Skip to content

use directory-mapping instead of simple containerd.socket-file-mapping #18

use directory-mapping instead of simple containerd.socket-file-mapping

use directory-mapping instead of simple containerd.socket-file-mapping #18

Workflow file for this run

name: Release Charts
on:
push:
branches:
- main
- master
paths:
- "charts/**"
jobs:
release:
runs-on: ubuntu-latest
permissions:
contents: write
packages: write
id-token: write
steps:
- name: Checkout
uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332 # v4.1.7
with:
fetch-depth: 0
- name: Install Cosign
uses: sigstore/cosign-installer@59acb6260d9c0ba8f4a2f9d9b48431a222b68e20 # v3.5.0
- name: Configure Git
run: |
git config user.name "$GITHUB_ACTOR"
git config user.email "$GITHUB_ACTOR@users.noreply.github.com"
- name: Set up Helm
uses: azure/setup-helm@fe7b79cd5ee1e45176fcad797de68ecaf3ca4814 # v4.2.0
- name: Add dependency chart repos
run: |
helm repo add falcosecurity https://falcosecurity.github.io/charts
- name: Run chart-releaser
uses: helm/chart-releaser-action@a917fd15b20e8b64b94d9158ad54cd6345335584 # v1.6.0
with:
charts_dir: charts
env:
CR_TOKEN: "${{ secrets.GITHUB_TOKEN }}"
- name: Login to GitHub Container Registry
uses: docker/login-action@0d4c9c5ea7693da7b068278f7b52bda2a190a446 # v3.2.0
with:
registry: ghcr.io
username: ${{ github.actor }}
password: ${{ secrets.GITHUB_TOKEN }}
- name: Publish and Sign OCI Charts
run: |
for chart in `find .cr-release-packages -name '*.tgz' -print`; do
helm push ${chart} oci://ghcr.io/${GITHUB_REPOSITORY} |& tee helm-push-output.log
file_name=${chart##*/}
chart_name=${file_name%-*}
digest=$(awk -F "[, ]+" '/Digest/{print $NF}' < helm-push-output.log)
cosign sign "ghcr.io/${GITHUB_REPOSITORY}/${chart_name}@${digest}"
done
env:
COSIGN_YES: true