From 8bf73edd449e1d5b3226bf33c8e87f2de205555e Mon Sep 17 00:00:00 2001 From: wkbrd <30599409+wkbrd@users.noreply.github.com> Date: Tue, 9 Jul 2024 19:30:04 -0400 Subject: [PATCH 01/20] Update helm_release.yaml --- .github/workflows/helm_release.yaml | 22 +++++++++++++++++++++- 1 file changed, 21 insertions(+), 1 deletion(-) diff --git a/.github/workflows/helm_release.yaml b/.github/workflows/helm_release.yaml index 4263e76d..6710298a 100644 --- a/.github/workflows/helm_release.yaml +++ b/.github/workflows/helm_release.yaml @@ -1,5 +1,8 @@ name: Release Charts - +env: + HELM_VERSION_TO_INSTALL: 3.14.0 + GCR_IMAGE: ghcr.io/${{ github.repository_owner }}/doker-registry + on: workflow_dispatch: @@ -33,3 +36,20 @@ jobs: cr package cr upload --owner="$owner" --git-repo "$repo" --token="$CR_TOKEN" --release-name-template="v{{ .Version }}" --packages-with-index --push --skip-existing --generate-release-notes --commit main cr index --owner="$owner" --git-repo "$repo" --token="$CR_TOKEN" --release-name-template="v{{ .Version }}" --packages-with-index --push --index-path="." + + - name: install helm + uses: Azure/setup-helm@v1 + with: + # Version of helm + version: ${{ env.HELM_VERSION_TO_INSTALL }} # default is latest + + - name: login to acr using helm + run: | + echo ${{ secrets.GITHUB_TOKEN }} | helm registry login ${{ env.GCR_IMAGE }} --username ${{ github.repository_owner }} --password-stdin + - name: save helm chart to local registry + run: | + helm chart save ${{ github.workspace }}/ ${{ env.GCR_IMAGE }}:${{ github.sha }} + + - name: publish chart to acr + run: | + helm chart push ${{ env.GCR_IMAGE }}:${{ github.sha }} From 62d6b18a393297a54ea8b26c819e13fc20ba1b06 Mon Sep 17 00:00:00 2001 From: wkbrd <30599409+wkbrd@users.noreply.github.com> Date: Tue, 9 Jul 2024 19:33:29 -0400 Subject: [PATCH 02/20] Update helm_release.yaml --- .github/workflows/helm_release.yaml | 20 ++++++++++---------- 1 file changed, 10 insertions(+), 10 deletions(-) diff --git a/.github/workflows/helm_release.yaml b/.github/workflows/helm_release.yaml index 6710298a..80f798ae 100644 --- a/.github/workflows/helm_release.yaml +++ b/.github/workflows/helm_release.yaml @@ -27,16 +27,16 @@ jobs: with: install_only: true - - name: Run chart-releaser - env: - CR_TOKEN: "${{ secrets.CR_TOKEN }}" - run: | - owner=$(cut -d '/' -f 1 <<< "$GITHUB_REPOSITORY") - repo=$(cut -d '/' -f 2 <<< "$GITHUB_REPOSITORY") - cr package - cr upload --owner="$owner" --git-repo "$repo" --token="$CR_TOKEN" --release-name-template="v{{ .Version }}" --packages-with-index --push --skip-existing --generate-release-notes --commit main - cr index --owner="$owner" --git-repo "$repo" --token="$CR_TOKEN" --release-name-template="v{{ .Version }}" --packages-with-index --push --index-path="." - +# - name: Run chart-releaser +# env: +# CR_TOKEN: "${{ secrets.CR_TOKEN }}" +# run: | +# owner=$(cut -d '/' -f 1 <<< "$GITHUB_REPOSITORY") +# repo=$(cut -d '/' -f 2 <<< "$GITHUB_REPOSITORY") +# cr package +# cr upload --owner="$owner" --git-repo "$repo" --token="$CR_TOKEN" --release-name-template="v{{ .Version }}" --packages-with-index --push --skip-existing --generate-release-notes --commit main +# cr index --owner="$owner" --git-repo "$repo" --token="$CR_TOKEN" --release-name-template="v{{ .Version }}" --packages-with-index --push --index-path="." +# - name: install helm uses: Azure/setup-helm@v1 with: From efef905e2cca19df12b919efd212cbd427ac5bcc Mon Sep 17 00:00:00 2001 From: wkbrd <30599409+wkbrd@users.noreply.github.com> Date: Tue, 9 Jul 2024 19:37:58 -0400 Subject: [PATCH 03/20] Update helm_release.yaml --- .github/workflows/helm_release.yaml | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/.github/workflows/helm_release.yaml b/.github/workflows/helm_release.yaml index 80f798ae..01edf5f0 100644 --- a/.github/workflows/helm_release.yaml +++ b/.github/workflows/helm_release.yaml @@ -48,7 +48,8 @@ jobs: echo ${{ secrets.GITHUB_TOKEN }} | helm registry login ${{ env.GCR_IMAGE }} --username ${{ github.repository_owner }} --password-stdin - name: save helm chart to local registry run: | - helm chart save ${{ github.workspace }}/ ${{ env.GCR_IMAGE }}:${{ github.sha }} + helm package ${{ github.workspace }}/ + ls - name: publish chart to acr run: | From 72af627033f03e535275a7f4c686285a5c021470 Mon Sep 17 00:00:00 2001 From: wkbrd <30599409+wkbrd@users.noreply.github.com> Date: Tue, 9 Jul 2024 19:41:47 -0400 Subject: [PATCH 04/20] Update helm_release.yaml --- .github/workflows/helm_release.yaml | 5 +++-- 1 file changed, 3 insertions(+), 2 deletions(-) diff --git a/.github/workflows/helm_release.yaml b/.github/workflows/helm_release.yaml index 01edf5f0..1371ce36 100644 --- a/.github/workflows/helm_release.yaml +++ b/.github/workflows/helm_release.yaml @@ -1,7 +1,7 @@ name: Release Charts env: HELM_VERSION_TO_INSTALL: 3.14.0 - GCR_IMAGE: ghcr.io/${{ github.repository_owner }}/doker-registry + GCR_IMAGE: ghcr.io/${{ github.repository_owner }}/docker-registry on: workflow_dispatch: @@ -46,6 +46,7 @@ jobs: - name: login to acr using helm run: | echo ${{ secrets.GITHUB_TOKEN }} | helm registry login ${{ env.GCR_IMAGE }} --username ${{ github.repository_owner }} --password-stdin + - name: save helm chart to local registry run: | helm package ${{ github.workspace }}/ @@ -53,4 +54,4 @@ jobs: - name: publish chart to acr run: | - helm chart push ${{ env.GCR_IMAGE }}:${{ github.sha }} + helm push dockery-registry-{{ .Version }}.tgz ${{ env.GCR_IMAGE }}:${{ .Version }} From 4065721597cdb211cfe35ed7c0d57d7301b38846 Mon Sep 17 00:00:00 2001 From: wkbrd <30599409+wkbrd@users.noreply.github.com> Date: Tue, 9 Jul 2024 19:46:13 -0400 Subject: [PATCH 05/20] Update helm_release.yaml --- .github/workflows/helm_release.yaml | 7 ++----- 1 file changed, 2 insertions(+), 5 deletions(-) diff --git a/.github/workflows/helm_release.yaml b/.github/workflows/helm_release.yaml index 1371ce36..d9ff1b26 100644 --- a/.github/workflows/helm_release.yaml +++ b/.github/workflows/helm_release.yaml @@ -50,8 +50,5 @@ jobs: - name: save helm chart to local registry run: | helm package ${{ github.workspace }}/ - ls - - - name: publish chart to acr - run: | - helm push dockery-registry-{{ .Version }}.tgz ${{ env.GCR_IMAGE }}:${{ .Version }} + package=`ls -t docker-registry-*.tgz | head -n 1` + helm push "${package}" ${{ env.GCR_IMAGE }}:{{ .Version }} From 63a977f2c2f020aa9d04171076784101e868c2d7 Mon Sep 17 00:00:00 2001 From: wkbrd <30599409+wkbrd@users.noreply.github.com> Date: Tue, 9 Jul 2024 19:48:01 -0400 Subject: [PATCH 06/20] Update helm_release.yaml --- .github/workflows/helm_release.yaml | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/.github/workflows/helm_release.yaml b/.github/workflows/helm_release.yaml index d9ff1b26..a83bc798 100644 --- a/.github/workflows/helm_release.yaml +++ b/.github/workflows/helm_release.yaml @@ -51,4 +51,5 @@ jobs: run: | helm package ${{ github.workspace }}/ package=`ls -t