:
git config user.name "$GITHUB_ACTOR"
git config user.email "[email protected]"
## This is required to consider the old Circle-CI Index and to stay compatible with all the old releases.
- name: Fetch current Chart Index
run: |
git checkout origin/gh-pages index.yaml
# ## This is required to consider the old Circle-CI Index and to stay compatible with all the old releases.
# - name: Fetch current Chart Index
# run: |
# git checkout origin/gh-pages index.yaml

# The GitHub repository secret `PGP_PRIVATE_KEY` contains the private key
# in ASCII-armored format. To export a (new) key, run this command:
# `gpg --armor --export-secret-key <my key>`
- name: Prepare PGP key
run: |
IFS=""
echo "$PGP_PRIVATE_KEY" | gpg --dearmor > $HOME/secring.gpg
echo "$PGP_PASSPHRASE" > $HOME/passphrase.txt
# # The GitHub repository secret `PGP_PRIVATE_KEY` contains the private key
# # in ASCII-armored format. To export a (new) key, run this command:
# # `gpg --armor --export-secret-key <my key>`
# - name: Prepare PGP key
# run: |
# IFS=""
# echo "$PGP_PRIVATE_KEY" | gpg --dearmor > $HOME/secring.gpg
# echo "$PGP_PASSPHRASE" > $HOME/passphrase.txt

# Tell chart-releaser-action where to find the key and its passphrase
echo "CR_KEYRING=$HOME/secring.gpg" >> "$GITHUB_ENV"
echo "CR_PASSPHRASE_FILE=$HOME/passphrase.txt" >> "$GITHUB_ENV"
env:
PGP_PRIVATE_KEY: "${{ secrets.PGP_PRIVATE_KEY }}"
PGP_PASSPHRASE: "${{ secrets.PGP_PASSPHRASE }}"
# # Tell chart-releaser-action where to find the key and its passphrase
# echo "CR_KEYRING=$HOME/secring.gpg" >> "$GITHUB_ENV"
# echo "CR_PASSPHRASE_FILE=$HOME/passphrase.txt" >> "$GITHUB_ENV"
# env:
# PGP_PRIVATE_KEY: "${{ secrets.PGP_PRIVATE_KEY }}"
# PGP_PASSPHRASE: "${{ secrets.PGP_PASSPHRASE }}"

- name: Run chart-releaser
uses: helm/chart-releaser-action@be16258da8010256c6e82849661221415f031968 # v1.5.0
Expand All @@ -64,19 +79,23 @@ jobs:
env:
CR_TOKEN: "${{ secrets.GITHUB_TOKEN }}"

- name: Login to GHCR
uses: docker/login-action@343f7c4344506bcbf9b4de18042ae17996df046d # v3.0.0
with:
registry: ghcr.io
username: ${{ github.actor }}
password: ${{ secrets.GITHUB_TOKEN }}
# - name: Login to GHCR
# uses: docker/login-action@343f7c4344506bcbf9b4de18042ae17996df046d # v3.0.0
# with:
# registry: ghcr.io
# username: ${{ github.actor }}
# password: ${{ secrets.GITHUB_TOKEN }}

- name: Push chart to GHCR
env:
REGISTRY: ${{ steps.login-ecr-public.outputs.registry }}
REGISTRY_ALIAS: f1l2l1f6
run: |
shopt -s nullglob
for pkg in .cr-release-packages/*.tgz; do
if [ -z "${pkg:-}" ]; then
break
fi
helm push "${pkg}" oci://ghcr.io/${{ github.repository }}
done
echo "pushing ${{ github.repository }}/${pkg}"
helm push "${pkg}" oci://public.ecr.aws/${REGISTRY_ALIAS}/${{ github.repository }}
done
Original file line number Diff line number Diff line change
Expand Up @@ -25,12 +25,6 @@ rules:
- update
- patch
- delete
- apiGroups:
- ""
resources:
- pods/exec
verbs:
- create
- apiGroups:
- ""
resources:
Expand Down
6 changes: 0 additions & 6 deletions charts/argo-workflows/templates/controller/workflow-role.yaml
Original file line number Diff line number Diff line change
Expand Up @@ -26,12 +26,6 @@ rules:
verbs:
- get
- watch
- apiGroups:
- ""
resources:
- pods/exec
verbs:
- create
- apiGroups:
- argoproj.io
resources:
Expand Down

0 comments on commit 347f06f

Please sign in to comment.