Skip to content

Commit

Permalink
Add support for chart signature (#650)
Browse files Browse the repository at this point in the history 
Signed-off-by: Brenno Oliveira <[email protected]>
  • Loading branch information
@brennoo
brennoo authored Jan 7, 2025
1 parent 6b5166a commit 400b348
Show file tree
Hide file tree
Showing 3 changed files with 79 additions and 5 deletions.
30 changes: 25 additions & 5 deletions .github/workflows/helm-publish.yaml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -3,7 +3,7 @@ name: Helm Publish
on:
push:
branches:
- master
- master
paths:
- 'stable/**'
workflow_dispatch:
Expand All @@ -25,7 +25,18 @@ jobs:
- name: Install Helm
uses: azure/setup-helm@v4
with:
version: v3.12.3 # Lock version for now, helm v3.13.0 contains bugs related to oci that will be fixed in v3.13.1. https://github.com/helm/helm/issues/12423
version: v3.16.4
- name: Import GPG key
id: import_gpg
uses: crazy-max/ghaction-import-gpg@v6
with:
gpg_private_key: ${{ secrets.GPG_PRIVATE_KEY }}
passphrase: ${{ secrets.GPG_PASSPHRASE }}
- name: Save GPG passphrase
run: |
cat << EOF > passphrase.txt
${{ secrets.GPG_PASSPHRASE }}
EOF
- name: Package Helm Charts
shell: bash
run: |
Expand All @@ -36,8 +47,9 @@ jobs:
continue
fi
echo "$d"
helm package "$d" -u
helm package --sign "$d" -u --key ${{ steps.import_gpg.outputs.name }} --passphrase-file passphrase.txt
done
rm passphrase.txt
echo "Packing done"
- name: Login to GitHub Container Registry
shell: bash
Expand All @@ -51,6 +63,14 @@ jobs:
echo "$f"
helm push $f oci://${REGISTRY,,}
done
- name: Upload the Chart to Rekor
shell: bash
run: |
helm plugin install https://github.com/sigstore/helm-sigstore
for f in *.tgz ; do
echo "$f"
helm sigstore upload "$d"
done
- name: Generate Helm repo index.yaml
shell: bash
run: helm repo index . --merge index.yaml
Expand All @@ -62,10 +82,10 @@ jobs:
id: cpr
uses: peter-evans/create-pull-request@v7
with:
commit-message: "$GITHUB_ACTION is updating index.yaml for $GITHUB_REF"
commit-message: "Updating index.yaml for ${{ github.ref }}"
branch: update-index
delete-branch: true
title: "[stable/index] Updating index.yaml for $GITHUB_REF"
title: "[stable/index] Updating index.yaml for ${{ github.ref }}"
add-paths: |
index.yaml
labels: |
Expand Down
2 changes: 2 additions & 0 deletions .gitignore
View file
Original file line number Diff line number Diff line change
Expand Up @@ -18,3 +18,5 @@ __pycache__
.vscode/

*.tgz
*.prov
passphrase.txt
52 changes: 52 additions & 0 deletions public_key.asc
View file
Original file line number Diff line number Diff line change
@@ -0,0 +1,52 @@
-----BEGIN PGP PUBLIC KEY BLOCK-----

