From d902b547bbf80a2e4748fb74a0390702ecd18a16 Mon Sep 17 00:00:00 2001 From: drfaust92 Date: Sat, 13 Dec 2025 16:23:15 -0500 Subject: [PATCH 1/6] ci: add oci release for chart Signed-off-by: drfaust92 --- .github/actions/publish/action.yml | 13 +++++++++++++ .github/workflows/release-please.yml | 1 + Chart.yaml | 2 +- Makefile | 2 +- 4 files changed, 16 insertions(+), 2 deletions(-) diff --git a/.github/actions/publish/action.yml b/.github/actions/publish/action.yml index 5201ab2..98d954a 100644 --- a/.github/actions/publish/action.yml +++ b/.github/actions/publish/action.yml @@ -52,3 +52,16 @@ runs: run: gh release upload ${{ steps.version.outputs.CHART_VERSION }} helm-repo/${{ steps.version.outputs.ARTIFACT }} --clobber env: GH_TOKEN: ${{ inputs.token }} + + - name: Login to GitHub Container Registry + uses: docker/login-action@v3.6.0 + with: + registry: ghcr.io + username: ${{ github.actor }} + password: ${{ secrets.GITHUB_TOKEN }} + + - name: Push chart to GHCR + run: | + mkdir -p ld-relay + helm package -d ld-relay . + helm push ld-relay-*.tgz oci://ghcr.io/${GITHUB_REPOSITORY_OWNER}/charts diff --git a/.github/workflows/release-please.yml b/.github/workflows/release-please.yml index a788d88..1c2d893 100644 --- a/.github/workflows/release-please.yml +++ b/.github/workflows/release-please.yml @@ -10,6 +10,7 @@ jobs: permissions: id-token: write # Needed if using OIDC to get release secrets. contents: write # Contents and pull-requests are for release-please to make releases. + packages: write # needed for ghcr access pull-requests: write steps: - uses: googleapis/release-please-action@v4 diff --git a/Chart.yaml b/Chart.yaml index a5f8005..7f7b835 100644 --- a/Chart.yaml +++ b/Chart.yaml @@ -23,7 +23,7 @@ type: application # This is the chart version. This version number should be incremented each time you make changes # to the chart and its templates, including the app version. # Versions are expected to follow Semantic Versioning (https://semver.org/) -version: 3.4.0 +version: 3.5.0 # This is the version number of the application being deployed. This version number should be # incremented each time you make changes to the application. Versions are not expected to diff --git a/Makefile b/Makefile index 703f290..2998eba 100644 --- a/Makefile +++ b/Makefile @@ -19,7 +19,7 @@ unittest: #! Run the unit tests .PHONY: lint lint: #! Run helm lint against this chart - @helm lint + @helm lint . .PHONY: package package: #! Build the helm package (e.g. ld-relay-x.y.z.tgz) From 1e76c079cd3380b6894bb66b681d7cc8f72f6968 Mon Sep 17 00:00:00 2001 From: drfaust92 Date: Tue, 16 Dec 2025 12:15:49 -0500 Subject: [PATCH 2/6] CR comments Signed-off-by: drfaust92 --- .github/actions/publish/action.yml | 2 +- Chart.yaml | 2 +- Makefile | 2 +- 3 files changed, 3 insertions(+), 3 deletions(-) diff --git a/.github/actions/publish/action.yml b/.github/actions/publish/action.yml index 98d954a..0651871 100644 --- a/.github/actions/publish/action.yml +++ b/.github/actions/publish/action.yml @@ -58,7 +58,7 @@ runs: with: registry: ghcr.io username: ${{ github.actor }} - password: ${{ secrets.GITHUB_TOKEN }} + password: ${{ inputs.token }} - name: Push chart to GHCR run: | diff --git a/Chart.yaml b/Chart.yaml index 7f7b835..a5f8005 100644 --- a/Chart.yaml +++ b/Chart.yaml @@ -23,7 +23,7 @@ type: application # This is the chart version. This version number should be incremented each time you make changes # to the chart and its templates, including the app version. # Versions are expected to follow Semantic Versioning (https://semver.org/) -version: 3.5.0 +version: 3.4.0 # This is the version number of the application being deployed. This version number should be # incremented each time you make changes to the application. Versions are not expected to diff --git a/Makefile b/Makefile index 2998eba..703f290 100644 --- a/Makefile +++ b/Makefile @@ -19,7 +19,7 @@ unittest: #! Run the unit tests .PHONY: lint lint: #! Run helm lint against this chart - @helm lint . + @helm lint .PHONY: package package: #! Build the helm package (e.g. ld-relay-x.y.z.tgz) From 4773c8000c409df46afcc6a544243f255f245ac5 Mon Sep 17 00:00:00 2001 From: Matthew Keeler Date: Tue, 16 Dec 2025 15:06:03 -0500 Subject: [PATCH 3/6] helm lint . --- Makefile | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/Makefile b/Makefile index 703f290..2998eba 100644 --- a/Makefile +++ b/Makefile @@ -19,7 +19,7 @@ unittest: #! Run the unit tests .PHONY: lint lint: #! Run helm lint against this chart - @helm lint + @helm lint . .PHONY: package package: #! Build the helm package (e.g. ld-relay-x.y.z.tgz) From 813f11d0d98a47b5d41357f45c4731bf6814bc31 Mon Sep 17 00:00:00 2001 From: Matthew Keeler Date: Tue, 16 Dec 2025 15:09:54 -0500 Subject: [PATCH 4/6] add permissions to manual publish --- .github/workflows/manual-publish.yml | 5 +++-- 1 file changed, 3 insertions(+), 2 deletions(-) diff --git a/.github/workflows/manual-publish.yml b/.github/workflows/manual-publish.yml index 29c5a84..132cadf 100644 --- a/.github/workflows/manual-publish.yml +++ b/.github/workflows/manual-publish.yml @@ -12,8 +12,9 @@ jobs: runs-on: ubuntu-latest # Needed to get tokens during publishing. permissions: - id-token: write - contents: write + id-token: write # Needed if using OIDC to get release secrets. + contents: write # Contents and pull-requests are for release-please to make releases. + packages: write # needed for ghcr access steps: - uses: actions/checkout@v4 From 03a964ff5dc7c0bac4891162b1962adfbb1dfaef Mon Sep 17 00:00:00 2001 From: Matthew Keeler Date: Wed, 17 Dec 2025 10:20:12 -0500 Subject: [PATCH 5/6] add doc about oci artifacts --- .github/actions/publish/action.yml | 2 +- README.md | 2 ++ 2 files changed, 3 insertions(+), 1 deletion(-) diff --git a/.github/actions/publish/action.yml b/.github/actions/publish/action.yml index 0651871..00293d7 100644 --- a/.github/actions/publish/action.yml +++ b/.github/actions/publish/action.yml @@ -64,4 +64,4 @@ runs: run: | mkdir -p ld-relay helm package -d ld-relay . - helm push ld-relay-*.tgz oci://ghcr.io/${GITHUB_REPOSITORY_OWNER}/charts + helm push ld-relay-*.tgz oci://ghcr.io/${GITHUB_REPOSITORY_OWNER}/helm-charts diff --git a/README.md b/README.md index 5e44239..3065eaa 100644 --- a/README.md +++ b/README.md @@ -31,6 +31,8 @@ helm install ld-relay --set relay.environment.LD_ENV_YourEnvironment=your-sdk-ke For additional configuration, use the [Configuration options](#configuration-options) below. +OCI artifacts of all LaunchDarkly Helm charts are available in [ghcr.io](https://github.com/orgs/launchdarkly/packages?q=helm-charts). + ## Configuration options To customize this Helm chart, override the configuration options defined in the [values file](https://github.com/launchdarkly/ld-relay-helm/blob/main/values.yaml). The values file contains detailed documentation on each option. From 20c8914c533ffdbeea3a401e6e40f8762e7075e6 Mon Sep 17 00:00:00 2001 From: Matthew Keeler Date: Wed, 17 Dec 2025 12:02:51 -0500 Subject: [PATCH 6/6] split gh-pages from oci publication --- .../{publish => publish-gh-pages}/action.yml | 29 +++++----------- .github/actions/publish-ghcr/action.yml | 34 +++++++++++++++++++ .github/workflows/manual-publish.yml | 9 +++-- .github/workflows/release-please.yml | 10 ++++-- 4 files changed, 58 insertions(+), 24 deletions(-) rename .github/actions/{publish => publish-gh-pages}/action.yml (65%) create mode 100644 .github/actions/publish-ghcr/action.yml diff --git a/.github/actions/publish/action.yml b/.github/actions/publish-gh-pages/action.yml similarity index 65% rename from .github/actions/publish/action.yml rename to .github/actions/publish-gh-pages/action.yml index 00293d7..1418960 100644 --- a/.github/actions/publish/action.yml +++ b/.github/actions/publish-gh-pages/action.yml @@ -24,26 +24,28 @@ runs: echo "CHART_VERSION=$version" >> "$GITHUB_OUTPUT" echo "ARTIFACT=ld-relay-$version.tgz" >> "$GITHUB_OUTPUT" + - name: Make build directory + shell: bash + run: mkdir -p build + - name: Package the helm chart shell: bash - run: | - mkdir -p new-chart - helm