chore(release): Camunda Platform Helm Chart 8.2.31, 8.3.16, 9.3.9, 10… #386

Workflow file for this run

.github/workflows/chart-release-snapshot.yaml at bd65add

	# TODO: Convert this workflow to a template and use it for both snapshot and actual releases.
	name: "Chart - Release - Snapshot"

	on:
	push:
	branches:
	- main
	paths:
	- .github/workflows/chart-release-snapshot.yaml
	- charts/camunda-platform-latest/**
	- charts/camunda-platform-alpha/**

	jobs:
	clean:
	name: Clean old artifacts digest
	permissions:
	packages: write
	runs-on: ubuntu-latest
	defaults:
	run:
	shell: bash
	working-directory: /tmp
	steps:
	- name: Delete old artifacts
	env:
	GH_TOKEN: ${{ secrets.GITHUB_TOKEN }}
	run: \|
	# Get IDs of the untagged artifacts (the sha256 digest).
	artifacts_ids_to_delete="$(
	gh api -H 'Accept: application/vnd.github+json' -H 'X-GitHub-Api-Version: 2022-11-28' \
	'/orgs/camunda/packages/container/helm%2Fcamunda-platform/versions?per_page=100' \|
	jq '.[] \| select(.metadata.container.tags \| length == 0)' \| jq '.id'
	)"
	# Early exit if no artifacts to delete.
	test -z "${artifacts_ids_to_delete}" && {
	echo "No old untagged artifacts to delete ...";
	exit 0;
	}
	# Delete the untagged artifacts.
	echo -e "Deleting the old untagged artifacts IDs:\n${artifacts_ids_to_delete}"
	for container_id in ${artifacts_ids_to_delete}; do
	gh api --method DELETE -H "Accept: application/vnd.github+json" -H "X-GitHub-Api-Version: 2022-11-28" \
	"/orgs/camunda/packages/container/helm%2Fcamunda-platform/versions/${container_id}"
	done

	release:
	needs: clean
	name: ${{ matrix.chart.name }}
	permissions:
	packages: write
	id-token: write
	runs-on: ubuntu-latest
	strategy:
	fail-fast: false
	matrix:
	chart:
	- name: Helm Chart Latest rolling
	directory: charts/camunda-platform-latest
	versionSuffix: snapshot-latest
	- name: Helm Chart Alpha rolling
	directory: charts/camunda-platform-alpha
	versionSuffix: snapshot-alpha
	- name: Helm Chart Alpha versioned
	directory: charts/camunda-platform-alpha
	versionSuffix: ""
	defaults:
	run:
	shell: bash
	working-directory: ${{ matrix.chart.directory }}
	#
	# Vars.
	env:
	REPOSITORY_NAME: "camunda/helm"
	CHART_NAME: "camunda-platform"
	steps:
	- name: Checkout
	uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332 # v4
	with:
	fetch-depth: 0
	- name: Set vars
	run: \|
	# NOTE: Helm CLI only accepts SemVer so we need to use something like "0.0.0-snapshot-latest".
	CHART_VERSION_SUFFIX="${{ matrix.chart.versionSuffix }}"
	CHART_VERSION_SUFFIX_DEFAULT="$(yq '.version' Chart.yaml)"
	echo "CHART_VERSION=0.0.0-${CHART_VERSION_SUFFIX:-${CHART_VERSION_SUFFIX_DEFAULT}}" \| tee -a $GITHUB_ENV
	#
	# Changelog.
	- name: Generate snapshot changelog
	run: \|
	export SNAPSHOT_DESCRIPTION="Check chart dir for more details: https://github.com/camunda/camunda-platform-helm/tree/main/charts/${{ matrix.chart.directory }}"
	yq -i '.description \|= strenv(SNAPSHOT_DESCRIPTION)' Chart.yaml
	#
	# Package.
	- name: Install Helm CLI
	uses: asdf-vm/actions/install@05e0d2ed97b598bfce82fd30daf324ae0c4570e6 # v3
	- name: Print Helm CLI version
	run: helm version
	- name: Package and push Helm chart
	env:
	HELM_EXPERIMENTAL_OCI: 1
	run: \|
	echo ${{ secrets.GITHUB_TOKEN }} \| helm registry login -u ${{ github.actor }} --password-stdin ghcr.io
	helm dependency update
	helm package --version ${{ env.CHART_VERSION }} .
	helm push ${{ env.CHART_NAME }}-${{ env.CHART_VERSION }}.tgz oci://ghcr.io/${{ env.REPOSITORY_NAME }}
	helm registry logout ghcr.io
	#
	# Security signature.
	- name: Install Cosign CLI
	uses: sigstore/cosign-installer@4959ce089c160fddf62f7b42464195ba1a56d382 # v3.6.0
	- name: Sign Helm chart with Cosign
	run: \|
	cosign sign-blob -y ${{ env.CHART_NAME }}-${{ env.CHART_VERSION }}.tgz \
	--bundle ${{ env.CHART_NAME }}-${{ env.CHART_VERSION }}.cosign.bundle
	- name: Verify signed Helm chart with Cosign
	run: \|
	cosign verify-blob ${{ env.CHART_NAME }}-${{ env.CHART_VERSION }}.tgz \
	--bundle ${{ env.CHART_NAME }}-${{ env.CHART_VERSION }}.cosign.bundle \
	--certificate-identity "https://github.com/${GITHUB_WORKFLOW_REF}" \
	--certificate-oidc-issuer "https://token.actions.githubusercontent.com"
	- name: Login to GitHub Container Registry
	uses: docker/login-action@9780b0c442fbb1117ed29e0efdff1e18412f7567 # v3
	with:
	registry: ghcr.io
	username: ${{ github.actor }}
	password: ${{ secrets.GITHUB_TOKEN }}
	- name: Install ORAS CLI
	uses: oras-project/setup-oras@ca28077386065e263c03428f4ae0c09024817c93 # v1
	- name: Upload Helm chart Cosign bundle
	run: \|
	oras push ghcr.io/${{ env.REPOSITORY_NAME }}/${{ env.CHART_NAME }}:${{ env.CHART_VERSION }}.cosign.bundle \
	${{ env.CHART_NAME }}-${{ env.CHART_VERSION }}.cosign.bundle:text/plain

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

chore(release): Camunda Platform Helm Chart 8.2.31, 8.3.16, 9.3.9, 10… #386

Workflow file

chore(release): Camunda Platform Helm Chart 8.2.31, 8.3.16, 9.3.9, 10… #386

Jobs

Run details

Workflow file for this run