Check and Publish Helm Charts #34

Workflow file for this run

.github/workflows/weekly-scanner.yaml at 6cf12c1

	name: Check and Publish Helm Charts

	on:
	workflow_dispatch:
	schedule:
	- cron: '0 2 * * 1' # At 02:00 on Monday

	jobs:
	matrix-setup:
	runs-on: ubuntu-latest
	outputs:
	matrix: ${{ steps.matrix.outputs.matrix }}
	steps:
	- name: Checkout
	uses: actions/checkout@v4

	- name: Get Matrix
	id: matrix
	uses: Surnet/get-json-matrix@v2
	with:
	filepath: ./repositories.json

	check-and-publish-helm-charts:
	name: ${{ matrix.key }}
	needs: matrix-setup
	runs-on: ubuntu-latest
	strategy:
	matrix: ${{ fromJson(needs.matrix-setup.outputs.matrix) }}
	steps:
	- name: Set up Helm
	uses: azure/setup-helm@v4

	- name: ${{ matrix.key }} > Check if latest tag exist
	id: check-exist
	env:
	REPO_INFO: ${{ toJSON(matrix.value) }} # path to repositories, chart_paths, and tag_regex
	run: \|
	set -x
	set +e
	OCI_REGISTRY='oci://registry-1.docker.io/ez4devcharts' # modify this if your registry differs

	# Ensure jq is installed
	sudo apt-get update && sudo apt-get install -y jq

	# Parse repo info
	REPO_NAME=${{ matrix.key }}
	CHART_PATH=$(echo $REPO_INFO \| jq -r '.chart_path')
	CHART_NAME=$(echo $REPO_INFO \| jq -r '.chart_name')
	TAG_REGEX=$(echo $REPO_INFO \| jq -r '.tag_regex')

	# Fetch latest tag matching the regex
	git ls-remote --tags https://github.com/$REPO_NAME.git \| grep -oP 'refs/.*' > tags_refs.txt
	LATEST_TAG=$(grep -oP "$TAG_REGEX" ./tags_refs.txt \| sort -rV \| head -n1)
	TAG_REF=$(grep $LATEST_TAG ./tags_refs.txt)
	echo "tag-ref=$TAG_REF" >> $GITHUB_OUTPUT

	# Check if Helm chart is published
	helm show chart "$OCI_REGISTRY/$CHART_NAME" --version "$LATEST_TAG" &> /dev/null
	if [ $? -ne 0 ]; then
	echo "helm-ver=$LATEST_TAG" >> $GITHUB_OUTPUT
	else
	echo "Tag $LATEST_TAG exists already. Stop here!"
	fi
	shell: bash

	- name: Clone repo ${{ matrix.key }}
	if: steps.check-exist.outputs.helm-ver != ''
	uses: actions/checkout@v4
	with:
	repository: ${{ matrix.key }}
	ref: ${{ steps.check-exist.outputs.tag-ref }}
	path: ./target_repo

	- name: Login to OCI registry
	if: steps.check-exist.outputs.helm-ver != ''
	run: \|
	helm registry login \
	--username ${{ secrets.DOCKER_USERNAME }} \
	--password ${{ secrets.DOCKER_PASSWORD }} \
	registry-1.docker.io

	- name: Publish chart ${{ matrix.key }}
	if: steps.check-exist.outputs.helm-ver != ''
	env:
	REPO_INFO: ${{ toJSON(matrix.value) }} # path to repositories, chart_paths, and tag_regex
	REPO_NAME: ${{ matrix.key }}
	LATEST_TAG: ${{ steps.check-exist.outputs.helm-ver }}
	run: \|
	set -x
	OCI_REGISTRY='oci://registry-1.docker.io/ez4devcharts' # modify this if your registry differs

	# Parse repo info
	CHART_PATH=$(echo $REPO_INFO \| jq -r '.chart_path')
	CHART_NAME=$(echo $REPO_INFO \| jq -r '.chart_name')

	# Pack and push the chart
	echo "Packaging and pushing the chart for $CHART_NAME with tag $LATEST_TAG"
	helm dep build target_repo/$CHART_PATH
	helm package target_repo/$CHART_PATH --version $LATEST_TAG
	CHART_FILE=$CHART_NAME-$LATEST_TAG.tgz
	helm push $CHART_FILE $OCI_REGISTRY

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Check and Publish Helm Charts #34

Workflow file

Check and Publish Helm Charts #34

Jobs

Run details

Workflow file for this run