From d445e32de6ae2e68f2fdcaa6fbfda706c7c3bb81 Mon Sep 17 00:00:00 2001 From: Ilyes Ben Dlala Date: Tue, 28 Nov 2023 11:40:57 +0100 Subject: [PATCH 01/11] internal#145 Add GitHub Actions workflow for releasing Helm charts to GHCR Signed-off-by: Ilyes Ben Dlala --- .../workflows/helm-charts-release-ghcr.yaml | 57 +++++++++++++++++++ 1 file changed, 57 insertions(+) create mode 100644 .github/workflows/helm-charts-release-ghcr.yaml diff --git a/.github/workflows/helm-charts-release-ghcr.yaml b/.github/workflows/helm-charts-release-ghcr.yaml new file mode 100644 index 0000000000..6df9a07d37 --- /dev/null +++ b/.github/workflows/helm-charts-release-ghcr.yaml @@ -0,0 +1,57 @@ +# SPDX-FileCopyrightText: the secureCodeBox authors +# +# SPDX-License-Identifier: Apache-2.0 + +# The CI runs on ubuntu-22.04; More info about the installed software is found here: +# https://github.com/actions/runner-images/blob/main/images/linux/Ubuntu2204-Readme.md + +on: + release: + types: [published] + push: # TODO Remove after testing + +name: "WIP" +env: + CONTAINER_REGISTRY: ghcr.io/securecodebox + HELM_VERSION: "v3.12.2" +jobs: + GHCR-Helm-Release: + name: "Publish Helm Charts to GHCR" + runs-on: ubuntu-22.04 + steps: + - uses: actions/checkout@v3 + with: + token: ${{ secrets.SCB_BOT_USER_TOKEN }} + + - name: Parse Release Version + run: | + RELEASE_VERSION="${GITHUB_REF#refs/*/}" + # Remove leading 'v' from git tag to create valid semver + RELEASE_VERSION="${RELEASE_VERSION//v}" + echo "version=$RELEASE_VERSION" >> "$GITHUB_ENV" + + - name: Install Helm + run: | + curl -Lo ./helm.tar.gz https://get.helm.sh/helm-${{ env.HELM_VERSION }}-linux-amd64.tar.gz + tar -xzf ./helm.tar.gz + chmod +x ./linux-amd64/helm + sudo mv ./linux-amd64/helm /usr/local/bin/helm + helm version + + - name: "Login to Package Registry" + run: 'echo "${{ secrets.SCB_BOT_USER_TOKEN }}" | helm registry login --username ${{ github.actor }} --password-stdin ${{ env.CONTAINER_REGISTRY }}' + + - name: "Package and Push Helm Charts to GHCR" + run: | + find . -type f -name Chart.yaml -not -path "./.templates/*" -print0 | while IFS= read -r -d '' chart; do + ( + dir="$(dirname "${chart}")" + cd "${dir}" || exit + echo "Processing Helm Chart in $dir" + NAME=$(yq eval '.name' - < Chart.yaml) + + helm package --version "${{ env.version }}" . + + helm push "${NAME}-${{ env.version }}.tgz" oci://$CONTAINER_REGISTRY/${NAME}/helm + ) + done \ No newline at end of file From 93d96c4e8a08aa5448c902b64386428f3d0a9fab Mon Sep 17 00:00:00 2001 From: Ilyes Ben Dlala Date: Tue, 28 Nov 2023 11:54:24 +0100 Subject: [PATCH 02/11] internal#145 Change Package Registry login to use the SCB-Bot Signed-off-by: Ilyes Ben Dlala --- .github/workflows/helm-charts-release-ghcr.yaml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/workflows/helm-charts-release-ghcr.yaml b/.github/workflows/helm-charts-release-ghcr.yaml index 6df9a07d37..6dc180920d 100644 --- a/.github/workflows/helm-charts-release-ghcr.yaml +++ b/.github/workflows/helm-charts-release-ghcr.yaml @@ -39,7 +39,7 @@ jobs: helm version - name: "Login to Package Registry" - run: 'echo "${{ secrets.SCB_BOT_USER_TOKEN }}" | helm registry login --username ${{ github.actor }} --password-stdin ${{ env.CONTAINER_REGISTRY }}' + run: 'echo "${{ secrets.SCB_BOT_USER_TOKEN }}" | helm registry login --username secureCodeBoxBot --password-stdin ${{ env.CONTAINER_REGISTRY }}' - name: "Package and Push Helm Charts to GHCR" run: | From eaa47bd088e2b8272c8b7b95c9c3c3a88dceae01 Mon Sep 17 00:00:00 2001 From: Ilyes Ben Dlala Date: Tue, 28 Nov 2023 11:58:47 +0100 Subject: [PATCH 03/11] internal#145 Set RELEASE_VERSION to v3.1.0-alpha1 for testing Signed-off-by: Ilyes Ben Dlala --- .github/workflows/helm-charts-release-ghcr.yaml | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/.github/workflows/helm-charts-release-ghcr.yaml b/.github/workflows/helm-charts-release-ghcr.yaml index 6dc180920d..323d2f6a3b 100644 --- a/.github/workflows/helm-charts-release-ghcr.yaml +++ b/.github/workflows/helm-charts-release-ghcr.yaml @@ -28,7 +28,8 @@ jobs: RELEASE_VERSION="${GITHUB_REF#refs/*/}" # Remove leading 'v' from git tag to create valid semver RELEASE_VERSION="${RELEASE_VERSION//v}" - echo "version=$RELEASE_VERSION" >> "$GITHUB_ENV" + #echo "version=$RELEASE_VERSION" >> "$GITHUB_ENV" + echo "version=v3.1.0-alpha1" >> "$GITHUB_ENV" # TODO Remove after testing - name: Install Helm run: | From 99d0ce2e922d88f53a65fc46737665c833054637 Mon Sep 17 00:00:00 2001 From: Ilyes Ben Dlala Date: Tue, 28 Nov 2023 13:34:33 +0100 Subject: [PATCH 04/11] internal#145 Add permissions for GHCR packages Signed-off-by: Ilyes Ben Dlala --- .github/workflows/helm-charts-release-ghcr.yaml | 3 +++ 1 file changed, 3 insertions(+) diff --git a/.github/workflows/helm-charts-release-ghcr.yaml b/.github/workflows/helm-charts-release-ghcr.yaml index 323d2f6a3b..2fe7f7c628 100644 --- a/.github/workflows/helm-charts-release-ghcr.yaml +++ b/.github/workflows/helm-charts-release-ghcr.yaml @@ -18,6 +18,9 @@ jobs: GHCR-Helm-Release: name: "Publish Helm Charts to GHCR" runs-on: ubuntu-22.04 + permissions: + contents: read + packages: write steps: - uses: actions/checkout@v3 with: From 120d8cf8d72329861d0d3cc6c449f382a830f1b2 Mon Sep 17 00:00:00 2001 From: Ilyes Ben Dlala Date: Tue, 28 Nov 2023 14:22:21 +0100 Subject: [PATCH 05/11] internal#145 Changed login command in GHCR-Helm-Release to use github-actions user Signed-off-by: Ilyes Ben Dlala --- .github/workflows/helm-charts-release-ghcr.yaml | 4 +--- 1 file changed, 1 insertion(+), 3 deletions(-) diff --git a/.github/workflows/helm-charts-release-ghcr.yaml b/.github/workflows/helm-charts-release-ghcr.yaml index 2fe7f7c628..606cf22d83 100644 --- a/.github/workflows/helm-charts-release-ghcr.yaml +++ b/.github/workflows/helm-charts-release-ghcr.yaml @@ -23,8 +23,6 @@ jobs: packages: write steps: - uses: actions/checkout@v3 - with: - token: ${{ secrets.SCB_BOT_USER_TOKEN }} - name: Parse Release Version run: | @@ -43,7 +41,7 @@ jobs: helm version - name: "Login to Package Registry" - run: 'echo "${{ secrets.SCB_BOT_USER_TOKEN }}" | helm registry login --username secureCodeBoxBot --password-stdin ${{ env.CONTAINER_REGISTRY }}' + run: 'echo "${{ secrets.GITHUB_TOKEN }}" | helm registry login --username ${{ github.actor }} --password-stdin ${{ env.CONTAINER_REGISTRY }}' - name: "Package and Push Helm Charts to GHCR" run: | From 62fb72e891cf0b63f969cb6e259e4b0463f8050b Mon Sep 17 00:00:00 2001 From: Ilyes Ben Dlala Date: Tue, 28 Nov 2023 15:02:16 +0100 Subject: [PATCH 06/11] internal#145 Update helm push destination This is done to keep the same format as our non-GHCR repo (https://charts.securecodebox.io) Signed-off-by: Ilyes Ben Dlala --- .github/workflows/helm-charts-release-ghcr.yaml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/workflows/helm-charts-release-ghcr.yaml b/.github/workflows/helm-charts-release-ghcr.yaml index 606cf22d83..8714f6d588 100644 --- a/.github/workflows/helm-charts-release-ghcr.yaml +++ b/.github/workflows/helm-charts-release-ghcr.yaml @@ -54,6 +54,6 @@ jobs: helm package --version "${{ env.version }}" . - helm push "${NAME}-${{ env.version }}.tgz" oci://$CONTAINER_REGISTRY/${NAME}/helm + helm push "${NAME}-${{ env.version }}.tgz" oci://$CONTAINER_REGISTRY/ ) done \ No newline at end of file From 6da8d3c092662c1032b20f39388601b7f6057824 Mon Sep 17 00:00:00 2001 From: Ilyes Ben Dlala Date: Tue, 28 Nov 2023 15:38:26 +0100 Subject: [PATCH 07/11] internal#145 Removed Workaround used for testing Signed-off-by: Ilyes Ben Dlala --- .github/workflows/helm-charts-release-ghcr.yaml | 6 ++---- 1 file changed, 2 insertions(+), 4 deletions(-) diff --git a/.github/workflows/helm-charts-release-ghcr.yaml b/.github/workflows/helm-charts-release-ghcr.yaml index 8714f6d588..b4bad6d7e5 100644 --- a/.github/workflows/helm-charts-release-ghcr.yaml +++ b/.github/workflows/helm-charts-release-ghcr.yaml @@ -8,9 +8,8 @@ on: release: types: [published] - push: # TODO Remove after testing -name: "WIP" +name: "Publish Helm Charts to GHCR" env: CONTAINER_REGISTRY: ghcr.io/securecodebox HELM_VERSION: "v3.12.2" @@ -29,8 +28,7 @@ jobs: RELEASE_VERSION="${GITHUB_REF#refs/*/}" # Remove leading 'v' from git tag to create valid semver RELEASE_VERSION="${RELEASE_VERSION//v}" - #echo "version=$RELEASE_VERSION" >> "$GITHUB_ENV" - echo "version=v3.1.0-alpha1" >> "$GITHUB_ENV" # TODO Remove after testing + echo "version=$RELEASE_VERSION" >> "$GITHUB_ENV" - name: Install Helm run: | From 498dd0fa19186af0a61ecf198a5700f4f17d9c53 Mon Sep 17 00:00:00 2001 From: Ilyes Ben Dlala Date: Tue, 28 Nov 2023 15:39:01 +0100 Subject: [PATCH 08/11] internal#145 Changed registry name to fit with our branding Signed-off-by: Ilyes Ben Dlala --- .github/workflows/helm-charts-release-ghcr.yaml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/workflows/helm-charts-release-ghcr.yaml b/.github/workflows/helm-charts-release-ghcr.yaml index b4bad6d7e5..d50492065b 100644 --- a/.github/workflows/helm-charts-release-ghcr.yaml +++ b/.github/workflows/helm-charts-release-ghcr.yaml @@ -11,7 +11,7 @@ on: name: "Publish Helm Charts to GHCR" env: - CONTAINER_REGISTRY: ghcr.io/securecodebox + CONTAINER_REGISTRY: ghcr.io/secureCodeBox HELM_VERSION: "v3.12.2" jobs: GHCR-Helm-Release: From 97770cc56d9a0f17003e8bae002f7422eb2ca8f5 Mon Sep 17 00:00:00 2001 From: Ilyes Ben Dlala Date: Fri, 1 Dec 2023 14:03:34 +0100 Subject: [PATCH 09/11] internal#145 changed path of GHCR to allow distinct helm and docker packages to be uploaded Signed-off-by: Ilyes Ben Dlala --- .github/workflows/helm-charts-release-ghcr.yaml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/workflows/helm-charts-release-ghcr.yaml b/.github/workflows/helm-charts-release-ghcr.yaml index d50492065b..af8b1773f1 100644 --- a/.github/workflows/helm-charts-release-ghcr.yaml +++ b/.github/workflows/helm-charts-release-ghcr.yaml @@ -52,6 +52,6 @@ jobs: helm package --version "${{ env.version }}" . - helm push "${NAME}-${{ env.version }}.tgz" oci://$CONTAINER_REGISTRY/ + helm push "${NAME}-${{ env.version }}.tgz" oci://$CONTAINER_REGISTRY/helm/ ) done \ No newline at end of file From 5b865ee1c93ec02de49e94244546900ef4013acc Mon Sep 17 00:00:00 2001 From: Ilyes Ben Dlala Date: Fri, 1 Dec 2023 14:45:59 +0100 Subject: [PATCH 10/11] internal#145 Linted GHCR publish format Signed-off-by: Ilyes Ben Dlala --- .../workflows/helm-charts-release-ghcr.yaml | 88 +++++++++---------- 1 file changed, 44 insertions(+), 44 deletions(-) diff --git a/.github/workflows/helm-charts-release-ghcr.yaml b/.github/workflows/helm-charts-release-ghcr.yaml index af8b1773f1..d43ddcc90b 100644 --- a/.github/workflows/helm-charts-release-ghcr.yaml +++ b/.github/workflows/helm-charts-release-ghcr.yaml @@ -8,50 +8,50 @@ on: release: types: [published] - + name: "Publish Helm Charts to GHCR" env: - CONTAINER_REGISTRY: ghcr.io/secureCodeBox - HELM_VERSION: "v3.12.2" + CONTAINER_REGISTRY: ghcr.io/secureCodeBox + HELM_VERSION: "v3.12.2" jobs: - GHCR-Helm-Release: - name: "Publish Helm Charts to GHCR" - runs-on: ubuntu-22.04 - permissions: - contents: read - packages: write - steps: - - uses: actions/checkout@v3 - - - name: Parse Release Version - run: | - RELEASE_VERSION="${GITHUB_REF#refs/*/}" - # Remove leading 'v' from git tag to create valid semver - RELEASE_VERSION="${RELEASE_VERSION//v}" - echo "version=$RELEASE_VERSION" >> "$GITHUB_ENV" - - - name: Install Helm - run: | - curl -Lo ./helm.tar.gz https://get.helm.sh/helm-${{ env.HELM_VERSION }}-linux-amd64.tar.gz - tar -xzf ./helm.tar.gz - chmod +x ./linux-amd64/helm - sudo mv ./linux-amd64/helm /usr/local/bin/helm - helm version - - - name: "Login to Package Registry" - run: 'echo "${{ secrets.GITHUB_TOKEN }}" | helm registry login --username ${{ github.actor }} --password-stdin ${{ env.CONTAINER_REGISTRY }}' - - - name: "Package and Push Helm Charts to GHCR" - run: | - find . -type f -name Chart.yaml -not -path "./.templates/*" -print0 | while IFS= read -r -d '' chart; do - ( - dir="$(dirname "${chart}")" - cd "${dir}" || exit - echo "Processing Helm Chart in $dir" - NAME=$(yq eval '.name' - < Chart.yaml) - - helm package --version "${{ env.version }}" . - - helm push "${NAME}-${{ env.version }}.tgz" oci://$CONTAINER_REGISTRY/helm/ - ) - done \ No newline at end of file + GHCR-Helm-Release: + name: "Publish Helm Charts to GHCR" + runs-on: ubuntu-22.04 + permissions: + contents: read + packages: write + steps: + - uses: actions/checkout@v3 + + - name: Parse Release Version + run: | + RELEASE_VERSION="${GITHUB_REF#refs/*/}" + # Remove leading 'v' from git tag to create valid semver + RELEASE_VERSION="${RELEASE_VERSION//v}" + echo "version=$RELEASE_VERSION" >> "$GITHUB_ENV" + + - name: Install Helm + run: | + curl -Lo ./helm.tar.gz https://get.helm.sh/helm-${{ env.HELM_VERSION }}-linux-amd64.tar.gz + tar -xzf ./helm.tar.gz + chmod +x ./linux-amd64/helm + sudo mv ./linux-amd64/helm /usr/local/bin/helm + helm version + + - name: "Login to Package Registry" + run: 'echo "${{ secrets.GITHUB_TOKEN }}" | helm registry login --username ${{ github.actor }} --password-stdin ${{ env.CONTAINER_REGISTRY }}' + + - name: "Package and Push Helm Charts to GHCR" + run: | + find . -type f -name Chart.yaml -not -path "./.templates/*" -print0 | while IFS= read -r -d '' chart; do + ( + dir="$(dirname "${chart}")" + cd "${dir}" || exit + echo "Processing Helm Chart in $dir" + NAME=$(yq eval '.name' - < Chart.yaml) + + helm package --version "${{ env.version }}" . + + helm push "${NAME}-${{ env.version }}.tgz" oci://$CONTAINER_REGISTRY/helm/ + ) + done From 8d4ac1fbc4e79696721f15316ea0ed939a11373d Mon Sep 17 00:00:00 2001 From: Ilyes Ben Dlala Date: Fri, 1 Dec 2023 14:47:06 +0100 Subject: [PATCH 11/11] internal#145 Removed outdated comment Signed-off-by: Ilyes Ben Dlala --- .github/workflows/helm-charts-release-ghcr.yaml | 3 --- 1 file changed, 3 deletions(-) diff --git a/.github/workflows/helm-charts-release-ghcr.yaml b/.github/workflows/helm-charts-release-ghcr.yaml index d43ddcc90b..bd70165643 100644 --- a/.github/workflows/helm-charts-release-ghcr.yaml +++ b/.github/workflows/helm-charts-release-ghcr.yaml @@ -2,9 +2,6 @@ # # SPDX-License-Identifier: Apache-2.0 -# The CI runs on ubuntu-22.04; More info about the installed software is found here: -# https://github.com/actions/runner-images/blob/main/images/linux/Ubuntu2204-Readme.md - on: release: types: [published]