docker-registry-*.tgz | head -n 1` - helm push "${package}" ${{ env.GCR_IMAGE }}:{{ .Version }} + echo "helm push ${package} oci://${{ env.GCR_IMAGE }}:{{ .Version }}" + helm push "${package}" oci://${{ env.GCR_IMAGE }}:{{ .Version }} From 781e5263b59e8161fac1e2c2245fbbfc65400387 Mon Sep 17 00:00:00 2001 From: wkbrd <30599409+wkbrd@users.noreply.github.com> Date: Tue, 9 Jul 2024 19:50:52 -0400 Subject: [PATCH 07/20] Update helm_release.yaml --- .github/workflows/helm_release.yaml | 5 +++-- 1 file changed, 3 insertions(+), 2 deletions(-) diff --git a/.github/workflows/helm_release.yaml b/.github/workflows/helm_release.yaml index a83bc798..22185735 100644 --- a/.github/workflows/helm_release.yaml +++ b/.github/workflows/helm_release.yaml @@ -51,5 +51,6 @@ jobs: run: | helm package ${{ github.workspace }}/ package=`ls -t docker-registry-*.tgz | head -n 1` - echo "helm push ${package} oci://${{ env.GCR_IMAGE }}:{{ .Version }}" - helm push "${package}" oci://${{ env.GCR_IMAGE }}:{{ .Version }} + version=`echo "${package}"| sed "s|docker-registry-\(.*\)[.]tgz|\1|g"` + echo "helm push ${package} oci://${{ env.GCR_IMAGE }}:${version}" + helm push "${package}" oci://${{ env.GCR_IMAGE }}:${version} From 1db5b96a8e531b2a2ea25f8ee73d3ce427485ba0 Mon Sep 17 00:00:00 2001 From: wkbrd <30599409+wkbrd@users.noreply.github.com> Date: Tue, 9 Jul 2024 19:51:56 -0400 Subject: [PATCH 08/20] Update helm_release.yaml --- .github/workflows/helm_release.yaml | 5 ++--- 1 file changed, 2 insertions(+), 3 deletions(-) diff --git a/.github/workflows/helm_release.yaml b/.github/workflows/helm_release.yaml index 22185735..8a83dd07 100644 --- a/.github/workflows/helm_release.yaml +++ b/.github/workflows/helm_release.yaml @@ -51,6 +51,5 @@ jobs: run: | helm package ${{ github.workspace }}/ package=`ls -t docker-registry-*.tgz | head -n 1` - version=`echo "${package}"| sed "s|docker-registry-\(.*\)[.]tgz|\1|g"` - echo "helm push ${package} oci://${{ env.GCR_IMAGE }}:${version}" - helm push "${package}" oci://${{ env.GCR_IMAGE }}:${version} + echo "helm push ${package} oci://${{ env.GCR_IMAGE }}" + helm push "${package}" oci://${{ env.GCR_IMAGE }} From e86480e83c3022abb27549ed41153412ceb557b4 Mon Sep 17 00:00:00 2001 From: wkbrd <30599409+wkbrd@users.noreply.github.com> Date: Tue, 9 Jul 2024 19:54:09 -0400 Subject: [PATCH 09/20] Update helm_release.yaml --- .github/workflows/helm_release.yaml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/workflows/helm_release.yaml b/.github/workflows/helm_release.yaml index 8a83dd07..6f10a2d9 100644 --- a/.github/workflows/helm_release.yaml +++ b/.github/workflows/helm_release.yaml @@ -1,7 +1,7 @@ name: Release Charts env: HELM_VERSION_TO_INSTALL: 3.14.0 - GCR_IMAGE: ghcr.io/${{ github.repository_owner }}/docker-registry + GCR_IMAGE: ghcr.io/${{ github.repository_owner }}/charts on: workflow_dispatch: From cba8cb266b9b7355de64ddd5ef090a4cdc8f80a4 Mon Sep 17 00:00:00 2001 From: wkbrd <30599409+wkbrd@users.noreply.github.com> Date: Tue, 9 Jul 2024 19:57:00 -0400 Subject: [PATCH 10/20] Update helm_release.yaml --- .github/workflows/helm_release.yaml | 13 +++++-------- 1 file changed, 5 insertions(+), 8 deletions(-) diff --git a/.github/workflows/helm_release.yaml b/.github/workflows/helm_release.yaml index 6f10a2d9..5fed114c 100644 --- a/.github/workflows/helm_release.yaml +++ b/.github/workflows/helm_release.yaml @@ -43,13 +43,10 @@ jobs: # Version of helm version: ${{ env.HELM_VERSION_TO_INSTALL }} # default is latest - - name: login to acr using helm + - name: publish to oci registry run: | echo ${{ secrets.GITHUB_TOKEN }} | helm registry login ${{ env.GCR_IMAGE }} --username ${{ github.repository_owner }} --password-stdin - - - name: save helm chart to local registry - run: | - helm package ${{ github.workspace }}/ - package=`ls -t docker-registry-*.tgz | head -n 1` - echo "helm push ${package} oci://${{ env.GCR_IMAGE }}" - helm push "${package}" oci://${{ env.GCR_IMAGE }} + helm package ${{ github.workspace }}/ + package=`ls -t docker-registry-*.tgz | head -n 1` + echo "helm push ${package} oci://${{ env.GCR_IMAGE }}" + helm push "${package}" oci://${{ env.GCR_IMAGE }} From 6b57b361ea0f3b40bac0f87c6fad9ba45776e24d Mon Sep 17 00:00:00 2001 From: wkbrd <30599409+wkbrd@users.noreply.github.com> Date: Tue, 9 Jul 2024 19:58:17 -0400 Subject: [PATCH 11/20] Update helm_release.yaml --- .github/workflows/helm_release.yaml | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/.github/workflows/helm_release.yaml b/.github/workflows/helm_release.yaml index 5fed114c..10f825a7 100644 --- a/.github/workflows/helm_release.yaml +++ b/.github/workflows/helm_release.yaml @@ -1,7 +1,7 @@ name: Release Charts env: HELM_VERSION_TO_INSTALL: 3.14.0 - GCR_IMAGE: ghcr.io/${{ github.repository_owner }}/charts + GCR_IMAGE: ghcr.io/${{ github.repository_owner }} on: workflow_dispatch: @@ -48,5 +48,5 @@ jobs: echo ${{ secrets.GITHUB_TOKEN }} | helm registry login ${{ env.GCR_IMAGE }} --username ${{ github.repository_owner }} --password-stdin helm package ${{ github.workspace }}/ package=`ls -t docker-registry-*.tgz | head -n 1` - echo "helm push ${package} oci://${{ env.GCR_IMAGE }}" - helm push "${package}" oci://${{ env.GCR_IMAGE }} + echo "helm push ${package} oci://${{ env.GCR_IMAGE }}/charts" + helm push "${package}" oci://${{ env.GCR_IMAGE }}/charts From 77ad1c90c9fc7f2b31279bf5704b8f9498df9231 Mon Sep 17 00:00:00 2001 From: wkbrd <30599409+wkbrd@users.noreply.github.com> Date: Tue, 9 Jul 2024 20:06:42 -0400 Subject: [PATCH 12/20] Update helm_release.yaml --- .github/workflows/helm_release.yaml | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/.github/workflows/helm_release.yaml b/.github/workflows/helm_release.yaml index 10f825a7..75e9840b 100644 --- a/.github/workflows/helm_release.yaml +++ b/.github/workflows/helm_release.yaml @@ -45,8 +45,8 @@ jobs: - name: publish to oci registry run: | - echo ${{ secrets.GITHUB_TOKEN }} | helm registry login ${{ env.GCR_IMAGE }} --username ${{ github.repository_owner }} --password-stdin + echo ${{ secrets.GITHUB_TOKEN }} | helm registry login ghcr.io --username ${{ github.repository_owner }} --password-stdin helm package ${{ github.workspace }}/ package=`ls -t docker-registry-*.tgz | head -n 1` - echo "helm push ${package} oci://${{ env.GCR_IMAGE }}/charts" - helm push "${package}" oci://${{ env.GCR_IMAGE }}/charts + echo "helm push ${package} oci://${{ env.GCR_IMAGE }}" + helm push "${package}" oci://${{ env.GCR_IMAGE }} From bdf9171598bcd06ec052ba2206002fdf9f13e634 Mon Sep 17 00:00:00 2001 From: wkbrd <30599409+wkbrd@users.noreply.github.com> Date: Tue, 9 Jul 2024 20:09:37 -0400 Subject: [PATCH 13/20] Update helm_release.yaml --- .github/workflows/helm_release.yaml | 1 + 1 file changed, 1 insertion(+) diff --git a/.github/workflows/helm_release.yaml b/.github/workflows/helm_release.yaml index 75e9840b..00576e42 100644 --- a/.github/workflows/helm_release.yaml +++ b/.github/workflows/helm_release.yaml @@ -10,6 +10,7 @@ jobs: release: permissions: contents: write + packages: write runs-on: ubuntu-latest steps: - name: Checkout From eda1bffaa24d0070eff671a4c327f23d031f774f Mon Sep 17 00:00:00 2001 From: wkbrd <30599409+wkbrd@users.noreply.github.com> Date: Tue, 9 Jul 2024 20:38:13 -0400 Subject: [PATCH 14/20] Update helm_release.yaml --- .github/workflows/helm_release.yaml | 1 - 1 file changed, 1 deletion(-) diff --git a/.github/workflows/helm_release.yaml b/.github/workflows/helm_release.yaml index 00576e42..1e2f5715 100644 --- a/.github/workflows/helm_release.yaml +++ b/.github/workflows/helm_release.yaml @@ -49,5 +49,4 @@ jobs: echo ${{ secrets.GITHUB_TOKEN }} | helm registry login ghcr.io --username ${{ github.repository_owner }} --password-stdin helm package ${{ github.workspace }}/ package=`ls -t docker-registry-*.tgz | head -n 1` - echo "helm push ${package} oci://${{ env.GCR_IMAGE }}" helm push "${package}" oci://${{ env.GCR_IMAGE }} From 6da97d10830e28e6d5c07818cd393f0725beeec2 Mon Sep 17 00:00:00 2001 From: wkbrd <30599409+wkbrd@users.noreply.github.com> Date: Tue, 9 Jul 2024 20:39:35 -0400 Subject: [PATCH 15/20] Update helm_release.yaml --- .github/workflows/helm_release.yaml | 20 ++++++++++---------- 1 file changed, 10 insertions(+), 10 deletions(-) diff --git a/.github/workflows/helm_release.yaml b/.github/workflows/helm_release.yaml index 1e2f5715..feb4bae2 100644 --- a/.github/workflows/helm_release.yaml +++ b/.github/workflows/helm_release.yaml @@ -28,16 +28,16 @@ jobs: with: install_only: true -# - name: Run chart-releaser -# env: -# CR_TOKEN: "${{ secrets.CR_TOKEN }}" -# run: | -# owner=$(cut -d '/' -f 1 <<< "$GITHUB_REPOSITORY") -# repo=$(cut -d '/' -f 2 <<< "$GITHUB_REPOSITORY") -# cr package -# cr upload --owner="$owner" --git-repo "$repo" --token="$CR_TOKEN" --release-name-template="v{{ .Version }}" --packages-with-index --push --skip-existing --generate-release-notes --commit main -# cr index --owner="$owner" --git-repo "$repo" --token="$CR_TOKEN" --release-name-template="v{{ .Version }}" --packages-with-index --push --index-path="." -# + - name: Run chart-releaser + env: + CR_TOKEN: "${{ secrets.CR_TOKEN }}" + run: | + owner=$(cut -d '/' -f 1 <<< "$GITHUB_REPOSITORY") + repo=$(cut -d '/' -f 2 <<< "$GITHUB_REPOSITORY") + cr package + cr upload --owner="$owner" --git-repo "$repo" --token="$CR_TOKEN" --release-name-template="v{{ .Version }}" --packages-with-index --push --skip-existing --generate-release-notes --commit main + cr index --owner="$owner" --git-repo "$repo" --token="$CR_TOKEN" --release-name-template="v{{ .Version }}" --packages-with-index --push --index-path="." + - name: install helm uses: Azure/setup-helm@v1 with: From bf91d1ff1656151aea7b0386e2cbce9acdb4a5e7 Mon Sep 17 00:00:00 2001 From: wkbrd <30599409+wkbrd@users.noreply.github.com> Date: Wed, 10 Jul 2024 06:28:14 -0400 Subject: [PATCH 16/20] Update helm_release.yaml --- .github/workflows/helm_release.yaml | 20 ++++++++++---------- 1 file changed, 10 insertions(+), 10 deletions(-) diff --git a/.github/workflows/helm_release.yaml b/.github/workflows/helm_release.yaml index feb4bae2..4fc134a1 100644 --- a/.github/workflows/helm_release.yaml +++ b/.github/workflows/helm_release.yaml @@ -28,18 +28,18 @@ jobs: with: install_only: true - - name: Run chart-releaser - env: - CR_TOKEN: "${{ secrets.CR_TOKEN }}" - run: | - owner=$(cut -d '/' -f 1 <<< "$GITHUB_REPOSITORY") - repo=$(cut -d '/' -f 2 <<< "$GITHUB_REPOSITORY") - cr package - cr upload --owner="$owner" --git-repo "$repo" --token="$CR_TOKEN" --release-name-template="v{{ .Version }}" --packages-with-index --push --skip-existing --generate-release-notes --commit main - cr index --owner="$owner" --git-repo "$repo" --token="$CR_TOKEN" --release-name-template="v{{ .Version }}" --packages-with-index --push --index-path="." +# - name: Run chart-releaser +# env: +# CR_TOKEN: "${{ secrets.CR_TOKEN }}" +# run: | +# owner=$(cut -d '/' -f 1 <<< "$GITHUB_REPOSITORY") +# repo=$(cut -d '/' -f 2 <<< "$GITHUB_REPOSITORY") +# cr package +# cr upload --owner="$owner" --git-repo "$repo" --token="$CR_TOKEN" --release-name-template="v{{ .Version }}" --packages-with-index --push --skip-existing --generate-release-notes --commit main +# cr index --owner="$owner" --git-repo "$repo" --token="$CR_TOKEN" --release-name-template="v{{ .Version }}" --packages-with-index --push --index-path="." - name: install helm - uses: Azure/setup-helm@v1 + uses: Azure/setup-helm@v4.2.0 with: # Version of helm version: ${{ env.HELM_VERSION_TO_INSTALL }} # default is latest From f7848a3ea84f0f64e4d182a9bbae9ec655afa1fa Mon Sep 17 00:00:00 2001 From: wkbrd <30599409+wkbrd@users.noreply.github.com> Date: Wed, 10 Jul 2024 06:29:08 -0400 Subject: [PATCH 17/20] Update helm_release.yaml --- .github/workflows/helm_release.yaml | 18 +++++++++--------- 1 file changed, 9 insertions(+), 9 deletions(-) diff --git a/.github/workflows/helm_release.yaml b/.github/workflows/helm_release.yaml index 4fc134a1..57c86cda 100644 --- a/.github/workflows/helm_release.yaml +++ b/.github/workflows/helm_release.yaml @@ -28,15 +28,15 @@ jobs: with: install_only: true -# - name: Run chart-releaser -# env: -# CR_TOKEN: "${{ secrets.CR_TOKEN }}" -# run: | -# owner=$(cut -d '/' -f 1 <<< "$GITHUB_REPOSITORY") -# repo=$(cut -d '/' -f 2 <<< "$GITHUB_REPOSITORY") -# cr package -# cr upload --owner="$owner" --git-repo "$repo" --token="$CR_TOKEN" --release-name-template="v{{ .Version }}" --packages-with-index --push --skip-existing --generate-release-notes --commit main -# cr index --owner="$owner" --git-repo "$repo" --token="$CR_TOKEN" --release-name-template="v{{ .Version }}" --packages-with-index --push --index-path="." + - name: Run chart-releaser + env: + CR_TOKEN: "${{ secrets.CR_TOKEN }}" + run: | + owner=$(cut -d '/' -f 1 <<< "$GITHUB_REPOSITORY") + repo=$(cut -d '/' -f 2 <<< "$GITHUB_REPOSITORY") + cr package + cr upload --owner="$owner" --git-repo "$repo" --token="$CR_TOKEN" --release-name-template="v{{ .Version }}" --packages-with-index --push --skip-existing --generate-release-notes --commit main + cr index --owner="$owner" --git-repo "$repo" --token="$CR_TOKEN" --release-name-template="v{{ .Version }}" --packages-with-index --push --index-path="." - name: install helm uses: Azure/setup-helm@v4.2.0 From 0d25bac8208ced61c90834817f1bd32a9800ac27 Mon Sep 17 00:00:00 2001 From: wkbrd <30599409+wkbrd@users.noreply.github.com> Date: Mon, 6 Jan 2025 14:39:31 -0500 Subject: [PATCH 18/20] Add seccompProfile to pod security context (for Istio Pod Security Standard restricted support). Do not automount service account token. --- templates/deployment.yaml | 1 + templates/serviceaccount.yaml | 1 + values.yaml | 5 +++++ 3 files changed, 7 insertions(+) diff --git a/templates/deployment.yaml b/templates/deployment.yaml index dff79cb5..dbf86487 100644 --- a/templates/deployment.yaml +++ b/templates/deployment.yaml @@ -40,6 +40,7 @@ spec: {{- if or (eq .Values.serviceAccount.create true) (ne .Values.serviceAccount.name "") }} serviceAccountName: {{ .Values.serviceAccount.name | default (include "docker-registry.fullname" .) }} {{- end }} + automountServiceAccountToken: {{ .Values.automountServiceAccountToken }} {{- if .Values.imagePullSecrets }} imagePullSecrets: {{ toYaml .Values.imagePullSecrets | nindent 8 }} {{- end }} diff --git a/templates/serviceaccount.yaml b/templates/serviceaccount.yaml index 6cef434f..2fd20d83 100644 --- a/templates/serviceaccount.yaml +++ b/templates/serviceaccount.yaml @@ -1,6 +1,7 @@ {{- if .Values.serviceAccount.create -}} apiVersion: v1 kind: ServiceAccount +automountServiceAccountToken: {{ .Values.serviceAccount.automountServiceAccountToken }} metadata: labels: app: {{ template "docker-registry.name" . }} diff --git a/values.yaml b/values.yaml index 4bdab458..a3161df1 100644 --- a/values.yaml +++ b/values.yaml @@ -12,10 +12,13 @@ updateStrategy: {} podAnnotations: {} podLabels: {} +automountServiceAccountToken: false + serviceAccount: create: false name: "" annotations: {} + automountServiceAccountToken: false image: repository: registry @@ -177,6 +180,8 @@ securityContext: sysctls: [] supplementalGroups: [] fsGroup: 1000 + seccompProfile: + type: RuntimeDefault priorityClassName: "" From f1aa1e66a3475ac8da57d2dfc42a9e40c102146e Mon Sep 17 00:00:00 2001 From: wkbrd <30599409+wkbrd@users.noreply.github.com> Date: Mon, 6 Jan 2025 14:45:37 -0500 Subject: [PATCH 19/20] Unwind change --- .github/workflows/helm_release.yaml | 18 ------------------ 1 file changed, 18 deletions(-) diff --git a/.github/workflows/helm_release.yaml b/.github/workflows/helm_release.yaml index 57c86cda..d8d3a71d 100644 --- a/.github/workflows/helm_release.yaml +++ b/.github/workflows/helm_release.yaml @@ -1,8 +1,4 @@ name: Release Charts -env: - HELM_VERSION_TO_INSTALL: 3.14.0 - GCR_IMAGE: ghcr.io/${{ github.repository_owner }} - on: workflow_dispatch: @@ -10,7 +6,6 @@ jobs: release: permissions: contents: write - packages: write runs-on: ubuntu-latest steps: - name: Checkout @@ -37,16 +32,3 @@ jobs: cr package cr upload --owner="$owner" --git-repo "$repo" --token="$CR_TOKEN" --release-name-template="v{{ .Version }}" --packages-with-index --push --skip-existing --generate-release-notes --commit main cr index --owner="$owner" --git-repo "$repo" --token="$CR_TOKEN" --release-name-template="v{{ .Version }}" --packages-with-index --push --index-path="." - - - name: install helm - uses: Azure/setup-helm@v4.2.0 - with: - # Version of helm - version: ${{ env.HELM_VERSION_TO_INSTALL }} # default is latest - - - name: publish to oci registry - run: | - echo ${{ secrets.GITHUB_TOKEN }} | helm registry login ghcr.io --username ${{ github.repository_owner }} --password-stdin - helm package ${{ github.workspace }}/ - package=`ls -t docker-registry-*.tgz | head -n 1` - helm push "${package}" oci://${{ env.GCR_IMAGE }} From 9a5848f591ce7cb760c99f77e380c5d72f8cc369 Mon Sep 17 00:00:00 2001 From: wkbrd <30599409+wkbrd@users.noreply.github.com> Date: Mon, 6 Jan 2025 14:46:06 -0500 Subject: [PATCH 20/20] Unwind --- .github/workflows/helm_release.yaml | 1 + 1 file changed, 1 insertion(+) diff --git a/.github/workflows/helm_release.yaml b/.github/workflows/helm_release.yaml index d8d3a71d..4263e76d 100644 --- a/.github/workflows/helm_release.yaml +++ b/.github/workflows/helm_release.yaml @@ -1,4 +1,5 @@ name: Release Charts + on: workflow_dispatch: