Skip to content

Promoting Develop to Master #30

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Merged
merged 2 commits into from
Sep 2, 2024
Merged

Promoting Develop to Master #30

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
2 commits
Select commit Hold shift + click to select a range
6852d3e
updated releaser
mguptahub Sep 2, 2024
a373816
fix: helm signing (#29)
mguptahub Sep 2, 2024
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
49 changes: 35 additions & 14 deletions .github/workflows/chart-preview.yml
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -21,6 +21,10 @@ env:
AWS_REGION: ${{ vars.HELM_PREVIEW_AWS_REGION }}
AWS_BUCKET: ${{ vars.HELM_PREVIEW_BUCKET }}
HELM_SUB_FOLDER: ${{ github.run_id }}
GNUPGHOME: ${{ github.workspace }}/.gnupg
GPG_KEY_NAME: ${{ secrets.GPG_KEY_NAME }}
GPG_PASSPHRASE: ${{ secrets.GPG_PASSPHRASE }}
GPG_PRIVATE_KEY: ${{ secrets.GPG_PRIVATE_KEY }}
CHART_PREFIX: ${{ github.run_id }}
BUILD_PLANE_CE: ${{ github.event.inputs.plane-ce }}
BUILD_PLANE_EE: ${{ github.event.inputs.plane-enterprise }}
Expand Down Expand Up @@ -48,19 +52,30 @@ jobs:
uses: azure/setup-helm@v4

- name: Prepare GPG key #this step is for using exported keys and make your github runner
working-directory: code
run: |
gpg_dir=.cr-gpg
mkdir "$gpg_dir"
keyring="$gpg_dir/secring.gpg" #referring keyring to private key of gpg
base64 -d <<< "$GPG_KEYRING_BASE64" > "$keyring" #storing base64 GPG key into keyring
passphrase_file="$gpg_dir/passphrase"
echo "$GPG_PASSPHRASE" > "$passphrase_file" #storing passphrase data into a file
echo "CR_PASSPHRASE_FILE=$passphrase_file" >> "$GITHUB_ENV" #saving passphrase into github-environment
echo "CR_KEYRING=$keyring" >> "$GITHUB_ENV" #saving private key into github-environemnt
env:
GPG_KEYRING_BASE64: "${{ secrets.GPG_KEYRING_BASE64 }}" #Referring secrets of github above
GPG_PASSPHRASE: "${{ secrets.GPG_PASSPHRASE }}"
CR_PASSPHRASE_FILE: ${{env.GNUPGHOME}}/gpg-passphrase
run: |
gpg --version

mkdir -p ${{env.GNUPGHOME}}
chmod 700 ${{env.GNUPGHOME}}

# Disable the use of the gpg-agent
echo "use-agent" >> ${{env.GNUPGHOME}}/gpg.conf
echo "pinentry-mode loopback" >> ${{env.GNUPGHOME}}/gpg.conf
echo "no-tty" >> ${{env.GNUPGHOME}}/gpg.conf
echo "no-autostart" >> ${{env.GNUPGHOME}}/gpg-agent.conf
echo "allow-loopback-pinentry" >> ${{env.GNUPGHOME}}/gpg-agent.conf
echo "${{env.GPG_PASSPHRASE}}" > ${{env.CR_PASSPHRASE_FILE}}

# Import the GPG key
echo "${{ env.GPG_PRIVATE_KEY }}" | gpg --batch --yes --pinentry-mode loopback --passphrase ${{ env.GPG_PASSPHRASE }} --import

# Re-create keyring in legacy format for Helm compatibility
gpg --export-secret-keys --passphrase ${{env.GPG_PASSPHRASE}} > ${{env.GNUPGHOME}}/secring.gpg
gpg --export --passphrase ${{env.GPG_PASSPHRASE}} > ${{env.GNUPGHOME}}/pubring.gpg

chmod 400 ${{env.GNUPGHOME}}/secring.gpg

- id: build-plane-ce
if: ${{ env.BUILD_PLANE_CE == 'true' }}
Expand All @@ -69,13 +84,16 @@ jobs:
env:
EXPORT_DIR: ${{env.PREVIEW_BUILD_FOLDER}}
CHART_REPO: plane-ce
CR_KEY: ${{ env.GPG_KEY_NAME }}
CR_PASSPHRASE_FILE: ${{env.GNUPGHOME}}/gpg-passphrase
CR_KEYRING: ${{env.GNUPGHOME}}/secring.gpg
run: |
flatBranchName=$(echo "${{ github.ref_name}}" | sed 's/\//\-/g')
sed -i "s/name: ${{env.CHART_REPO}}/name: ${{ env.CHART_PREFIX }}-${{env.CHART_REPO}}/" charts/${{env.CHART_REPO}}/Chart.yaml
sed -i "s/description: .*/description: ${flatBranchName}/g" charts/${{env.CHART_REPO}}/Chart.yaml
# sed -i "s/version: \(.*\)/version: \1-${flatBranchName}/" charts/${{env.CHART_REPO}}/Chart.yaml

