From 993afe3cc8182ce289f10e89b6c9b884ebea6012 Mon Sep 17 00:00:00 2001 From: asdfgugus <96517369+asdfgugus@users.noreply.github.com> Date: Mon, 29 Jul 2024 23:49:22 +0200 Subject: [PATCH 1/4] feat(artifacthub): push artifacthub-repo.yml file to oci repository (#216) Signed-off-by: asdfgugus --- .github/workflows/publish.yml | 8 ++++++++ artifacthub-repo.yml | 13 +++++++++++++ 2 files changed, 21 insertions(+) create mode 100644 artifacthub-repo.yml diff --git a/.github/workflows/publish.yml b/.github/workflows/publish.yml index f14722b..fa40946 100644 --- a/.github/workflows/publish.yml +++ b/.github/workflows/publish.yml @@ -65,3 +65,11 @@ jobs: helm push "${pkg}" oci://ghcr.io/"${GITHUB_REPOSITORY_OWNER}"/charts |& tee .digest cosign sign $(cat .digest | awk -F "[, ]+" '/Pushed/{print $NF}') done + - uses: oras-project/setup-oras@v1 + with: + version: 1.2.0 + - name: Push chart to GHCR + run: | + oras push ghcr.io/"${GITHUB_REPOSITORY_OWNER}"/charts/opencost \ + --config /dev/null:application/vnd.cncf.artifacthub.config.v1+yaml \ + artifacthub-repo.yml:application/vnd.cncf.artifacthub.repository-metadata.layer.v1.yaml diff --git a/artifacthub-repo.yml b/artifacthub-repo.yml new file mode 100644 index 0000000..4a78f9f --- /dev/null +++ b/artifacthub-repo.yml @@ -0,0 +1,13 @@ +# Artifact Hub repository metadata file +# +# Some settings like the verified publisher flag or the ignored packages won't +# be applied until the next time the repository is processed. Please keep in +# mind that the repository won't be processed if it has not changed since the +# last time it was processed. Depending on the repository kind, this is checked +# in a different way. For Helm http based repositories, we consider it has +# changed if the `index.yaml` file changes. For git based repositories, it does +# when the hash of the last commit in the branch you set up changes. This does +# NOT apply to ownership claim operations, which are processed immediately. +# +# Repository: opencost-oci +repositoryID: fc0e734e-ecc9-4351-96e6-0c8934a1b8b1 From ce6477838cff8d298eaa399dbb72bc20fdb2a401 Mon Sep 17 00:00:00 2001 From: Dennis Haney Date: Tue, 30 Jul 2024 15:45:19 +0700 Subject: [PATCH 2/4] docs: add comment about direct access to mimir (#217) Signed-off-by: Dennis Haney --- charts/opencost/values.yaml | 2 ++ 1 file changed, 2 insertions(+) diff --git a/charts/opencost/values.yaml b/charts/opencost/values.yaml index b9b7ffa..ed1ce77 100644 --- a/charts/opencost/values.yaml +++ b/charts/opencost/values.yaml @@ -220,6 +220,8 @@ opencost: # -- Any extra environment variables you would like to pass on to the pod extraEnv: {} # FOO: BAR + # For example, if accessing mimir directly and getting 401 Unauthorized + # PROMETHEUS_HEADER_X_SCOPE_ORGID: anonymous customPricing: # -- Enables custom pricing configuration enabled: false From 1af944e48bb13e3050956d063d118a20b4daba6b Mon Sep 17 00:00:00 2001 From: kranurag7 <81210977+kranurag7@users.noreply.github.com> Date: Tue, 30 Jul 2024 14:27:21 +0530 Subject: [PATCH 3/4] fix helm chart publish workflow (#220) uses SHAs for pinning third party action workflows. Signed-off-by: kranurag7 <81210977+kranurag7@users.noreply.github.com> Co-authored-by: Matt Ray --- .github/workflows/helm-test.yml | 10 +++++----- .github/workflows/publish.yml | 13 +++++++------ .github/workflows/stale.yml | 2 +- 3 files changed, 13 insertions(+), 12 deletions(-) diff --git a/.github/workflows/helm-test.yml b/.github/workflows/helm-test.yml index d12bdb6..2e3fa00 100644 --- a/.github/workflows/helm-test.yml +++ b/.github/workflows/helm-test.yml @@ -18,21 +18,21 @@ jobs: runs-on: ubuntu-latest steps: - name: Checkout - uses: actions/checkout@v4 + uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332 # v4 with: fetch-depth: 0 - - uses: azure/setup-helm@v3 + - uses: azure/setup-helm@5119fcb9089d432beecbf79bb2c7915207344b78 # v3 with: version: 'v3.15.2' - - uses: actions/setup-python@v4 + - uses: actions/setup-python@65d7f2d534ac1bc67fcd62888c5f4f3d2cb2b236 # v4 with: python-version: '3.9' check-latest: true - name: Set up chart-testing - uses: helm/chart-testing-action@v2.6.1 + uses: helm/chart-testing-action@e6669bcd63d7cb57cb4380c33043eebe5d111992 # v2.6.1 - name: List changed charts id: list-changed @@ -49,7 +49,7 @@ jobs: run: ct lint --debug --config ./.github/configs/ct.yaml --lint-conf ./.github/configs/lintconf.yaml - name: Create kind cluster - uses: helm/kind-action@v1.10.0 + uses: helm/kind-action@0025e74a8c7512023d06dc019c617aa3cf561fde # v1.10.0 if: steps.list-changed.outputs.changed == 'true' - name: Run chart-testing (install) diff --git a/.github/workflows/publish.yml b/.github/workflows/publish.yml index fa40946..c9d7eff 100644 --- a/.github/workflows/publish.yml +++ b/.github/workflows/publish.yml @@ -18,12 +18,12 @@ jobs: runs-on: ubuntu-latest steps: - name: Checkout - uses: actions/checkout@v4 + uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332 # v4 with: fetch-depth: 0 - name: Install Helm - uses: azure/setup-helm@v3 + uses: azure/setup-helm@5119fcb9089d432beecbf79bb2c7915207344b78 # v3 - name: Configure Git run: | @@ -39,20 +39,21 @@ jobs: run: | helm-docs . - name: Login to GHCR - uses: docker/login-action@v3 + uses: docker/login-action@9780b0c442fbb1117ed29e0efdff1e18412f7567 # v3 with: registry: ghcr.io username: ${ GITHUB_REPOSITORY_OWNER } password: ${{ secrets.GITHUB_TOKEN }} - name: Run chart-releaser - uses: helm/chart-releaser-action@1.6.0 + uses: helm/chart-releaser-action@a917fd15b20e8b64b94d9158ad54cd6345335584 # v1.6.0 with: charts_dir: charts config: './.github/configs/cr.yaml' env: CR_TOKEN: '${{ secrets.GITHUB_TOKEN }}' CR_RELEASE_NAME_TEMPLATE: '{{ .Version }}-helm' - - uses: sigstore/cosign-installer@3.5.0 + + - uses: sigstore/cosign-installer@59acb6260d9c0ba8f4a2f9d9b48431a222b68e20 # v3.5.0 - name: Push chart to GHCR env: COSIGN_EXPERIMENTAL: 1 @@ -65,7 +66,7 @@ jobs: helm push "${pkg}" oci://ghcr.io/"${GITHUB_REPOSITORY_OWNER}"/charts |& tee .digest cosign sign $(cat .digest | awk -F "[, ]+" '/Pushed/{print $NF}') done - - uses: oras-project/setup-oras@v1 + - uses: oras-project/setup-oras@ca28077386065e263c03428f4ae0c09024817c93 # v1 with: version: 1.2.0 - name: Push chart to GHCR diff --git a/.github/workflows/stale.yml b/.github/workflows/stale.yml index 275414c..05712a3 100644 --- a/.github/workflows/stale.yml +++ b/.github/workflows/stale.yml @@ -7,7 +7,7 @@ jobs: stale: runs-on: ubuntu-latest steps: - - uses: actions/stale@v8 + - uses: actions/stale@1160a2240286f5da8ec72b1c0816ce2481aabf84 # v8 with: stale-issue-message: 'This issue has been marked as stale because it has been open for 180 days with no activity. Please remove the stale label or comment or this issue will be closed in 5 days.' close-issue-message: 'This issue was closed because it has been inactive for 185 days with no activity.' From f31732b3d8898b7b480e9fb2f74777aaf4375901 Mon Sep 17 00:00:00 2001 From: kranurag7 <81210977+kranurag7@users.noreply.github.com> Date: Wed, 31 Jul 2024 11:17:13 +0530 Subject: [PATCH 4/4] fix cosign signing issue (#221) we don't need experimental anymore, we are using latest cosign here. Signed-off-by: kranurag7 <81210977+kranurag7@users.noreply.github.com> --- .github/workflows/publish.yml | 4 +--- 1 file changed, 1 insertion(+), 3 deletions(-) diff --git a/.github/workflows/publish.yml b/.github/workflows/publish.yml index c9d7eff..d764026 100644 --- a/.github/workflows/publish.yml +++ b/.github/workflows/publish.yml @@ -55,8 +55,6 @@ jobs: - uses: sigstore/cosign-installer@59acb6260d9c0ba8f4a2f9d9b48431a222b68e20 # v3.5.0 - name: Push chart to GHCR - env: - COSIGN_EXPERIMENTAL: 1 run: | shopt -s nullglob for pkg in .cr-release-packages/*; do @@ -64,7 +62,7 @@ jobs: break fi helm push "${pkg}" oci://ghcr.io/"${GITHUB_REPOSITORY_OWNER}"/charts |& tee .digest - cosign sign $(cat .digest | awk -F "[, ]+" '/Pushed/{print $NF}') + cosign sign --yes $(cat .digest | awk -F "[, ]+" '/Pushed/{print $NF}') done - uses: oras-project/setup-oras@ca28077386065e263c03428f4ae0c09024817c93 # v1 with: