diff --git a/.github/workflows/helm.yml b/.github/workflows/helm.yml index 62d19158a..9c58f2b15 100644 --- a/.github/workflows/helm.yml +++ b/.github/workflows/helm.yml @@ -44,10 +44,10 @@ jobs: chart=$(basename "$chart_path") # get current version current_version=$(grep '^version:' "$chart_path/Chart.yaml" | awk '{print $2}') - # get current release version - oras discover ghcr.io/${GITHUB_REPOSITORY@L}/${chart}${CHART_SUFFIX}:${current_version} + # get released tag + released_tags=$(oras repo tags ghcr.io/${GITHUB_REPOSITORY@L}/${chart}${CHART_SUFFIX}) - if [ $? -ne 0 ]; then + if ! echo "$released_tags" | grep -qE "^${current_version}$"; then helm dependency build "$chart_path" helm package "$chart_path" --destination ./.cr-release-packages else @@ -89,6 +89,12 @@ jobs: with: fetch-depth: 0 + - name: Install helm + uses: azure/setup-helm@v4 + + - name: Install Oras + uses: oras-project/setup-oras@v1 + - name: Install Cosign uses: sigstore/cosign-installer@v3 @@ -98,15 +104,22 @@ jobs: name: artifacts path: .cr-release-packages/ + - name: Login to GitHub Container Registry + uses: docker/login-action@v3 + with: + registry: ghcr.io + username: ${{ github.actor }} + password: ${{ secrets.GITHUB_TOKEN }} + - name: Push charts to GHCR env: COSIGN_YES: true run: | for chart_path in `find .cr-release-packages -name '*.tgz' -print`; do - # push chart to OCI - helm push ${chart_path} oci://ghcr.io/${GITHUB_REPOSITORY@L} |& tee helm-push-output.log + # push chart to OCI chart_release_file=$(basename "$chart_path") chart=${chart_release_file%-*} + helm push ${chart_path} oci://ghcr.io/${GITHUB_REPOSITORY@L} |& tee helm-push-output.log chart_digest=$(awk -F "[, ]+" '/Digest/{print $NF}' < helm-push-output.log) # sign chart cosign sign "ghcr.io/${GITHUB_REPOSITORY@L}/${chart}${CHART_SUFFIX}@${chart_digest}"