mQINBGd79twBEADHi/ZnreApKrtBDKXVEvzpy1AbEqkczRVMDOB2x+nNmnKRYuIT
WIKM6P7J43mfaJ0ym4e6o6YJxgsGZmMJhYs1j7e3QNNiJfPEmIX8emDK/PJY1VD/
oq7xSxpgofOzvacIVYU0pvZizzzTYRZ0dLDAvXJdMWHsATvOKQ0njKVBGXUTiLv2
b5uPoATyA/KLHhMakZP1Liz9TZrTWagaosoauf8LBN+Xe3VHwVMBKsOYo0sBj+5t
8QyZe8i/KH6uv+7Cg0xBtM7Wp+lKmhzzQ6idHbhdEd1nRzal+lIyOc0lCZtkEV3Q
TNnn9KGvU63/btd3O1u1Pu6C0RAcqjh89GMWbj+vF7uCR/C5oYW5c33VwsCGVqdY
guHzOS8Dzw1hapQYkBWQfloy1X0Pqq2RPHAG/Ix6rQrJgpc9D9Rw4WwQLHDvTtsc
rX5GygZZgWPZhV8LOZbtepN3s0pYnBHzGRKhg08lWZn3hJatU/07Rc5CLdvxuvu3
sMkq4FyjX8R1n4Nj3zlovn3UfgnCEeP7K3SlYvBRBMfpBDqBCaWkqF+kLTUSz8FS
FAMDEhHGq9aFhC713wtIjAwmwnwnoaLsFilh1uIZkvbCBYPxg/kzJ0uy33XzeIZF
+xOAeBzj+Dj81a/3rnRs3XAZLr/rfFAwTuck3Wq633Ah9xfjcPNv1gV20wARAQAB
tDdEZWxpdmVyeSBIZXJvIC0gaGVsbS1jaGFydHMgPG5vLXJlcGx5QGRlbGl2ZXJ5
aGVyby5jb20+iQJRBBMBCAA7FiEExMKqdjWtwCgsN9HKQ//HBMtFhacFAmd79twC
GwMFCwkIBwICIgIGFQoJCAsCBBYCAwECHgcCF4AACgkQQ//HBMtFhaccjg/9HLDh
GKtuPnp7gGt2UNfZnjl8pze46azSjnee0pHgzO7Bcr/7n+rAP4XqREQINlYj5QXW
lOOknMEgnBBes9V3tgZdvqMfhUW98qGw0PcSKJLZ15bna0VeBEMYS+jx4cWqS0ps
YuELjDFfdPMxnWHh9g8aZfOd1otUKHJLi0KOWaM8+OJp7P9eG8SXvVUIn61MHmne
3xET6m56Euka8iE4/sxWgxmHfakkSiy4osGNnvLBIIsrhwTvcY5XZJvKwT+8KroF
FH96cCA16EiAVWYY1IDUt5rOlFzBB+SBMBLcIoTnEpIq9eki10vdALiHkQ3nyEGO
stR9scLg05gtDzHHfbjgIfW4Rvxj6bn64enajyfmazqmfavUauFJTfajyFIt/DYB
oLU0+lN0q2SLD9T8VFlSrle9Fp5iTJheyvLIGshht6su4kI+jsYR267qOcABmFWJ
lMEmnC3gKvqb7jScZLUtHKYbcRihqKLcRv63OkdJSSYCh/Q7qYx2Rj26c42x9r/e
XkC385j9Hqeh6t4QQ49E0wCntiamA22szn3q3xAToK3pfODDujlPBGqW6gdgmEkZ
zX2vCj/8XuCduqarKrYFaRgPTZMG/zGv+1rdkhRyqdd9YmZD4XY+Exq3EgW7LYFM
nosYMz1yGe5y/sir3OmIxHyp/leq26tSW6IlrSO5Ag0EZ3v23AEQAM/fEhUX/xNz
Sxm8+Cyhu+YXFu6kaO8qqnBsx6a89qVpZSQ97EAYXeLVn7E7/qSs6IXG9wviZKk8
B+w4apQiz411nZA8fXMbi+ZgzKUdzSzoGsWBbwJX4rLAfpQ5pZZMmsmP7yDsI2tw
xaE0kAtO63mLH8Q6othIlZerSBFk5bwTqgEAouUXWCaCMy/mthQSwxRZbk0GrSJl
VCODesrv+lAKJKbn9OJB6ZfbBPYFhBWP8822KMp+9Q38p3aAADbIT8gUw5Vu9Yj0
gMPCwfka9K6fMIB/6vjNhkOVcTfkArm0+150rwn/to5DoVc6ERXYvafzvG7Lb5sZ
qMeMI7oQZufLb+r5g7io9gdtW1d0BbbYil+T3lRzxrIcTsOrIVLMJ+/6pu9XLLaT
v3IRXVE7FIfTb+SBFZCsSjlWAlXsmIyvDRU6TmsP+q+Yii1/NKCMfV7RKoYjDL/E
dKw5WK7uYqa28jm9Pgda57qjsJNgVI2oCHQO2inlzmb/4y14b7j0+YwsT7mrmwpl
zFlfsn+KmssWlEStXGcAvpp3oMTAZ6dX5nDIHhQ+Q5KBuXNdoJt4jfxLHuqLejlV
CGVcjH7HluECpLdoZixh4TEgmaOuLzF8Kq/O2u9NdnmCsuF3ZguJOoHcRpvA6dEY
xZ9VFaP/tvUrlT8OssC7O/AIbUuww7n3ABEBAAGJAjYEGAEIACAWIQTEwqp2Na3A
KCw30cpD/8cEy0WFpwUCZ3v23AIbDAAKCRBD/8cEy0WFp8NmD/9+EBI1kFxYbfCN
7Ly4bw8eTqJ5h18pNwKtshgKJ6dOHB1hRmokW0CYP0VK20pYYioMVg442ijf7V/S
unPLUAz9SwOjSOrT7mA0Ctc5hZ7QIvh4fMQOdfJ8oy2Jfu/LOkYqULwmJzPIe8/r
aDqB5vU98A7wesikFbsnW3jHJAq4MUtuZWMSQL2V5JhY2LLBi3Pwf4VLgqmjNJ7C
OG2tOsR78jm5DEMAyO3Rw3ofA8DvVwBVI1mZ/mpTx6qmx3olgpHqWZ6y5n59KjGZ
oapuk+jD+z86zjeXH19VfSAf+FW+dl3JMIOnS1Hv5t78Se3rM4PQqZ0BPr30sa//
PulD6JpyO243DiDf6mRywl7bK6KvvzQytRNy3JGtu10W8ByMFVyNAM2tzQ5xN61R
//grNHAPMBwnWIB9uYFrUPAu6tq4GpZWSCq9QAf8ARd8RMS5loIH8EIohaN6qNOe
E2Rj0Z5g8lQqADecmpPMHc+NcwplZS93xC+tDMLWpPoIUdARPJbWqAg09W1jU+Go
9ECt2NTiu8/W0lY4NPP7/zYxSJmCJWKh7unNL+viGA36X2qFqc2cD1a3dRLjoK0t
I/INkOXVJgVtRP/JeToYj6Rt8JDv2mAJhOcULHpQV4cP7xu/K7XeRMs8/M9FA/gM
Aiyx8oFY5Bk6GxHW/GlRAewM4C+GSQ==
=rux+
-----END PGP PUBLIC KEY BLOCK-----

0 comments on commit 400b348

Please sign in to comment.