Skip to content
Release Charts

Guac v0.7.0 release (#51) #32

Sign in to view logs

Guac v0.7.0 release (#51)

Guac v0.7.0 release (#51) #32

Workflow file for this run

.github/workflows/release.yaml at 9d9c6ce
name: Release Charts
on:
# run release job when changes are pushed to main
# chart-releaser will only cut release when changes are detected
# hence a tag push will not trigger chart release
push:
branches:
- main
permissions: # added using https://github.com/step-security/secure-repo
contents: read
jobs:
release:
runs-on: ubuntu-latest
permissions:
contents: write
packages: write
steps:
- name: Harden Runner
uses: step-security/harden-runner@1f99358870fe1c846a3ccba386cc2b2246836776 # v2.2.1
with:
egress-policy: audit # TODO: change to 'egress-policy: block' after couple of runs
- name: Checkout
uses: actions/checkout@24cb9080177205b6e8c946b17badbe402adc938f # v3.4.0
with:
fetch-depth: 0
- name: Configure Git
run: |
git config user.name "$GITHUB_ACTOR"
git config user.email "$GITHUB_ACTOR@users.noreply.github.com"
- name: Install Helm
uses: azure/setup-helm@5119fcb9089d432beecbf79bb2c7915207344b78 # v3.5
with:
version: 'v3.11.2'
- name: Add Helm repos
run: |
helm repo add neo4j https://helm.neo4j.com/neo4j
helm repo add nats https://nats-io.github.io/k8s/helm/charts
helm repo add minio https://charts.min.io/
- name: Set up GPG Keys
run: |
cat <(echo -e "${{ secrets.GPG_KEYRING_BASE64 }}") | base64 -d | gpg --import --batch
gpg --export-secret-keys > /home/runner/.gnupg/keyring.gpg
- name: Run chart-releaser
uses: helm/chart-releaser-action@be16258da8010256c6e82849661221415f031968 # v1.5.0
env:
CR_TOKEN: "${{ secrets.GITHUB_TOKEN }}"
CR_SIGN: "true"
# GPG_KEY_NAME is set at key creation time and is used to identify the key in the keyring here
CR_KEY: "${{ secrets.GPG_KEY_NAME }}"
CR_KEYRING: "/home/runner/.gnupg/keyring.gpg"