Skip to content

Merge pull request #509 from redhat-cop/renovate/docker.io-redis-7.2 #365

Merge pull request #509 from redhat-cop/renovate/docker.io-redis-7.2

Merge pull request #509 from redhat-cop/renovate/docker.io-redis-7.2 #365

Workflow file for this run

name: Release Charts
on:
push:
branches:
- main
paths-ignore:
- '.github/**'
- 'README.md'
# Declare default permissions as read only.
permissions: read-all
jobs:
release:
concurrency: staging_environment
runs-on: ubuntu-latest
env:
# renovate: datasource=github-releases depName=helm/helm
HELM_VERSION: v3.15.0
permissions:
contents: write
id-token: write
steps:
- name: Checkout
uses: actions/checkout@a5ac7e51b41094c92402da3b24376905380afc29 # v4
with:
fetch-depth: 0
- name: Configure Git
run: |
git config user.name "$GITHUB_ACTOR"
git config user.email "[email protected]"
- name: Install Helm
uses: azure/setup-helm@fe7b79cd5ee1e45176fcad797de68ecaf3ca4814 # v4.2.0
with:
version: ${{ env.HELM_VERSION }}
- name: Add dependency chart repos
run: |
helm repo add stable https://charts.helm.sh/stable
helm repo add incubator https://charts.helm.sh/incubator
- name: Run chart-releaser
uses: helm/chart-releaser-action@a917fd15b20e8b64b94d9158ad54cd6345335584 # v1.6.0
env:
CR_TOKEN: "${{ secrets.GITHUB_TOKEN }}"
- name: Setup cosign
uses: sigstore/cosign-installer@59acb6260d9c0ba8f4a2f9d9b48431a222b68e20 # v3
- name: Cosign sign packaged chart and generate hashs
shell: bash
id: hash
run: |
packaged_charts=$(ls .cr-release-packages/*.tgz | xargs)
for chart in ${packaged_charts}; do
cosign sign-blob --yes ${chart}
done
echo "hashes=$(sha256sum ${packaged_charts} | base64 -w0)" >> "$GITHUB_OUTPUT"
outputs:
hashes: ${{ steps.hash.outputs.hashes }}
provenance:
needs: [release]
permissions:
actions: read
id-token: write
contents: write
uses: slsa-framework/slsa-github-generator/.github/workflows/[email protected] # v2.0.0
with:
base64-subjects: "${{ needs.release.outputs.hashes }}"