chore: workflow for publishing secrets-vault chart (#22) #4
Workflow file for this run
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
name: secrets-vault-chart | |
env: | |
HELM_VERSION: v3.14.0 | |
CHART_DIRS: secrets/secrets-vault/charts | |
on: | |
push: | |
tags: | |
- 'secrets-vault-chart-v[0-9].[0-9]+.[0-9]+' | |
pull_request: | |
paths: | |
- 'secrets/secrets-vault/charts/**' | |
- '.github/workflows/secrets-vault-chart.yml' | |
jobs: | |
validate: | |
runs-on: ubuntu-22.04 | |
steps: | |
- uses: actions/checkout@v4 | |
with: | |
fetch-depth: 0 | |
- name: Fetch main branch for chart-testing | |
run: | | |
git fetch origin main:main | |
- name: Set up Helm | |
uses: azure/setup-helm@v4 | |
with: | |
version: ${{ env.HELM_VERSION }} | |
# Used by helm chart-testing below | |
- name: Set up Python | |
uses: actions/[email protected] | |
with: | |
python-version: '3.12.7' | |
- name: Set up chart-testing | |
uses: helm/[email protected] | |
with: | |
version: v3.11.0 | |
yamllint_version: 1.35.1 | |
yamale_version: 5.0.0 | |
- name: Install wash | |
uses: taiki-e/install-action@v2 | |
with: | |
tool: [email protected] | |
- name: Run chart-testing (lint) | |
run: | | |
ct lint --config ${{ env.CHART_DIRS }}/secrets-vault/ci/ct.yaml --chart-dirs ${{ env.CHART_DIRS }} | |
- name: Create kind cluster | |
uses: helm/[email protected] | |
with: | |
version: "v0.22.0" | |
- name: Install nats in the test cluster | |
run: | | |
helm repo add nats https://nats-io.github.io/k8s/helm/charts/ | |
helm repo update | |
helm install nats nats/nats -f ${{ env.CHART_DIRS }}/secrets-vault/ci/nats.yaml | |
- name: Generate nkey seed | |
run: | | |
export "NKEY_SEED=$(wash key gen account -o json | jq -Mr .seed | tr -d '\n')" >> ${GITHUB_ENV} | |
- name: Generate xkey seed | |
run: | | |
export "XKEY_SEED=$(wash key gen curve -o json | jq -Mr .seed | tr -d '\n')" >> ${GITHUB_ENV} | |
- name: Run chart-testing install / same namespace | |
run: | | |
ct install --config ${{ env.CHART_DIRS }}/secrets-vault/ci/ct.yaml --helm-extra-set-args "--set=config.nats.address=nats-headless.default:4222 --set=config.jwks_address=127.0.0.1:3000 --set=config.nkey_seed=${{ env.NKEY_SEED }} --set=config.xkey_seed=${{ env.XKEY_SEED }} --set=config.vault.address=localhost:8222 --set=config.vault.auth_method_path=jwt --set=config.vault.defaultSecretEnginePath=secret" | |
publish: | |
if: ${{ startsWith(github.ref, 'refs/tags/secrets-vault-chart-v') }} | |
runs-on: ubuntu-22.04 | |
needs: validate | |
permissions: | |
packages: write | |
steps: | |
- uses: actions/checkout@v4 | |
- name: Set up Helm | |
uses: azure/setup-helm@v4 | |
with: | |
version: ${{ env.HELM_VERSION }} | |
- name: Package | |
run: | | |
helm package ${{ env.CHART_DIRS }}/secrets-vault -d .helm-charts | |
- name: Login to GHCR | |
uses: docker/login-action@v3 | |
with: | |
registry: ghcr.io | |
username: ${{ github.repository_owner }} | |
password: ${{ secrets.GITHUB_TOKEN }} | |
- name: Lowercase the organization name for ghcr.io | |
run: | | |
echo "GHCR_REPO_NAMESPACE=${GITHUB_REPOSITORY_OWNER,,}" >>${GITHUB_ENV} | |
- name: Publish | |
run: | | |
for chart in .helm-charts/*; do | |
if [ -z "${chart:-}" ]; then | |
break | |
fi | |
helm push "${chart}" "oci://ghcr.io/${{ env.GHCR_REPO_NAMESPACE }}/charts" | |
done |