chore: workflow for publishing secrets-vault chart (#22) #4

Summary
Jobs
- validate
- publish
Run details
- Usage
- Workflow file

Workflow file for this run

.github/workflows/secrets-vault-chart.yml at 9224090

	name: secrets-vault-chart

	env:
	HELM_VERSION: v3.14.0
	CHART_DIRS: secrets/secrets-vault/charts

	on:
	push:
	tags:
	- 'secrets-vault-chart-v[0-9].[0-9]+.[0-9]+'
	pull_request:
	paths:
	- 'secrets/secrets-vault/charts/**'
	- '.github/workflows/secrets-vault-chart.yml'

	jobs:
	validate:
	runs-on: ubuntu-22.04

	steps:
	- uses: actions/checkout@v4
	with:
	fetch-depth: 0

	- name: Fetch main branch for chart-testing
	run: \|
	git fetch origin main:main

	- name: Set up Helm
	uses: azure/setup-helm@v4
	with:
	version: ${{ env.HELM_VERSION }}

	# Used by helm chart-testing below
	- name: Set up Python
	uses: actions/setup-python@v5.3.0
	with:
	python-version: '3.12.7'

	- name: Set up chart-testing
	uses: helm/chart-testing-action@v2.6.1
	with:
	version: v3.11.0
	yamllint_version: 1.35.1
	yamale_version: 5.0.0

	- name: Install wash
	uses: taiki-e/install-action@v2
	with:
	tool: wash-cli@0.36.1

	- name: Run chart-testing (lint)
	run: \|
	ct lint --config ${{ env.CHART_DIRS }}/secrets-vault/ci/ct.yaml --chart-dirs ${{ env.CHART_DIRS }}

	- name: Create kind cluster
	uses: helm/kind-action@v1.10.0
	with:
	version: "v0.22.0"

	- name: Install nats in the test cluster
	run: \|
	helm repo add nats https://nats-io.github.io/k8s/helm/charts/
	helm repo update
	helm install nats nats/nats -f ${{ env.CHART_DIRS }}/secrets-vault/ci/nats.yaml

	- name: Generate nkey seed
	run: \|
	export "NKEY_SEED=$(wash key gen account -o json \| jq -Mr .seed \| tr -d '\n')" >> ${GITHUB_ENV}

	- name: Generate xkey seed
	run: \|
	export "XKEY_SEED=$(wash key gen curve -o json \| jq -Mr .seed \| tr -d '\n')" >> ${GITHUB_ENV}

	- name: Run chart-testing install / same namespace
	run: \|
	ct install --config ${{ env.CHART_DIRS }}/secrets-vault/ci/ct.yaml --helm-extra-set-args "--set=config.nats.address=nats-headless.default:4222 --set=config.jwks_address=127.0.0.1:3000 --set=config.nkey_seed=${{ env.NKEY_SEED }} --set=config.xkey_seed=${{ env.XKEY_SEED }} --set=config.vault.address=localhost:8222 --set=config.vault.auth_method_path=jwt --set=config.vault.defaultSecretEnginePath=secret"

	publish:
	if: ${{ startsWith(github.ref, 'refs/tags/secrets-vault-chart-v') }}
	runs-on: ubuntu-22.04
	needs: validate
	permissions:
	packages: write

	steps:
	- uses: actions/checkout@v4

	- name: Set up Helm
	uses: azure/setup-helm@v4
	with:
	version: ${{ env.HELM_VERSION }}

	- name: Package
	run: \|
	helm package ${{ env.CHART_DIRS }}/secrets-vault -d .helm-charts

	- name: Login to GHCR
	uses: docker/login-action@v3
	with:
	registry: ghcr.io
	username: ${{ github.repository_owner }}
	password: ${{ secrets.GITHUB_TOKEN }}

	- name: Lowercase the organization name for ghcr.io
	run: \|
	echo "GHCR_REPO_NAMESPACE=${GITHUB_REPOSITORY_OWNER,,}" >>${GITHUB_ENV}

	- name: Publish
	run: \|
	for chart in .helm-charts/*; do
	if [ -z "${chart:-}" ]; then
	break
	fi
	helm push "${chart}" "oci://ghcr.io/${{ env.GHCR_REPO_NAMESPACE }}/charts"
	done

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

chore: workflow for publishing secrets-vault chart (#22) #4

Workflow file

chore: workflow for publishing secrets-vault chart (#22) #4

Jobs

Run details

Workflow file for this run