helm package --sign --key "Plane" --keyring $CR_KEYRING --passphrase-file "$CR_PASSPHRASE_FILE" charts/$CHART_REPO -u -d ${{ env.EXPORT_DIR }}/${{env.CHART_REPO}}/charts
helm package --sign --key "$CR_KEY" --keyring $CR_KEYRING --passphrase-file "$CR_PASSPHRASE_FILE" charts/$CHART_REPO -u -d ${{ env.EXPORT_DIR }}/${{env.CHART_REPO}}/charts
cp charts/${{env.CHART_REPO}}/README.md ${{ env.EXPORT_DIR }}/${{env.CHART_REPO}}/${{env.CHART_REPO}}.md
helm repo index ${{ env.EXPORT_DIR }}/${{env.CHART_REPO}}

Expand All @@ -86,13 +104,16 @@ jobs:
env:
EXPORT_DIR: ${{env.PREVIEW_BUILD_FOLDER}}
CHART_REPO: plane-enterprise
CR_KEY: ${{ env.GPG_KEY_NAME }}
CR_PASSPHRASE_FILE: ${{env.GNUPGHOME}}/gpg-passphrase
CR_KEYRING: ${{env.GNUPGHOME}}/secring.gpg
run: |
flatBranchName=$(echo "${{ github.ref_name}}" | sed 's/\//\-/g')
sed -i "s/name: ${{env.CHART_REPO}}/name: ${{ env.CHART_PREFIX }}-${{env.CHART_REPO}}/" charts/${{env.CHART_REPO}}/Chart.yaml
sed -i "s/description: .*/description: ${flatBranchName}/g" charts/${{env.CHART_REPO}}/Chart.yaml
# sed -i "s/version: \(.*\)/version: \1-${flatBranchName}/" charts/${{env.CHART_REPO}}/Chart.yaml

helm package --sign --key "Plane" --keyring $CR_KEYRING --passphrase-file "$CR_PASSPHRASE_FILE" charts/$CHART_REPO -u -d ${{ env.EXPORT_DIR }}/${{env.CHART_REPO}}/charts
helm package --sign --key "$CR_KEY" --keyring $CR_KEYRING --passphrase-file "$CR_PASSPHRASE_FILE" charts/$CHART_REPO -u -d ${{ env.EXPORT_DIR }}/${{env.CHART_REPO}}/charts
cp charts/${{env.CHART_REPO}}/README.md ${{ env.EXPORT_DIR }}/${{env.CHART_REPO}}/${{env.CHART_REPO}}.md
helm repo index ${{ env.EXPORT_DIR }}/${{env.CHART_REPO}}

Expand Down
90 changes: 74 additions & 16 deletions .github/workflows/chart-releaser.yml
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -7,6 +7,10 @@ env:
CR_CONFIGFILE: "${{ github.workspace }}/cr.yaml"
CR_TOOL_PATH: "${{ github.workspace }}/.cr-tool"
CR_TOKEN: "${{ secrets.GITHUB_TOKEN }}"
GNUPGHOME: ${{ github.workspace }}/.gnupg
GPG_KEY_NAME: ${{ secrets.GPG_KEY_NAME }}
GPG_PASSPHRASE: ${{ secrets.GPG_PASSPHRASE }}
GPG_PRIVATE_KEY: ${{ secrets.GPG_PRIVATE_KEY }}
TARGET_BRANCH: "${{ github.ref_name }}"
CHART_NAME_CE: "plane-ce"
CHART_NAME_ENTERPRISE: "plane-enterprise"
Expand All @@ -31,18 +35,30 @@ jobs:
uses: azure/setup-helm@v4

