feat: add option to restrict registration #39 #49
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| name: Releases | |
| on: | |
| push: | |
| branches: | |
| - main | |
| - 'feat/**' | |
| paths: | |
| - '.github/**' | |
| - 'charts/**' | |
| - '!**.md' | |
| - '!**.md.gotmpl' | |
| jobs: | |
| validate: | |
| runs-on: ubuntu-latest | |
| outputs: | |
| result: ${{ steps.changed.outputs.result }} | |
| steps: | |
| - name: Checkout | |
| uses: actions/checkout@v3 | |
| with: | |
| fetch-depth: 0 | |
| - id: changed | |
| name: Changed | |
| run: | | |
| # Improve this logic to detect changed version from multples merges/changes | |
| files_changed="$(git show --pretty="" --name-only)" | |
| echo "$files_changed" | |
| num_version_bumps="$(echo "$files_changed" | grep Chart.yaml | xargs git show | grep -c "+version" || true)" | |
| if [[ "$num_version_bumps" -eq "1" ]]; then | |
| echo "result=ok" >> $GITHUB_OUTPUT | |
| else | |
| echo "result=skip" | |
| echo "::warning::Version not changed, skipping release job..." | |
| fi | |
| release: | |
| needs: validate | |
| if: ${{ needs.validate.outputs.result == 'ok' }} | |
| # depending on default permission settings for your org (contents being read-only or read-write for workloads), you will have to add permissions | |
| # see: https://docs.github.com/en/actions/security-guides/automatic-token-authentication#modifying-the-permissions-for-the-github_token | |
| permissions: | |
| contents: write | |
| packages: write | |
| runs-on: ubuntu-latest | |
| steps: | |
| - name: Checkout | |
| uses: actions/checkout@v3 | |
| with: | |
| fetch-depth: 0 | |
| - name: Configure Git | |
| run: | | |
| git config user.name "$GITHUB_ACTOR" | |
| git config user.email "$GITHUB_ACTOR@users.noreply.github.com" | |
| - name: Install Helm | |
| uses: azure/setup-helm@v3 | |
| - name: Prepare GPG key | |
| run: | | |
| gpg_dir=.cr-gpg | |
| mkdir "$gpg_dir" | |
| keyring="$gpg_dir/secring.gpg" | |
| base64 -d <<< "$GPG_KEYRING_BASE64" > "$keyring" | |
| passphrase_file="$gpg_dir/passphrase" | |
| echo "$GPG_PASSPHRASE" > "$passphrase_file" | |
| echo "CR_PASSPHRASE_FILE=$passphrase_file" >> "$GITHUB_ENV" | |
| echo "CR_KEYRING=$keyring" >> "$GITHUB_ENV" | |
| env: | |
| GPG_KEYRING_BASE64: "${{ secrets.GPG_KEYRING_BASE64 }}" | |
| GPG_PASSPHRASE: "${{ secrets.GPG_PASSPHRASE }}" | |
| - name: Run chart-releaser | |
| uses: helm/chart-releaser-action@v1.5.0 | |
| env: | |
| CR_TOKEN: "${{ secrets.GITHUB_TOKEN }}" | |
| CR_RELEASE_NAME_TEMPLATE: "cryptpad-helm-{{ .Version }}" | |
| CR_SIGN: true | |
| CR_KEY: "XWiki SAS" | |
| # Values for CR_KEYRING and CR_PASSPHRASE_FILE was setup on Prepare GPG key | |
| - name: Login to GitHub Container Registry | |
| uses: docker/login-action@v1 | |
| with: | |
| registry: ghcr.io | |
| username: ${{ github.actor }} | |
| password: ${{ secrets.GITHUB_TOKEN }} | |
| - name: Push Charts to GHCR | |
| run: | | |
| shopt -s nullglob | |
| for pkg in .cr-release-packages/*.tgz; do | |
| if [ -z "${pkg:-}" ]; then | |
| break | |
| fi | |
| helm push "${pkg}" oci://ghcr.io/${GITHUB_REPOSITORY_OWNER}/helm | |
| done |