ci: always release chart (#197) #14

Workflow file for this run

.github/workflows/release.yaml at 6e5f853

	name: release
	on:
	push:
	tags:
	- 'v*'

	permissions: {}

	jobs:
	release:
	runs-on: ubuntu-latest
	permissions:
	contents: write # needed to write releases
	id-token: write # needed for keyless signing
	packages: write # needed for ghcr access
	steps:
	- name: Harden Runner
	uses: step-security/harden-runner@55d479fb1c5bcad5a4f9099a5d9f37c8857b2845 # v2.4.1
	with:
	egress-policy: audit

	- name: Checkout code
	uses: actions/checkout@c85c95e3d7251135ab7dc9ce3241c5835cc595a9 # v3
	with:
	fetch-depth: 0
	- uses: actions/setup-go@4d34df0c2316fe8122ab82dc22947d607c0c91f9 # v4.0.0
	with:
	go-version: 1.20.5
	- name: Docker Login
	uses: docker/login-action@465a07811f14bebb1938fbed4728c6a1ff8901fc # v2.2.0
	with:
	registry: ghcr.io
	username: ${{ github.actor }}
	password: ${{ secrets.GITHUB_TOKEN }}
	- name: Setup Cosign
	uses: sigstore/cosign-installer@6e04d228eb30da1757ee4e1dd75a0ec73a653e06 # v3.1.1
	- uses: anchore/sbom-action/download-syft@78fc58e266e87a38d4194b2137a3d4e9bcaf7ca1 # v0.14.3
	- name: Create release and SBOM
	if: startsWith(github.ref, 'refs/tags/v')
	uses: goreleaser/goreleaser-action@336e29918d653399e599bfca99fadc1d7ffbc9f7 # v4.3.0
	with:
	version: latest
	args: release --rm-dist --skip-validate
	env:
	GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}

	release-chart:
	runs-on: ubuntu-latest
	needs:
	- release
	permissions:
	packages: write # Needed to publish chart to ghcr.io
	id-token: write # Needed for keyless signing
	steps:
	- name: Harden Runner
	uses: step-security/harden-runner@55d479fb1c5bcad5a4f9099a5d9f37c8857b2845 # v2.4.1
	with:
	egress-policy: audit

	- name: Checkout
	uses: actions/checkout@c85c95e3d7251135ab7dc9ce3241c5835cc595a9 # v3
	with:
	fetch-depth: 0

	- name: Install Helm
	uses: azure/setup-helm@5119fcb9089d432beecbf79bb2c7915207344b78 #v3.5

	- name: Setup Cosign
	uses: sigstore/cosign-installer@6e04d228eb30da1757ee4e1dd75a0ec73a653e06 # v3.1.1

	- name: Login to Github Container Registry using helm
	run: echo ${{ secrets.GITHUB_TOKEN }} \| helm registry login ghcr.io --username ${{ github.actor }} --password-stdin

	- name: Package helm charts
	run: \|
	packVersion=$(echo "${{ github.ref_name }}" \| sed 's/^v//g')
	helm package chart/mongodb-query-exporter -d chart --version=$packVersion --app-version=${{ github.ref_name }}

	- name: Publish helm charts to Github Container Registry
	run: \|
	repository=$(echo "${{ github.repository_owner }}" \| tr [:upper:] [:lower:])
	helm push ${{ github.workspace }}/chart/mongodb-query-exporter-*.tgz oci://ghcr.io/$repository/charts \|& tee .digest
	cosign login --username ${GITHUB_ACTOR} --password ${{ secrets.GITHUB_TOKEN }} ghcr.io
	cosign sign --yes ghcr.io/${{ github.repository_owner }}/charts/mongodb-query-exporter@$(cat .digest \| awk -F "[, ]+" '/Digest/{print $NF}')

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

ci: always release chart (#197) #14

Workflow file

ci: always release chart (#197) #14

Jobs

Run details

Workflow file for this run