Merge pull request #16 from moonswitch/add-trivy #22
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| name: Release Charts | |
| on: | |
| push: | |
| branches: | |
| - main | |
| jobs: | |
| release: | |
| runs-on: ubuntu-latest | |
| permissions: | |
| id-token: write | |
| contents: write | |
| steps: | |
| - name: Checkout | |
| uses: actions/checkout@8ade135a41bc03ea155e62e844d188df1ea18608 # v4.1.0 | |
| with: | |
| fetch-depth: 0 | |
| - name: Configure Git | |
| run: | | |
| git config user.name "$GITHUB_ACTOR" | |
| git config user.email "$GITHUB_ACTOR@users.noreply.github.com" | |
| - name: Install Helm | |
| uses: azure/setup-helm@5119fcb9089d432beecbf79bb2c7915207344b78 # v3.5 | |
| with: | |
| version: v3.13.0 | |
| - name: Import GPG key | |
| uses: crazy-max/ghaction-import-gpg@v6 | |
| with: | |
| gpg_private_key: ${{ secrets.GPG_PRIVATE_KEY }} | |
| passphrase: ${{ secrets.PASSPHRASE }} | |
| - name: Convert GPG to legacy version | |
| run: | | |
| gpg --batch --pinentry-mode=loopback --yes --passphrase "${{ secrets.PASSPHRASE }}" --export-secret-keys >~/.gnupg/pubring.gpg | |
| echo "${{ secrets.PASSPHRASE }}" > passphrase-file.txt | |
| - name: Add dependency chart repos | |
| run: | | |
| helm repo add teleport https://charts.releases.teleport.dev | |
| helm repo add cloudflare https://cloudflare.github.io/helm-charts | |
| helm repo add prometheus-community https://prometheus-community.github.io/helm-charts | |
| helm repo add weave-works https://helm.gitops.weave.works | |
| helm repo add kubecost https://kubecost.github.io/cost-analyzer | |
| helm repo add bitnami https://charts.bitnami.com/bitnami | |
| helm repo add grafana https://grafana.github.io/helm-charts | |
| helm repo add metrics-server https://kubernetes-sigs.github.io/metrics-server | |
| helm repo add kubernetes-dashboard https://kubernetes.github.io/dashboard | |
| helm repo add komodorio https://helm-charts.komodor.io | |
| helm repo add aqua https://aquasecurity.github.io/helm-charts | |
| - name: Run chart-releaser | |
| uses: helm/chart-releaser-action@a917fd15b20e8b64b94d9158ad54cd6345335584 # v1.6.0 | |
| with: | |
| charts_dir: charts | |
| config: cr.yaml | |
| env: | |
| CR_PASSPHRASE_FILE: passphrase-file.txt | |
| CR_TOKEN: "${{ secrets.GITHUB_TOKEN }}" |