HostXtra/helm-charts
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

ci: Workflow testing
Some checks failed
Publish Helm Charts / publish (push) Failing after 18s
Details

Browse Source
This commit is contained in:
domrichardson
2026-03-30 11:47:54 +01:00
parent a5b31720af
commit 6a09189fe2
1 changed files with 129 additions and 129 deletions
Download Patch File Download Diff File Expand all files Collapse all files

258
.gitea/workflows/publish-helm-charts.yaml
View File

@@ -1,145 +1,145 @@
name: Publish Helm Charts name: Publish Helm Charts
on: on:
push: push:
branches: branches:
- main - main
workflow_dispatch: workflow_dispatch:
jobs: jobs:
publish: publish:
runs-on: ubuntu-docker runs-on: ubuntu-docker
container: container:
image: alpine/helm:3.15.4 image: alpine/helm:3.15.4
env:
HELM_PUSH_TOKEN: ${{ secrets.HELM_TOKEN }}
HELM_PUSH_USERNAME: ${{ secrets.HELM_USERNAME }}
HELM_PUSH_PASSWORD: ${{ secrets.HELM_PASSWORD }}
HELM_REGISTRY_OWNER: ${{ secrets.HELM_OWNER }}
steps:
- name: Install Required Tools
shell: sh
run: |
set -eu
apk add --no-cache bash git curl
- name: Checkout
uses: actions/checkout@v4
with:
fetch-depth: 0
- name: Detect Charts With Version Bump
id: detect
shell: bash
run: |
set -euo pipefail
if [ -n "${{ github.event.before || '' }}" ] && [ "${{ github.event.before || '' }}" != "0000000000000000000000000000000000000000" ]; then
BASE_SHA="${{ github.event.before }}"
else
BASE_SHA="$(git rev-parse HEAD~1 2>/dev/null || true)"
fi
CHART_DIRS="$(find . -mindepth 2 -maxdepth 2 -type f -name Chart.yaml -exec dirname {} \; | sed 's|^\./||' | sort -u)"
if [ -z "$CHART_DIRS" ]; then
echo "No chart directories found."
echo "charts=" >> "$GITHUB_OUTPUT"
exit 0
fi
CHANGED_CHARTS=""
for chart_dir in $CHART_DIRS; do
chart_file="$chart_dir/Chart.yaml"
current_version="$(awk -F': *' '$1=="version"{gsub(/\"/,"",$2); print $2; exit}' "$chart_file")"
if [ -z "$current_version" ]; then
echo "Skipping $chart_dir because version is missing in Chart.yaml"
continue
fi
previous_version=""
if [ -n "$BASE_SHA" ] && git cat-file -e "$BASE_SHA:$chart_file" 2>/dev/null; then
previous_version="$(git show "$BASE_SHA:$chart_file" | awk -F': *' '$1=="version"{gsub(/\"/,"",$2); print $2; exit}')"
fi
if [ -z "$previous_version" ] || [ "$previous_version" != "$current_version" ]; then
CHANGED_CHARTS+="$chart_dir "
echo "Will publish $chart_dir (version: ${previous_version:-<new>} -> $current_version)"
else
echo "Skipping $chart_dir (version unchanged: $current_version)"
fi
done
CHANGED_CHARTS="$(echo "$CHANGED_CHARTS" | xargs || true)"
echo "charts=$CHANGED_CHARTS" >> "$GITHUB_OUTPUT"
- name: Package And Publish Changed Charts
if: steps.detect.outputs.charts != ''
shell: bash
env: env:
HELM_PUSH_TOKEN: ${{ secrets.GITEA_HELM_TOKEN }} CHANGED_CHARTS: ${{ steps.detect.outputs.charts }}
HELM_PUSH_USERNAME: ${{ secrets.HELM_USERNAME }} run: |
HELM_PUSH_PASSWORD: ${{ secrets.HELM_PASSWORD }} set -euo pipefail
HELM_REGISTRY_OWNER: ${{ secrets.HELM_OWNER }}
steps:
- name: Install Required Tools
shell: sh
run: |
set -eu
apk add --no-cache bash git curl nodejs
- name: Checkout AUTH_MODE=""
uses: actions/checkout@v4 AUTH_ARGS=()
with: if [ -n "${HELM_PUSH_USERNAME:-}" ] && [ -n "${HELM_PUSH_PASSWORD:-}" ]; then
fetch-depth: 0 AUTH_MODE="basic"
AUTH_ARGS=(--user "${HELM_PUSH_USERNAME}:${HELM_PUSH_PASSWORD}")
elif [ -n "${HELM_PUSH_USERNAME:-}" ] && [ -n "${HELM_PUSH_TOKEN:-}" ]; then
AUTH_MODE="basic-token"
AUTH_ARGS=(--user "${HELM_PUSH_USERNAME}:${HELM_PUSH_TOKEN}")
elif [ -n "${HELM_PUSH_TOKEN:-}" ]; then
AUTH_MODE="token-header"
AUTH_ARGS=(-H "Authorization: token ${HELM_PUSH_TOKEN}")
else
echo "Missing auth secrets. Set HELM_USERNAME/HELM_PASSWORD (recommended) or HELM_TOKEN."
