[ghost] Update charts/ghost/values.yaml ghost to v6.10.0 (minor) (#702) #949
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| name: Release Charts | |
| on: | |
| push: | |
| branches: | |
| - main | |
| workflow_dispatch: | |
| inputs: | |
| dry_run: | |
| description: 'Dry run (skip actual release)' | |
| required: false | |
| type: boolean | |
| default: false | |
| chart: | |
| description: 'Specific chart to release (optional, e.g. "charts/my-chart")' | |
| required: false | |
| type: string | |
| concurrency: | |
| group: release | |
| cancel-in-progress: true | |
| jobs: | |
| release: | |
| permissions: | |
| contents: write | |
| packages: write | |
| runs-on: ubuntu-latest | |
| timeout-minutes: 30 | |
| steps: | |
| - name: Checkout | |
| uses: actions/checkout@08c6903cd8c0fde910a37f88322edcfb5dd907a8 # v5.0.0 | |
| with: | |
| fetch-depth: 0 | |
| - name: Configure Git | |
| run: | | |
| git config user.name "$GITHUB_ACTOR" | |
| git config user.email "[email protected]" | |
| - name: Login to Registry | |
| uses: docker/login-action@5e57cd118135c172c3672efd75eb46360885c0ef # v3.6.0 | |
| with: | |
| registry: ${{ vars.REGISTRY }} | |
| username: ${{ secrets.REGISTRY_USER }} | |
| password: ${{ secrets.REGISTRY_PASSWORD }} | |
| - name: Login to GHCR | |
| uses: docker/login-action@5e57cd118135c172c3672efd75eb46360885c0ef # v3.6.0 | |
| with: | |
| registry: ghcr.io | |
| username: ${{ github.actor }} | |
| password: ${{ secrets.GITHUB_TOKEN }} | |
| - name: Update chart dependencies | |
| run: | | |
| set -euo pipefail | |
| echo "Updating dependencies for all charts..." | |
| for chart_dir in charts/*; do | |
| if [ -f "$chart_dir/Chart.yaml" ]; then | |
| echo "Processing $chart_dir..." | |
| if grep -q "^dependencies:" "$chart_dir/Chart.yaml"; then | |
| echo " → Updating dependencies for $chart_dir" | |
| helm dependency update "$chart_dir" | |
| else | |
| echo " → No dependencies found, skipping" | |
| fi | |
| fi | |
| done | |
| - name: Run chart-releaser | |
| id: chart-releaser | |
| uses: helm/chart-releaser-action@cae68fefc6b5f367a0275617c9f83181ba54714f # v1.7.0 | |
| with: | |
| skip_existing: true | |
| env: | |
| CR_TOKEN: "${{ secrets.GITHUB_TOKEN }}" | |
| - name: Package manually specified chart | |
| if: ${{ github.event.inputs.chart != '' }} | |
| run: | | |
| set -euo pipefail | |
| CHART_DIR="${{ github.event.inputs.chart }}" | |
| if [ ! -d "$CHART_DIR" ]; then | |
| echo "ERROR: Chart directory $CHART_DIR does not exist" | |
| exit 1 | |
| fi | |
| # Update dependencies if they exist | |
| if grep -q "^dependencies:" "$CHART_DIR/Chart.yaml"; then | |
| echo "Updating dependencies for $CHART_DIR..." | |
| helm dependency update "$CHART_DIR" | |
| fi | |
| echo "Packaging chart from $CHART_DIR..." | |
| mkdir -p .cr-release-packages | |
| helm package "$CHART_DIR" --destination .cr-release-packages | |
| echo "Packaged charts:" | |
| ls -lh .cr-release-packages/ | |
| - name: Install cosign | |
| uses: sigstore/[email protected] | |
| if: ${{ steps.chart-releaser.outputs.changed_charts || github.event.inputs.chart != '' }} | |
| - id: github-repo-owner-name | |
| uses: ASzc/change-string-case-action@d0603cd0a7dd490be678164909f65c7737470a7f # v6 | |
| with: | |
| string: ${{ github.repository_owner }} | |
| - name: Upload charts to OCI registries | |
| id: upload | |
| if: ${{ steps.chart-releaser.outputs.changed_charts || github.event.inputs.chart != '' }} | |
| env: | |
| COSIGN_KEY: ${{ secrets.COSIGN_KEY }} | |
