deliveryhero · brennoo · Jan 7, 2025 · Jan 6, 2025 · max-rocket-internet · Jan 7, 2025
@@ -3,7 +3,7 @@ name: Helm Publish
 on:
   push:
     branches:
-    - master
+      - master
     paths:
       - 'stable/**'
   workflow_dispatch:
@@ -25,7 +25,18 @@ jobs:
       - name: Install Helm
         uses: azure/setup-helm@v4
         with:
-          version: v3.12.3 # Lock version for now, helm v3.13.0 contains bugs related to oci that will be fixed in v3.13.1. https://github.com/helm/helm/issues/12423
+          version: v3.16.4
+     - name: Import GPG key
+        id: import_gpg
+        uses: crazy-max/ghaction-import-gpg@v6
+        with:
+          gpg_private_key: ${{ secrets.GPG_PRIVATE_KEY }}
+          passphrase: ${{ secrets.GPG_PASSPHRASE }}
+     -  name: Save GPG passphrase
+        run: |
+          cat << EOF > passphrase.txt
+          ${{ secrets.GPG_PASSPHRASE }}
+          EOF
       - name: Package Helm Charts
         shell: bash
         run: |
@@ -36,8 +47,9 @@ jobs:
                   continue
               fi
               echo "$d"
-              helm package "$d" -u
+              helm package --sign "$d" -u --key ${{ steps.import_gpg.outputs.name }} --passphrase-file passphrase.txt
           done
+          rm passphrase.txt
           echo "Packing done"
       - name: Login to GitHub Container Registry
         shell: bash
@@ -51,6 +63,14 @@ jobs:
               echo "$f"
               helm push $f oci://${REGISTRY,,}
           done
+      - name: Upload the Chart to Rekor
+        shell: bash
+        run: |
+          helm plugin install https://github.com/sigstore/helm-sigstore
+          for f in *.tgz ; do
+              echo "$f"
+              helm sigstore upload "$d"
+          done
       - name: Generate Helm repo index.yaml
         shell: bash
         run: helm repo index . --merge index.yaml
@@ -62,10 +82,10 @@ jobs:
         id: cpr
         uses: peter-evans/create-pull-request@v7
         with:
-          commit-message: "$GITHUB_ACTION is updating index.yaml for $GITHUB_REF"
+          commit-message: "Updating index.yaml for ${{ github.ref }}"
           branch: update-index
           delete-branch: true
-          title: "[stable/index] Updating index.yaml for $GITHUB_REF"
+          title: "[stable/index] Updating index.yaml for ${{ github.ref }}"
           add-paths: |
             index.yaml
           labels: |

@@ -18,3 +18,5 @@ __pycache__
 .vscode/
 
 *.tgz
+*.prov
+passphrase.txt
@@ -0,0 +1,52 @@
+-----BEGIN PGP PUBLIC KEY BLOCK-----
+
+mQINBGd79twBEADHi/ZnreApKrtBDKXVEvzpy1AbEqkczRVMDOB2x+nNmnKRYuIT
+WIKM6P7J43mfaJ0ym4e6o6YJxgsGZmMJhYs1j7e3QNNiJfPEmIX8emDK/PJY1VD/
+oq7xSxpgofOzvacIVYU0pvZizzzTYRZ0dLDAvXJdMWHsATvOKQ0njKVBGXUTiLv2
+b5uPoATyA/KLHhMakZP1Liz9TZrTWagaosoauf8LBN+Xe3VHwVMBKsOYo0sBj+5t
+8QyZe8i/KH6uv+7Cg0xBtM7Wp+lKmhzzQ6idHbhdEd1nRzal+lIyOc0lCZtkEV3Q
+TNnn9KGvU63/btd3O1u1Pu6C0RAcqjh89GMWbj+vF7uCR/C5oYW5c33VwsCGVqdY