exit 1
fi
- name: Detect Charts With Version Bump echo "Using auth mode: $AUTH_MODE"
id: detect
shell: bash
run: |
set -euo pipefail
if [ -n "${{ github.event.before || '' }}" ] && [ "${{ github.event.before || '' }}" != "0000000000000000000000000000000000000000" ]; then SERVER_URL="${GITHUB_SERVER_URL:-${GITEA_SERVER_URL:-}}"
BASE_SHA="${{ github.event.before }}" if [ -z "$SERVER_URL" ]; then
else echo "Could not resolve server URL from GITHUB_SERVER_URL/GITEA_SERVER_URL"
BASE_SHA="$(git rev-parse HEAD~1 2>/dev/null || true)" exit 1
fi fi
SERVER_URL="${SERVER_URL%/}"
CHART_DIRS="$(find . -mindepth 2 -maxdepth 2 -type f -name Chart.yaml -printf '%h\n' | sed 's|^\./||' | sort)" OWNER="${HELM_REGISTRY_OWNER:-${GITHUB_REPOSITORY_OWNER:-}}"
if [ -z "$CHART_DIRS" ]; then if [ -z "$OWNER" ]; then
echo "No chart directories found." echo "Could not resolve package owner. Set secret HELM_OWNER."
echo "charts=" >> "$GITHUB_OUTPUT" exit 1
exit 0 fi
fi
CHANGED_CHARTS="" UPLOAD_URL="$SERVER_URL/api/packages/$OWNER/helm/api/charts"
for chart_dir in $CHART_DIRS; do mkdir -p .chart-dist
chart_file="$chart_dir/Chart.yaml"
current_version="$(awk -F': *' '$1=="version"{gsub(/\"/,"",$2); print $2; exit}' "$chart_file")"
if [ -z "$current_version" ]; then
echo "Skipping $chart_dir because version is missing in Chart.yaml"
continue
fi
previous_version="" for chart_dir in $CHANGED_CHARTS; do
if [ -n "$BASE_SHA" ] && git cat-file -e "$BASE_SHA:$chart_file" 2>/dev/null; then echo "Packaging $chart_dir"
previous_version="$(git show "$BASE_SHA:$chart_file" | awk -F': *' '$1=="version"{gsub(/\"/,"",$2); print $2; exit}')" helm dependency update "$chart_dir" || true
fi helm lint "$chart_dir"
helm package "$chart_dir" --destination .chart-dist
if [ -z "$previous_version" ] || [ "$previous_version" != "$current_version" ]; then package_file="$(ls -t .chart-dist/*.tgz | head -n1)"
CHANGED_CHARTS+="$chart_dir " echo "Publishing $package_file to $UPLOAD_URL"
echo "Will publish $chart_dir (version: ${previous_version:-<new>} -> $current_version)"
else
echo "Skipping $chart_dir (version unchanged: $current_version)"
fi
done
CHANGED_CHARTS="$(echo "$CHANGED_CHARTS" | xargs || true)" http_code="$(curl -sS -o /tmp/publish-response.txt -w '%{http_code}' \
echo "charts=$CHANGED_CHARTS" >> "$GITHUB_OUTPUT" -X POST \
"${AUTH_ARGS[@]}" \
--upload-file "$package_file" \
"$UPLOAD_URL")"
- name: Package And Publish Changed Charts if [ "$http_code" = "201" ] || [ "$http_code" = "200" ]; then
if: steps.detect.outputs.charts != '' echo "Published $(basename "$package_file")"
shell: bash elif [ "$http_code" = "409" ]; then
env: echo "Chart already exists, skipping: $(basename "$package_file")"
CHANGED_CHARTS: ${{ steps.detect.outputs.charts }} else
run: | echo "Failed to publish $(basename "$package_file") (HTTP $http_code)"
set -euo pipefail cat /tmp/publish-response.txt || true
exit 1
fi
done
AUTH_MODE="" - name: No Version Bumps Detected
AUTH_ARGS=() if: steps.detect.outputs.charts == ''
if [ -n "${HELM_PUSH_USERNAME:-}" ] && [ -n "${HELM_PUSH_PASSWORD:-}" ]; then run: echo "No chart versions changed, skipping publish."
AUTH_MODE="basic"
AUTH_ARGS=(--user "${HELM_PUSH_USERNAME}:${HELM_PUSH_PASSWORD}")
elif [ -n "${HELM_PUSH_USERNAME:-}" ] && [ -n "${HELM_PUSH_TOKEN:-}" ]; then
AUTH_MODE="basic-token"
AUTH_ARGS=(--user "${HELM_PUSH_USERNAME}:${HELM_PUSH_TOKEN}")
elif [ -n "${HELM_PUSH_TOKEN:-}" ]; then
AUTH_MODE="token-header"
AUTH_ARGS=(-H "Authorization: token ${HELM_PUSH_TOKEN}")
else
echo "Missing auth secrets. Set GITEA_HELM_USERNAME/GITEA_HELM_PASSWORD (recommended) or GITEA_HELM_TOKEN."
exit 1
fi
echo "Using auth mode: $AUTH_MODE"
SERVER_URL="${GITHUB_SERVER_URL:-${GITEA_SERVER_URL:-}}"
if [ -z "$SERVER_URL" ]; then
echo "Could not resolve Gitea server URL from GITHUB_SERVER_URL/GITEA_SERVER_URL"
exit 1
fi
SERVER_URL="${SERVER_URL%/}"
OWNER="${HELM_REGISTRY_OWNER:-${GITHUB_REPOSITORY_OWNER:-}}"
if [ -z "$OWNER" ]; then
echo "Could not resolve package owner. Set secret GITEA_HELM_OWNER."
exit 1
fi
UPLOAD_URL="$SERVER_URL/api/packages/$OWNER/helm/api/charts"
mkdir -p .chart-dist
for chart_dir in $CHANGED_CHARTS; do
echo "Packaging $chart_dir"
helm dependency update "$chart_dir" || true
helm lint "$chart_dir"
helm package "$chart_dir" --destination .chart-dist
package_file="$(ls -t .chart-dist/*.tgz | head -n1)"
echo "Publishing $package_file to $UPLOAD_URL"
http_code="$(curl -sS -o /tmp/publish-response.txt -w '%{http_code}' \
-X POST \
"${AUTH_ARGS[@]}" \
--upload-file "$package_file" \
"$UPLOAD_URL")"
if [ "$http_code" = "201" ] || [ "$http_code" = "200" ]; then
echo "Published $(basename "$package_file")"
elif [ "$http_code" = "409" ]; then
echo "Chart already exists, skipping: $(basename "$package_file")"
else
echo "Failed to publish $(basename "$package_file") (HTTP $http_code)"
cat /tmp/publish-response.txt || true
exit 1
fi
done
- name: No Version Bumps Detected
if: steps.detect.outputs.charts == ''
run: echo "No chart versions changed, skipping publish."