@@ -104,49 +104,67 @@ jobs:
104104 rm -rf traefik-crds
105105 if : steps.tag_exists.outputs.TAG_EXISTS == 'false'
106106
107- - name : Import GPG key
108- uses : crazy-max/ghaction-import-gpg@v6
109- id : gpg
110- with :
111- gpg_private_key : ${{ secrets.GPG_PRIVATE_KEY }}
112- passphrase : ${{ secrets.GPG_PASSPHRASE }}
113- if : steps.tag_exists.outputs.TAG_EXISTS == 'false'
107+ # - name: Import GPG key
108+ # uses: crazy-max/ghaction-import-gpg@v6
109+ # id: gpg
110+ # with:
111+ # gpg_private_key: ${{ secrets.GPG_PRIVATE_KEY }}
112+ # passphrase: ${{ secrets.GPG_PASSPHRASE }}
113+ # if: steps.tag_exists.outputs.TAG_EXISTS == 'false'
114+
115+ # - name: Prepare GPG key
116+ # run: |
117+ # gpg --export > ~/.gnupg/pubring.gpg
118+ # gpg --batch --pinentry-mode loopback --yes --passphrase '${{ secrets.GPG_PASSPHRASE }}' --export-secret-key > ~/.gnupg/secring.gpg
119+ # echo "${{ secrets.GPG_PRIVATE_KEY }}" | gpg --dearmor > $HOME/secring.gpg
120+ # echo "${{ secrets.GPG_PASSPHRASE }}" > $HOME/passphrase.txt
121+ # echo "CR_KEYRING=$HOME/secring.gpg" >> "$GITHUB_ENV"
122+ # echo "CR_PASSPHRASE_FILE=$HOME/passphrase.txt" >> "$GITHUB_ENV"
123+ # if: steps.tag_exists.outputs.TAG_EXISTS == 'false'
114124
115- - name : Prepare GPG key
116- run : |
117- gpg --export > ~/.gnupg/pubring.gpg
118- gpg --batch --pinentry-mode loopback --yes --passphrase '${{ secrets.GPG_PASSPHRASE }}' --export-secret-key > ~/.gnupg/secring.gpg
119- echo "${{ secrets.GPG_PRIVATE_KEY }}" | gpg --dearmor > $HOME/secring.gpg
120- echo "${{ secrets.GPG_PASSPHRASE }}" > $HOME/passphrase.txt
121- echo "CR_KEYRING=$HOME/secring.gpg" >> "$GITHUB_ENV"
122- echo "CR_PASSPHRASE_FILE=$HOME/passphrase.txt" >> "$GITHUB_ENV"
123- if : steps.tag_exists.outputs.TAG_EXISTS == 'false'
124125
125126 - name : Publish Helm chart
126- uses : helm/chart-releaser-action@v1.7.0
127+ uses : stefanprodan/helm-gh-pages@master
127128 with :
129+ token : ${{ secrets.GHCR_TOKEN }}
128130 charts_dir : .
129- env :
130- CR_TOKEN : ${{ secrets.GITHUB_TOKEN }}
131- CR_KEY : ${{ steps.gpg.outputs.name }}
132- CR_SIGN : true
131+ charts_url : https://bpsoraggi.github.io/charts
132+ owner : bpsoraggi
133+ repository : charts
134+ branch : main
135+ target_dir : traefik
136+ index_dir : .
137+ commit_username : bpsoraggi
138+ commit_email : ${{ secrets.GH_EMAIL }}
133139 if : steps.tag_exists.outputs.TAG_EXISTS == 'false'
134140
135- - name : Publish Helm chart to the ghcr.io registry
136- uses : appany/helm-oci-chart-releaser@v0.5.0
137- with :
138- name : traefik
139- repository : bpsoraggi/helm
140- tag : ${{ steps.chart_version.outputs.CHART_VERSION }}
141- path : ./traefik
142- registry : ghcr.io
143- registry_username : bpsoraggi
144- registry_password : ${{ secrets.GHCR_TOKEN }}
145- sign : true
146- signing_key : ${{ steps.gpg.outputs.name }}
147- signing_passphrase : ${{ secrets.GPG_PASSPHRASE }}
148- update_dependencies : ' true'
149- if : steps.tag_exists.outputs.TAG_EXISTS == 'false'
141+
142+
143+ # - name: Publish Helm chart
144+ # uses: helm/chart-releaser-action@v1.7.0
145+ # with:
146+ # charts_dir: .
147+ # env:
148+ # CR_TOKEN: ${{ secrets.GITHUB_TOKEN }}
149+ # CR_KEY: ${{ steps.gpg.outputs.name }}
150+ # CR_SIGN: true
151+ # if: steps.tag_exists.outputs.TAG_EXISTS == 'false'
152+
153+ # - name: Publish Helm chart to the ghcr.io registry
154+ # uses: appany/helm-oci-chart-releaser@v0.5.0
155+ # with:
156+ # name: traefik
157+ # repository: bpsoraggi/helm
158+ # tag: ${{ steps.chart_version.outputs.CHART_VERSION }}
159+ # path: ./traefik
160+ # registry: ghcr.io
161+ # registry_username: bpsoraggi
162+ # registry_password: ${{ secrets.GHCR_TOKEN }}
163+ # sign: true
164+ # signing_key: ${{ steps.gpg.outputs.name }}
165+ # signing_passphrase: ${{ secrets.GPG_PASSPHRASE }}
166+ # update_dependencies: 'true'
167+ # if: steps.tag_exists.outputs.TAG_EXISTS == 'false'
150168
151169 traefik-crds :
152170 runs-on : ubuntu-latest
@@ -259,27 +277,3 @@ jobs:
259277 registry_username : bpsoraggi
260278 registry_password : ${{ secrets.GHCR_TOKEN }}
261279 if : steps.tag_exists.outputs.TAG_EXISTS == 'false'
262-
263- sign-traefik-crds :
264- needs : [ traefik-crds ]
265- runs-on : ubuntu-latest
266- if : needs.traefik-crds.outputs.TAG_EXISTS == 'false'
267- permissions :
268- contents : read
269- # This is used to create the OIDC token for signing the Helm chart
270- id-token : write
271- steps :
272-
273- - name : Login to GitHub Container Registry
274- run : echo ${{ secrets.GHCR_TOKEN }} | docker login ghcr.io -u $GITHUB_ACTOR --password-stdin
275-
276- - name : Install Cosign
277- uses : sigstore/cosign-installer@v3.9.1
278-
279- - name : Sign Helm chart
280- run : |
281- cosign sign --yes \
282- -a version="${{ needs.traefik-crds.outputs.CHART_VERSION }}" \
283- -a commitSha="$GITHUB_SHA" \
284- -a buildDate="$(date +%F)" \
285- ghcr.io/bpsoraggi/helm/traefik-crds:${{ needs.traefik-crds.outputs.CHART_VERSION }}
0 commit comments