Skip to content
Release Charts

Merge pull request #623 from itewk/feature/issue622 #391

Sign in to view logs

Merge pull request #623 from itewk/feature/issue622

Merge pull request #623 from itewk/feature/issue622 #391

Workflow file for this run

.github/workflows/release.yaml at 7e76f87
name: Release Charts
on:
push:
branches:
- main
paths-ignore:
- '.github/**'
- 'README.md'
# Declare default permissions as read only.
permissions: read-all
jobs:
release:
concurrency: staging_environment
runs-on: ubuntu-latest
env:
# renovate: datasource=github-releases depName=helm/helm
HELM_VERSION: v3.16.3
permissions:
contents: write
id-token: write
steps:
- name: Checkout
uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4
with:
fetch-depth: 0
- name: Configure Git
run: |
git config user.name "$GITHUB_ACTOR"
git config user.email "[email protected]"
- name: Install Helm
uses: azure/setup-helm@b9e51907a09c216f16ebe8536097933489208112 # v4.3.0
with:
version: ${{ env.HELM_VERSION }}
- name: Add dependency chart repos
run: |
helm repo add stable https://charts.helm.sh/stable
helm repo add incubator https://charts.helm.sh/incubator
- name: Run chart-releaser
uses: helm/chart-releaser-action@cae68fefc6b5f367a0275617c9f83181ba54714f # v1.7.0
env:
CR_TOKEN: "${{ secrets.GITHUB_TOKEN }}"
- name: Setup cosign
uses: sigstore/cosign-installer@d7d6bc7722e3daa8354c50bcb52f4837da5e9b6a # v3
- name: Cosign sign packaged chart and generate hashs
shell: bash
id: hash
run: |
packaged_charts=$(ls .cr-release-packages/*.tgz | xargs)
for chart in ${packaged_charts}; do
cosign sign-blob --yes ${chart}
done
echo "hashes=$(sha256sum ${packaged_charts} | base64 -w0)" >> "$GITHUB_OUTPUT"
outputs:
hashes: ${{ steps.hash.outputs.hashes }}
provenance:
needs: [release]
permissions:
actions: read
id-token: write
contents: write
uses: slsa-framework/slsa-github-generator/.github/workflows/[email protected] # v2.0.0
with:
base64-subjects: "${{ needs.release.outputs.hashes }}"