Allow non-Venafi employee maintainers full release capabilities

[erikgb]

As a relatively new cert-manager maintainer, I have just started cutting releases of our projects. The release process is generally good and well-documented. However, I cannot publish the release Helm chart, as it currently requires access to a private GitHub project that is only available to Venafi employees.

The issue was raised at the bi-weekly development meeting on 28 November 2024, and everyone present agreed that this should be improved.

Short-term alternative proposed: give non-Venafi employee maintainers personal access to the chart release repository. I don't consider this a real fix for the issue. As a graduated CNCF project, all our activity should be transparent and maintainers should be treated equally.

A better solution discussed in the meeting was establishing a new OCI Helm chart registry for cert-manager projects. And for backward compatibility reasons pull-push charts from this new registry to the legacy JetStack chart repository.

/assign @SgtCoDFish

[SgtCoDFish]

Thank you for raising this!

This has been on the backburner just because it hasn't come up until you started doing releases. I'll raise this at Venafi and start the process.

As for implementation, what seems like a good approach to me (as mentioned on the biweekly) would be to implement cert-manager/cert-manager#7132 with the charts repo starting to pull from OCI registries. That could be automated.

[SgtCoDFish]

I've raised this internally now which will start the discussions on this, hopefully leading to us allocating a bit of time for this!