| COSIGN_PASSWORD: ${{ secrets.COSIGN_PASSWORD }} | |
| REGISTRY_USER: ${{ secrets.REGISTRY_USER }} | |
| run: | | |
| set -euo pipefail | |
| # Determine which charts to release | |
| if [ -n "${{ github.event.inputs.chart }}" ]; then | |
| echo "Manual chart specified: ${{ github.event.inputs.chart }}" | |
| CHANGED_CHARTS="${{ github.event.inputs.chart }}" | |
| else | |
| CHANGED_CHARTS="${{ steps.chart-releaser.outputs.changed_charts }}" | |
| fi | |
| if [ -z "$CHANGED_CHARTS" ]; then | |
| echo "No charts to release." | |
| exit 0 | |
| fi | |
| # Retry function for network operations | |
| retry() { | |
| local max_attempts=3 | |
| local attempt=1 | |
| local delay=5 | |
| while [ $attempt -le $max_attempts ]; do | |
| if "$@"; then return 0; fi | |
| echo "Attempt $attempt failed. Retrying in ${delay}s..." | |
| sleep $delay | |
| delay=$((delay * 2)) | |
| attempt=$((attempt + 1)) | |
| done | |
| echo "ERROR: All $max_attempts attempts failed" | |
| return 1 | |
| } | |
| echo "Logging into primary registry..." | |
| retry helm registry login --username $REGISTRY_USER --password ${{ secrets.REGISTRY_PASSWORD }} https://${{ vars.REGISTRY }} | |
| echo "Logging into GHCR..." | |
| retry helm registry login --username ${{ github.actor }} --password ${{ secrets.GITHUB_TOKEN }} https://ghcr.io | |
| RELEASED_CHARTS="" | |
| for chart_directory in ${CHANGED_CHARTS//,/ }; do | |
| CHART_NAME=${chart_directory#charts/} | |
| cd $chart_directory | |
| CHART_VERSION=$(yq eval '.version' "Chart.yaml") | |
| APP_VERSION=$(yq eval '.appVersion' "Chart.yaml") | |
| echo "Pushing Helm chart $CHART_NAME-$CHART_VERSION.tgz to oci://${{ vars.REGISTRY }}/${{ vars.REPOSITORY }}" | |
| if retry helm push ${{ github.workspace }}/.cr-release-packages/${CHART_NAME}-${CHART_VERSION}.tgz oci://${{ vars.REGISTRY }}/${{ vars.REPOSITORY }} 2>&1 | tee ${CHART_NAME}-output.log; then | |
| DIGEST=$(grep -oP 'Digest:\s*\K(sha256:[a-f0-9]+)' ${CHART_NAME}-output.log || echo "") | |
| [ -z "$DIGEST" ] && echo "ERROR: Failed to extract digest" && cat ${CHART_NAME}-output.log && exit 1 | |
| cosign sign -y --upload=true --key env://COSIGN_KEY ${{ vars.REGISTRY }}/${{ vars.REPOSITORY }}/${CHART_NAME}:${CHART_VERSION}@$DIGEST | |
| RELEASED_CHARTS="$RELEASED_CHARTS ${CHART_NAME}" | |
| fi | |
| echo "Pushing Helm chart $CHART_NAME-$CHART_VERSION.tgz to GHCR..." | |
| if retry helm push ${{ github.workspace }}/.cr-release-packages/${CHART_NAME}-${CHART_VERSION}.tgz oci://ghcr.io/${{ steps.github-repo-owner-name.outputs.lowercase }}/helm-charts 2>&1 | tee ${CHART_NAME}-ghcr-output.log; then | |
| GHCR_DIGEST=$(grep -oP 'Digest:\s*\K(sha256:[a-f0-9]+)' ${CHART_NAME}-ghcr-output.log || echo "") | |
| [ -z "$GHCR_DIGEST" ] && echo "ERROR: Failed to extract GHCR digest" && cat ${CHART_NAME}-ghcr-output.log && exit 1 | |
| cosign sign -y --upload=true --key env://COSIGN_KEY ghcr.io/${{ steps.github-repo-owner-name.outputs.lowercase }}/helm-charts/${CHART_NAME}:${CHART_VERSION}@$GHCR_DIGEST | |
| fi | |
| cd ${{ github.workspace }} | |
| done | |
| echo "released_charts=$RELEASED_CHARTS" >> "$GITHUB_OUTPUT" | |
| echo "## 📦 Helm Charts Released" >> $GITHUB_STEP_SUMMARY | |
| for chart in $RELEASED_CHARTS; do | |
| echo "- ✅ **$chart**" >> $GITHUB_STEP_SUMMARY | |
| done | |
| echo "### 📍 Registries" >> $GITHUB_STEP_SUMMARY | |
| echo "- Primary: \`${{ vars.REGISTRY }}/${{ vars.REPOSITORY }}\`" >> $GITHUB_STEP_SUMMARY | |
| echo "- GHCR: \`ghcr.io/${{ steps.github-repo-owner-name.outputs.lowercase }}/helm-charts\`" >> $GITHUB_STEP_SUMMARY |