Merge pull request #55 from sunnyyip/guac-0-8-1 #36
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| name: Release Charts | |
| on: | |
| # run release job when changes are pushed to main | |
| # chart-releaser will only cut release when changes are detected | |
| # hence a tag push will not trigger chart release | |
| push: | |
| branches: | |
| - main | |
| permissions: # added using https://github.com/step-security/secure-repo | |
| contents: read | |
| jobs: | |
| release: | |
| runs-on: ubuntu-latest | |
| permissions: | |
| contents: write | |
| packages: write | |
| steps: | |
| - name: Harden Runner | |
| uses: step-security/harden-runner@1f99358870fe1c846a3ccba386cc2b2246836776 # v2.2.1 | |
| with: | |
| egress-policy: audit # TODO: change to 'egress-policy: block' after couple of runs | |
| - name: Checkout | |
| uses: actions/checkout@24cb9080177205b6e8c946b17badbe402adc938f # v3.4.0 | |
| with: | |
| fetch-depth: 0 | |
| - name: Configure Git | |
| run: | | |
| git config user.name "$GITHUB_ACTOR" | |
| git config user.email "$GITHUB_ACTOR@users.noreply.github.com" | |
| - name: Install Helm | |
| uses: azure/setup-helm@5119fcb9089d432beecbf79bb2c7915207344b78 # v3.5 | |
| with: | |
| version: 'v3.11.2' | |
| - name: Add Helm repos | |
| run: | | |
| helm repo add neo4j https://helm.neo4j.com/neo4j | |
| helm repo add nats https://nats-io.github.io/k8s/helm/charts | |
| helm repo add minio https://charts.min.io/ | |
| - name: Set up GPG Keys | |
| run: | | |
| cat <(echo -e "${{ secrets.GPG_KEYRING_BASE64 }}") | base64 -d | gpg --import --batch | |
| gpg --export-secret-keys > /home/runner/.gnupg/keyring.gpg | |
| - name: Run chart-releaser | |
| uses: helm/chart-releaser-action@be16258da8010256c6e82849661221415f031968 # v1.5.0 | |
| env: | |
| CR_TOKEN: "${{ secrets.GITHUB_TOKEN }}" | |
| CR_SIGN: "true" | |
| # GPG_KEY_NAME is set at key creation time and is used to identify the key in the keyring here | |
| CR_KEY: "${{ secrets.GPG_KEY_NAME }}" | |
| CR_KEYRING: "/home/runner/.gnupg/keyring.gpg" |