- name: Prepare GPG key #this step is for using exported keys and make your github runner
run: |
gpg_dir=.cr-gpg
mkdir "$gpg_dir"
keyring="$gpg_dir/secring.gpg" #referring keyring to private key of gpg
base64 -d <<< "$GPG_KEYRING_BASE64" > "$keyring" #storing base64 GPG key into keyring
passphrase_file="$gpg_dir/passphrase"
echo "$GPG_PASSPHRASE" > "$passphrase_file" #storing passphrase data into a file
echo "CR_PASSPHRASE_FILE=$passphrase_file" >> "$GITHUB_ENV" #saving passphrase into github-environment
echo "CR_KEYRING=$keyring" >> "$GITHUB_ENV" #saving private key into github-environemnt
env:
GPG_KEYRING_BASE64: "${{ secrets.GPG_KEYRING_BASE64 }}" #Referring secrets of github above
GPG_PASSPHRASE: "${{ secrets.GPG_PASSPHRASE }}"
CR_PASSPHRASE_FILE: ${{env.GNUPGHOME}}/gpg-passphrase
run: |
gpg --version

mkdir -p ${{env.GNUPGHOME}}
chmod 700 ${{env.GNUPGHOME}}

# Disable the use of the gpg-agent
echo "use-agent" >> ${{env.GNUPGHOME}}/gpg.conf
echo "pinentry-mode loopback" >> ${{env.GNUPGHOME}}/gpg.conf
echo "no-tty" >> ${{env.GNUPGHOME}}/gpg.conf
echo "no-autostart" >> ${{env.GNUPGHOME}}/gpg-agent.conf
echo "allow-loopback-pinentry" >> ${{env.GNUPGHOME}}/gpg-agent.conf
echo "${{env.GPG_PASSPHRASE}}" > ${{env.CR_PASSPHRASE_FILE}}

# Import the GPG key
echo "${{ env.GPG_PRIVATE_KEY }}" | gpg --batch --yes --pinentry-mode loopback --passphrase ${{ env.GPG_PASSPHRASE }} --import

# Re-create keyring in legacy format for Helm compatibility
gpg --export-secret-keys --passphrase ${{env.GPG_PASSPHRASE}} > ${{env.GNUPGHOME}}/secring.gpg
gpg --export --passphrase ${{env.GPG_PASSPHRASE}} > ${{env.GNUPGHOME}}/pubring.gpg

chmod 400 ${{env.GNUPGHOME}}/secring.gpg

- name: Rename Chart
if: github.ref_name != 'master'
Expand All @@ -60,21 +76,63 @@ jobs:
skip_existing: true
env:
CR_TOKEN: ${{ env.CR_TOKEN }}
CR_KEY: "Plane"
CR_KEYRING: ${{ env.CR_KEYRING }}
CR_PASSPHRASE_FILE: ${{ env.CR_PASSPHRASE_FILE }}
CR_KEY: ${{ env.GPG_KEY_NAME }}
CR_KEYRING: ${{env.GNUPGHOME}}/secring.gpg
CR_PASSPHRASE_FILE: ${{env.GNUPGHOME}}/gpg-passphrase
CR_SIGN: true

- id: publish-plane-enterprise
if: github.ref_name == 'master'
name: Publish Plane-Enterprise
name: Harbor Publish Plane-Enterprise
env:
CHART_REPO: ${{ env.CHART_NAME_ENTERPRISE }}
HELM_REPO: plane
CR_KEY: ${{ env.GPG_KEY_NAME }}
CR_PASSPHRASE_FILE: ${{env.GNUPGHOME}}/gpg-passphrase
CR_KEYRING: ${{env.GNUPGHOME}}/secring.gpg
run: |
mkdir -p tmp
helm registry login -u ${{ secrets.HARBOR_USERNAME }} -p ${{ secrets.HARBOR_TOKEN }} ${{ vars.HARBOR_REGISTRY }}
helm package --sign --key "Plane" --keyring $CR_KEYRING --passphrase-file "$CR_PASSPHRASE_FILE" charts/$CHART_REPO -u -d tmp
helm package --sign --key "$CR_KEY" --keyring "$CR_KEYRING" --passphrase-file "$CR_PASSPHRASE_FILE" charts/$CHART_REPO -u -d tmp
helm push tmp/${{ env.CHART_REPO }}-*.tgz oci://${{ vars.HARBOR_REGISTRY }}/${{env.HELM_REPO}}
rm -rf tmp

publish:
if: ${{ github.ref_name == 'master' }}
needs: setup
runs-on: ubuntu-latest
permissions:
contents: write
steps:
- name: Checkout
uses: actions/checkout@v4
with:
fetch-depth: 0
path: code

- name: Checkout
uses: actions/checkout@v4
with:
fetch-depth: 0
ref: gh-pages
path: pages

- name: Configure Git
working-directory: pages
run: |
git config user.name "$GITHUB_ACTOR"
git config user.email "[email protected]"

- name: Copy Readme
run: |
cp code/charts/plane-ce/README.md pages/content/plane-ce.md
cp code/charts/plane-enterprise/README.md pages/content/plane-ee.md

- name: Publish pages
working-directory: pages
run: |
git add .
git commit -m "Updated READMEs"
git push