Skip to content
Release helm chart

fix: unknown object type "nil" error in Kubernetes <= v1.24 (#537) #404

Sign in to view logs

fix: unknown object type "nil" error in Kubernetes <= v1.24 (#537)

fix: unknown object type "nil" error in Kubernetes <= v1.24 (#537) #404

Workflow file for this run

.github/workflows/helm-chart-release.yml at 5be967f
# This action releases the kubewarden-controller helm chart
# The action must run on each commit done against master, however
# a new release will be performed **only** when a change occurs inside
# of the `charts` directory.
#
# When the helm chart is changed, this action will:
# * Create a new GitHub release named: kubwarden-controller-chart
# * This release has a kubwarden-controller-chart.tar.gz asset associated with
# it. This is the actual helm chart
# * Update the `index.yaml` file inside of the `gh-pages` branch. This is the
# index of the helm chart repository, which we serve through GitHub pages
# * Update the docs shown https://charts.kubewarden.io, on the `gh-pages`
# branch. This is the README files of the chart(s), served also through
# GitHub pages
#
# = FAQ
#
# == Why don't we run this action only when a tag like `v*` is created?
#
# Running the action only when a "release tag" is created will not produce
# a helm chart. That happens because the code which determines if something
# changed inside of the `charts` directory will not find any changes.
#
# == The action is just a "wrapper" around the official `github.com/helm/chart-releaser` tool, can't we just create our own action?
#
# Yes, we even got that to work. However, what we really want to do is the
# ability to tag the releases of the kubewarden-controller and its helm chart
# in an independent way. Which what the official GitHub action already does.
name: Release helm chart
on:
push:
branches:
- main
jobs:
release:
runs-on: ubuntu-latest
permissions:
id-token: write
packages: write
contents: write
steps:
- name: Checkout
uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332 # v4.1.7
with:
fetch-depth: 0
- name: Configure Git
run: |
git config user.name "$GITHUB_ACTOR"
git config user.email "[email protected]"
- name: Check that the contents of common-values.yaml are included in values.yaml
run: |
make check-common-values
- name: Install Helm
uses: azure/setup-helm@5119fcb9089d432beecbf79bb2c7915207344b78 # v3.5
with:
version: v3.8.0
- name: Install cosign
uses: sigstore/cosign-installer@4959ce089c160fddf62f7b42464195ba1a56d382 # v3.6.0
- name: Generate container image files
run: |
make generate-images-file
- name: Generate policies files
run: |
make generate-policies-file
- name: Generate changelog files
env:
GH_TOKEN: ${{ secrets.GITHUB_TOKEN }}
run: |
make generate-changelog-files
- name: Add dependency repo required to release the controller chart
run: |
helm repo add policy-reporter https://kyverno.github.io/policy-reporter
helm repo update
- name: Run chart-releaser
uses: helm/chart-releaser-action@a917fd15b20e8b64b94d9158ad54cd6345335584 # v1.6.0
with:
charts_dir: charts
env:
CR_TOKEN: "${{ secrets.GITHUB_TOKEN }}"
CR_SKIP_EXISTING: true
- name: Prepare GH pages readme
run: |
mkdir -p ./to-gh-pages
cat charts/kubewarden-controller/README.md >> charts/README.md
echo >> charts/README.md
cat charts/kubewarden-defaults/README.md >> charts/README.md
echo >> charts/README.md
cat charts/kubewarden-crds/README.md >> charts/README.md
cp -f charts/README.md ./to-gh-pages/
cp -f artifacthub-repo.yml ./to-gh-pages/
- name: Deploy readme to GH pages
uses: peaceiris/actions-gh-pages@4f9cc6602d3f66b9c108549d475ec49e8ef4d45e # v4.0.0
with:
github_token: ${{ secrets.GITHUB_TOKEN }}
publish_dir: ./to-gh-pages
keep_files: true
enable_jekyll: true
- name: Upload images and policies file
shell: bash
env:
GH_TOKEN: ${{ secrets.GITHUB_TOKEN }}
run: |
set -e
# .cr-release-packages is the directory used by the Helm releaser from a previous step
chart_directory=.cr-release-packages
if [ ! -d "$chart_directory" ]; then
echo "$chart_directory does not exist. Assuming no charts update"
exit 0
fi
charts=$(find ./charts -maxdepth 1 -mindepth 1 -type d)
asset_name=""
for chart in $charts; do
chart_name=$(helm show chart $chart | yq -r '.name' )
chart_version=$(helm show chart $chart | yq -r '.version')
asset_name="${asset_name}_${chart_name}-${chart_version}"
done
image_asset_name="${asset_name:1}_images.txt"
cp imagelist.txt $image_asset_name
charts=$(find $chart_directory -maxdepth 1 -mindepth 1 -type f)
for chart in $charts; do
chart_name=$(helm show chart $chart | yq -r '.name' )
chart_version=$(helm show chart $chart | yq -r '.version')
if [[ $chart_name != *"-crds" ]]; then
gh release upload $chart_name-$chart_version $image_asset_name --clobber
fi
if [[ $chart_name == *"-defaults" ]]; then
cp "./charts/kubewarden-defaults/policylist.txt" "./charts/kubewarden-defaults/${asset_name:1}_policylist.txt"
gh release upload $chart_name-$chart_version "./charts/kubewarden-defaults/${asset_name:1}_policylist.txt" --clobber
fi
done
- name: Login to GitHub Container Registry
uses: docker/login-action@9780b0c442fbb1117ed29e0efdff1e18412f7567 # v3.3.0
with:
registry: ghcr.io
username: ${{ github.repository_owner }}
password: ${{ secrets.GITHUB_TOKEN }}
- name: Generate, sign and publish charts in OCI registry
shell: bash
run: |
set -e
# .cr-release-packages is the directory used by the Helm releaser from a previous step
chart_directory=.cr-release-packages
if [ ! -d "$chart_directory" ]; then
echo "$chart_directory does not exist. Assuming no charts update"
exit 0
fi
REGISTRY="ghcr.io/$GITHUB_REPOSITORY_OWNER"
charts=$(find $chart_directory -maxdepth 1 -mindepth 1 -type f)
for chart in $charts; do
chart_name=$(helm show chart $chart | yq '.name' | sed 's/"//g')
chart_version=$(helm show chart $chart | yq '.version' | sed 's/"//g')
package_file=".cr-release-packages/$chart_name-$chart_version.tgz"
push_output=$(helm push $package_file "oci://$REGISTRY/charts")
chart_url=$(echo $push_output | sed -n 's/Pushed: \(.*\):.* Digest: \(.*\)$/\1\@\2/p')
cosign sign --yes "$chart_url"
done