package -d new-chart . + run: helm package -d build . - name: Generate updated index.yaml shell: bash - run: helm repo index new-chart --url https://launchdarkly.github.io/ld-relay-helm --merge helm-repo/index.yaml + run: helm repo index build --url https://launchdarkly.github.io/ld-relay-helm --merge helm-repo/index.yaml - name: Move files into publishable directory shell: bash - run: mv new-chart/${{ steps.version.outputs.ARTIFACT }} new-chart/index.yaml helm-repo - run: mv helm-repo/*tgz new-chart/ + run: mv build/${{ steps.version.outputs.ARTIFACT }} build/index.yaml helm-repo + run: mv helm-repo/*tgz build/ - name: Publish to GitHub pages if: ${{ inputs.dry_run == 'false' }} uses: launchdarkly/gh-actions/actions/publish-pages@publish-pages-v1.0.2 with: - docs_path: new-chart + docs_path: build github_token: ${{ inputs.token }} - name: Attach published chart to release @@ -52,16 +54,3 @@ runs: run: gh release upload ${{ steps.version.outputs.CHART_VERSION }} helm-repo/${{ steps.version.outputs.ARTIFACT }} --clobber env: GH_TOKEN: ${{ inputs.token }} - - - name: Login to GitHub Container Registry - uses: docker/login-action@v3.6.0 - with: - registry: ghcr.io - username: ${{ github.actor }} - password: ${{ inputs.token }} - - - name: Push chart to GHCR - run: | - mkdir -p ld-relay - helm package -d ld-relay . - helm push ld-relay-*.tgz oci://ghcr.io/${GITHUB_REPOSITORY_OWNER}/helm-charts diff --git a/.github/actions/publish-ghcr/action.yml b/.github/actions/publish-ghcr/action.yml new file mode 100644 index 0000000..d242a33 --- /dev/null +++ b/.github/actions/publish-ghcr/action.yml @@ -0,0 +1,34 @@ +name: Publish Chart +description: "Publish to gh-pages-backed chart repository" +inputs: + dry_run: + description: "Is this a dry run. If so no package will be published." + required: true + token: + description: "The GitHub token used to upload artifacts to the published release" + required: true + +runs: + using: composite + steps: + - uses: actions/checkout@v4 + + - name: Login to GitHub Container Registry + uses: docker/login-action@v3.6.0 + with: + registry: ghcr.io + username: ${{ github.actor }} + password: ${{ inputs.token }} + + - name: Make build directory + shell: bash + run: mkdir -p build + + - name: Package the helm chart + shell: bash + run: helm package -d build . + + - name: Push chart to GHCR + if: ${{ inputs.dry_run == 'false' }} + shell: bash + run: helm push build/ld-relay-*.tgz oci://ghcr.io/${GITHUB_REPOSITORY_OWNER}/helm-charts diff --git a/.github/workflows/manual-publish.yml b/.github/workflows/manual-publish.yml index 132cadf..bca3b0f 100644 --- a/.github/workflows/manual-publish.yml +++ b/.github/workflows/manual-publish.yml @@ -3,7 +3,7 @@ on: workflow_dispatch: inputs: dry_run: - description: 'Is this a dry run? If so no package will be published.' + description: "Is this a dry run? If so no package will be published." type: boolean required: true @@ -23,7 +23,12 @@ jobs: - name: Run quality control checks uses: ./.github/actions/ci - - uses: ./.github/actions/publish + - uses: ./.github/actions/publish-gh-pages + with: + dry_run: ${{ inputs.dry_run }} + token: ${{ secrets.GITHUB_TOKEN }} + + - uses: ./.github/actions/publish-ghcr with: dry_run: ${{ inputs.dry_run }} token: ${{ secrets.GITHUB_TOKEN }} diff --git a/.github/workflows/release-please.yml b/.github/workflows/release-please.yml index 1c2d893..23c8466 100644 --- a/.github/workflows/release-please.yml +++ b/.github/workflows/release-please.yml @@ -2,7 +2,7 @@ name: Run Release Please on: push: - branches: [ main ] + branches: [main] jobs: release-package: @@ -28,7 +28,13 @@ jobs: if: ${{ steps.release.outputs.releases_created == 'true' }} uses: ./.github/actions/ci - - uses: ./.github/actions/publish + - uses: ./.github/actions/publish-gh-pages + if: ${{ steps.release.outputs.releases_created == 'true' }} + with: + dry_run: false + token: ${{ secrets.GITHUB_TOKEN }} + + - uses: ./.github/actions/publish-ghcr if: ${{ steps.release.outputs.releases_created == 'true' }} with: dry_run: false