+guHzOS8Dzw1hapQYkBWQfloy1X0Pqq2RPHAG/Ix6rQrJgpc9D9Rw4WwQLHDvTtsc
+rX5GygZZgWPZhV8LOZbtepN3s0pYnBHzGRKhg08lWZn3hJatU/07Rc5CLdvxuvu3
+sMkq4FyjX8R1n4Nj3zlovn3UfgnCEeP7K3SlYvBRBMfpBDqBCaWkqF+kLTUSz8FS
+FAMDEhHGq9aFhC713wtIjAwmwnwnoaLsFilh1uIZkvbCBYPxg/kzJ0uy33XzeIZF
++xOAeBzj+Dj81a/3rnRs3XAZLr/rfFAwTuck3Wq633Ah9xfjcPNv1gV20wARAQAB
+tDdEZWxpdmVyeSBIZXJvIC0gaGVsbS1jaGFydHMgPG5vLXJlcGx5QGRlbGl2ZXJ5
+aGVyby5jb20+iQJRBBMBCAA7FiEExMKqdjWtwCgsN9HKQ//HBMtFhacFAmd79twC
+GwMFCwkIBwICIgIGFQoJCAsCBBYCAwECHgcCF4AACgkQQ//HBMtFhaccjg/9HLDh
+GKtuPnp7gGt2UNfZnjl8pze46azSjnee0pHgzO7Bcr/7n+rAP4XqREQINlYj5QXW
+lOOknMEgnBBes9V3tgZdvqMfhUW98qGw0PcSKJLZ15bna0VeBEMYS+jx4cWqS0ps
+YuELjDFfdPMxnWHh9g8aZfOd1otUKHJLi0KOWaM8+OJp7P9eG8SXvVUIn61MHmne
+3xET6m56Euka8iE4/sxWgxmHfakkSiy4osGNnvLBIIsrhwTvcY5XZJvKwT+8KroF
+FH96cCA16EiAVWYY1IDUt5rOlFzBB+SBMBLcIoTnEpIq9eki10vdALiHkQ3nyEGO
+stR9scLg05gtDzHHfbjgIfW4Rvxj6bn64enajyfmazqmfavUauFJTfajyFIt/DYB
+oLU0+lN0q2SLD9T8VFlSrle9Fp5iTJheyvLIGshht6su4kI+jsYR267qOcABmFWJ
+lMEmnC3gKvqb7jScZLUtHKYbcRihqKLcRv63OkdJSSYCh/Q7qYx2Rj26c42x9r/e
+XkC385j9Hqeh6t4QQ49E0wCntiamA22szn3q3xAToK3pfODDujlPBGqW6gdgmEkZ
+zX2vCj/8XuCduqarKrYFaRgPTZMG/zGv+1rdkhRyqdd9YmZD4XY+Exq3EgW7LYFM
+nosYMz1yGe5y/sir3OmIxHyp/leq26tSW6IlrSO5Ag0EZ3v23AEQAM/fEhUX/xNz
+Sxm8+Cyhu+YXFu6kaO8qqnBsx6a89qVpZSQ97EAYXeLVn7E7/qSs6IXG9wviZKk8
+B+w4apQiz411nZA8fXMbi+ZgzKUdzSzoGsWBbwJX4rLAfpQ5pZZMmsmP7yDsI2tw
+xaE0kAtO63mLH8Q6othIlZerSBFk5bwTqgEAouUXWCaCMy/mthQSwxRZbk0GrSJl
+VCODesrv+lAKJKbn9OJB6ZfbBPYFhBWP8822KMp+9Q38p3aAADbIT8gUw5Vu9Yj0
+gMPCwfka9K6fMIB/6vjNhkOVcTfkArm0+150rwn/to5DoVc6ERXYvafzvG7Lb5sZ
+qMeMI7oQZufLb+r5g7io9gdtW1d0BbbYil+T3lRzxrIcTsOrIVLMJ+/6pu9XLLaT
+v3IRXVE7FIfTb+SBFZCsSjlWAlXsmIyvDRU6TmsP+q+Yii1/NKCMfV7RKoYjDL/E
+dKw5WK7uYqa28jm9Pgda57qjsJNgVI2oCHQO2inlzmb/4y14b7j0+YwsT7mrmwpl
+zFlfsn+KmssWlEStXGcAvpp3oMTAZ6dX5nDIHhQ+Q5KBuXNdoJt4jfxLHuqLejlV
+CGVcjH7HluECpLdoZixh4TEgmaOuLzF8Kq/O2u9NdnmCsuF3ZguJOoHcRpvA6dEY
+xZ9VFaP/tvUrlT8OssC7O/AIbUuww7n3ABEBAAGJAjYEGAEIACAWIQTEwqp2Na3A
+KCw30cpD/8cEy0WFpwUCZ3v23AIbDAAKCRBD/8cEy0WFp8NmD/9+EBI1kFxYbfCN
+7Ly4bw8eTqJ5h18pNwKtshgKJ6dOHB1hRmokW0CYP0VK20pYYioMVg442ijf7V/S
+unPLUAz9SwOjSOrT7mA0Ctc5hZ7QIvh4fMQOdfJ8oy2Jfu/LOkYqULwmJzPIe8/r
+aDqB5vU98A7wesikFbsnW3jHJAq4MUtuZWMSQL2V5JhY2LLBi3Pwf4VLgqmjNJ7C
+OG2tOsR78jm5DEMAyO3Rw3ofA8DvVwBVI1mZ/mpTx6qmx3olgpHqWZ6y5n59KjGZ
+oapuk+jD+z86zjeXH19VfSAf+FW+dl3JMIOnS1Hv5t78Se3rM4PQqZ0BPr30sa//
+PulD6JpyO243DiDf6mRywl7bK6KvvzQytRNy3JGtu10W8ByMFVyNAM2tzQ5xN61R
+//grNHAPMBwnWIB9uYFrUPAu6tq4GpZWSCq9QAf8ARd8RMS5loIH8EIohaN6qNOe
+E2Rj0Z5g8lQqADecmpPMHc+NcwplZS93xC+tDMLWpPoIUdARPJbWqAg09W1jU+Go
+9ECt2NTiu8/W0lY4NPP7/zYxSJmCJWKh7unNL+viGA36X2qFqc2cD1a3dRLjoK0t
+I/INkOXVJgVtRP/JeToYj6Rt8JDv2mAJhOcULHpQV4cP7xu/K7XeRMs8/M9FA/gM
+Aiyx8oFY5Bk6GxHW/GlRAewM4C+GSQ==
+=rux+
+-----END PGP PUBLIC KEY BLOCK-----
-Original file line number
+Diff line change
@@ Expand Up / @@ -18,3 +18,5 @@ __pycache__ @@
     .vscode/
     *.tgz
+    *.prov
+    passphrase.txt