wondering if maybe github.token is not the contextual one including the specific permissions #15
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| name: CI | |
| on: | |
| push: | |
| branches-ignore: | |
| - "dependabot/**" | |
| - "gh-pages/**" | |
| paths: | |
| - "**" | |
| - "!docs/**" | |
| tags: | |
| - "v*" | |
| pull_request: | |
| branches-ignore: | |
| - "dependabot/**" | |
| - "gh-pages/**" | |
| paths: | |
| - "**" | |
| - "!docs/**" | |
| env: | |
| CHART_VERSION: "0.0.0" | |
| CHARTS_TMP_DIR: dist | |
| LC_ALL: en_US.UTF-8 | |
| PUBLISH: "false" | |
| SOURCE_DIR: "." | |
| defaults: | |
| run: | |
| shell: bash | |
| permissions: | |
| packages: write | |
| contents: write | |
| jobs: | |
| ci: | |
| name: Build, Test, maybe Publish | |
| runs-on: ubuntu-latest | |
| steps: | |
| - name: Clone the code | |
| uses: actions/checkout@v4 | |
| - name: Install Helm | |
| run: | | |
| curl -sL https://raw.githubusercontent.com/helm/helm/main/scripts/get-helm-3 | bash | |
| - name: Verify Helm Installation | |
| shell: bash | |
| run: | | |
| helm version | |
| - name: Install the latest version of Kind | |
| shell: bash | |
| run: | | |
| curl -Lo ./kind https://kind.sigs.k8s.io/dl/latest/kind-linux-amd64 | |
| chmod +x ./kind | |
| sudo mv ./kind /usr/local/bin/kind | |
| - name: Verify Kind Installation | |
| shell: bash | |
| run: | | |
| kind version | |
| - name: Create Kind Cluster | |
| shell: bash | |
| run: | | |
| kind create cluster | |
| - name: Run Helm Test | |
| id: helm-test | |
| run: | | |
| helm upgrade -i liferay . | |
| helm test liferay && \ | |
| echo "PUBLISH=${{ (github.repository == 'LiferayCloud/liferay-helm-chart') && startsWith(github.ref, 'refs/tags/') && (github.event_name != 'pull_request') }}" >> ${GITHUB_ENV} | |
| - name: Calculate Chart Version | |
| if: ${{ env.PUBLISH == 'true' }} | |
| id: calculate-chart-version | |
| run: | | |
| # This is the tag name | |
| echo GITHUB_REF=${{ github.ref }} | |
| # This is the version | |
| CHART_VERSION=$(echo "${{ github.ref }}" | sed -e 's,.*/\(.*\),\1,') | |
| [[ "${{ github.ref }}" == "refs/tags/"* ]] && CHART_VERSION=$(echo $CHART_VERSION | sed -e 's/^v//') | |
| [ "$CHART_VERSION" == "main" ] && CHART_VERSION="0.0.0" | |
| echo CHART_VERSION=$CHART_VERSION | |
| echo "CHART_VERSION=${CHART_VERSION}" >> ${GITHUB_ENV} | |
| - name: Package the Helm Chart | |
| if: ${{ env.PUBLISH == 'true' }} | |
| run: | | |
| mkdir ${CHARTS_TMP_DIR} | |
| helm package --version ${CHART_VERSION} -d ${CHARTS_TMP_DIR} . | |
| echo "CHARTS_TMP_DIR=$(realpath $CHARTS_TMP_DIR)" >> ${GITHUB_ENV} | |
| echo "SOURCE_DIR=$(realpath $SOURCE_DIR)" >> ${GITHUB_ENV} | |
| - name: Log in to registry with Helm | |
| if: ${{ env.PUBLISH == 'true' }} | |
| run: | | |
| echo "${{ secrets.GITHUB_TOKEN }}" | helm registry login ghcr.io/${{ github.repository }} --username ${{ github.actor }} --password-stdin | |
| - name: Push Helm Charts to Github Container Registry (OCI) | |
| if: ${{ env.PUBLISH == 'true' }} | |
| working-directory: dist | |
| run: | | |
| HELM_REPOSITORY=$(echo "${{ github.repository }}" | tr '[:upper:]' '[:lower:]') | |
| for f in *.tgz ; do | |
| echo "$f" | |
| helm push $f oci://ghcr.io/${HELM_REPOSITORY}/charts | |
| done | |
| - name: Install YQ | |
| if: ${{ env.PUBLISH == 'true' }} | |
| run: | | |
| curl -sLo ./yq https://github.com/mikefarah/yq/releases/latest/download/yq_linux_amd64 | |
| chmod +x ./yq | |
| sudo mv ./yq /usr/local/bin/yq | |
| - name: Test YQ Installation | |
| if: ${{ env.PUBLISH == 'true' }} | |
| run: | | |
| yq --version | |
| - name: Update and Publish the Helm Index | |
| if: ${{ env.PUBLISH == 'true' }} | |
| run: | | |
| tmpDir=$(mktemp -d) | |
| pushd $tmpDir >& /dev/null | |
| git clone ${REPO_URL} | |
| cd ${REPOSITORY} | |
| git config user.name "${OWNER}" | |
| git config user.email "${OWNER}@users.noreply.github.com" | |
| git remote set-url origin ${REPO_URL} | |
| git checkout ${PUBLISH_BRANCH} | |
| helm repo index ${CHARTS_TMP_DIR} --url ${CHARTS_URL} --merge "${INDEX_DIR}/index.yaml" | |
| mv -f ${CHARTS_TMP_DIR}/index.yaml ${INDEX_DIR}/index.yaml | |
| # Rewrite the urls into the correct OCI format for the index | |
| yq -i '.entries.liferay[].urls[] |= sub("-(\d+\.\d+\.\d+)\.tgz", ":$1")' ${INDEX_DIR}/index.yaml | |
| # Copy the markdown files to the gh-pages branch | |
| find ${SOURCE_DIR} -name "*.md" -exec cp -f '{}' . \; | |
| # Add all changed files to the index | |
| git add --all | |
| # Diff for observability | |
| git diff --cached | |
| git commit -m "Publish $charts" | |
| git push origin ${PUBLISH_BRANCH} | |
| popd >& /dev/null | |
| rm -rf $tmpDir | |
| env: | |
| CHARTS_URL: "oci://ghcr.io/${{ github.actor }}/${{ github.event.repository.name }}/charts" | |
| INDEX_DIR: charts | |
| OWNER: ${{ github.actor }} | |
| PUBLISH_BRANCH: gh-pages | |
| REPO_URL: "https://x-access-token:${{ secrets.GITHUB_TOKEN }}@github.com/${{ github.repository }}" | |
| REPOSITORY: ${{ github.event.repository.name }} |