ci: add workflow for publishing helm charts #693
Conversation
k8s-ci-robot
added
cncf-cla: yes
|
[APPROVALNOTIFIER] This PR is APPROVED This pull-request has been approved by: aramase The full list of commands accepted by this bot can be found here. The pull request process is described here
Needs approval from an approver in each of these files:
Approvers can indicate their approval by writing |
k8s-ci-robot
added
the
approved
| @@ -506,11 +506,6 @@ promote-staging-manifest: #promote staging manifests to release dir | |||
| @cp -r manifest_staging/deploy . | |||
| @rm -rf charts/secrets-store-csi-driver | |||
| @cp -r manifest_staging/charts/secrets-store-csi-driver ./charts | |||
| @mkdir -p ./charts/tmp | |||
There was a problem hiding this comment.
Updating the promote-staging-manifest makefile target to remove helm package. The helm charts are packaged and published by the GitHub action.
aramase
force-pushed
the
chart-workflow
branch
from
3e43d2e to
a389dd5
Compare
|
/test pull-secrets-store-csi-driver-e2e-windows |
| push: | ||
| branches: | ||
| - main | ||
| - master |
There was a problem hiding this comment.
release-v* too?
edit: Err I guess its not until there's a tag that we really want to build the chart hm
There was a problem hiding this comment.
That's right! So we need to only publish from main/master. We can certainly look into adding the release branches based on how we want to publish helm charts for patch releases.
aramase
force-pushed
the
chart-workflow
branch
from
a389dd5 to
3d51b18
Compare
|
/test pull-secrets-store-csi-driver-e2e-windows |
| uses: stefanprodan/helm-gh-pages@f1701eb82e4d4b82016e7965501c8b6d79feaec9 | ||
| with: | ||
| # GitHub automatically creates a GITHUB_TOKEN secret to use in your workflow. You can use the GITHUB_TOKEN to authenticate in a workflow run. | ||
| # See https://docs.github.com/en/actions/reference/authentication-in-a-workflow#about-the-github_token-secret |
There was a problem hiding this comment.
Ah https://github.blog/changelog/2021-04-20-github-actions-control-permissions-for-github_token/
Could we configure this so that this workflow yaml explicitly needs the write permissions, then the repo level i think we can change the default to only read permissions
There was a problem hiding this comment.
@tam7t good find!
Here is a sample run with setting contents: write permission: https://github.com/aramase/secrets-store-csi-driver/actions/runs/1144718022.
I've also updated the workflow permissions to Read repository contents permission
Signed-off-by: Anish Ramasekar <anish.ramasekar@gmail.com>
aramase
force-pushed
the
chart-workflow
branch
from
3d51b18 to
74f537c
Compare
|
/lgtm |
k8s-ci-robot
added
the
lgtm
Signed-off-by: Anish Ramasekar anish.ramasekar@gmail.com
What this PR does / why we need it:
gh-pagesbranch with the updated index for urlhttps://kubernetes-sigs.github.io/secrets-store-csi-driver/chartsfor all the current releases: https://github.com/kubernetes-sigs/secrets-store-csi-driver/tree/gh-pagespromote-staging-manifestmakefile target to removehelm package. The helm charts are packaged and published by the GitHub action.Which issue(s) this PR fixes (optional, using
fixes #<issue number>(, fixes #<issue_number>, ...)format, will close the issue(s) when the PR gets merged):Fixes #687
Special notes for your reviewer: