chore: add authentication documentation (#1149) #1444
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| name: publish-chart | |
| on: | |
| workflow_dispatch: | |
| inputs: | |
| bucketeer_version: | |
| description: "Bucketeer version" | |
| required: false | |
| skip_release_note: | |
| description: "Skip release note" | |
| type: boolean | |
| default: true | |
| push: | |
| branches: | |
| - main | |
| tags: | |
| - "v*" | |
| paths-ignore: | |
| - "README.md" | |
| - "ui/web-v2/README.md" | |
| - "CLA.md" | |
| - "CONTRIBUTING.md" | |
| - "DEPLOYMENT.md" | |
| - ".github/**" | |
| env: | |
| REGISTRY: ghcr.io | |
| GAR_REGISTRY: asia-docker.pkg.dev | |
| HELM_VERSION: 3.8.2 | |
| jobs: | |
| artifacts: | |
| runs-on: ubuntu-latest | |
| permissions: | |
| contents: read | |
| packages: write | |
| checks: read | |
| id-token: write | |
| steps: | |
| - name: Checkout | |
| uses: actions/checkout@v4 | |
| with: | |
| fetch-depth: 0 | |
| - name: Determine version | |
| run: | | |
| if [ ! -z ${{ github.event.inputs.bucketeer_version }} ]; then | |
| echo "BUCKETEER_VERSION=${{ github.event.inputs.bucketeer_version }}" >> $GITHUB_ENV | |
| else | |
| echo "BUCKETEER_VERSION=$(git describe --tags --always --abbrev=7)" >> $GITHUB_ENV | |
| fi | |
| - uses: dorny/paths-filter@de90cc6fb38fc0963ad72b210f1f284cd68cea36 # v3.0.2 | |
| id: changes | |
| with: | |
| filters: | | |
| migration: | |
| - 'migration/**' | |
| - name: Install helm | |
| uses: Azure/setup-helm@fe7b79cd5ee1e45176fcad797de68ecaf3ca4814 # v4.2.0 | |
| with: | |
| version: ${{ env.HELM_VERSION }} | |
| - name: Build helm chart | |
| run: make build-chart VERSION=${{ env.BUCKETEER_VERSION }} | |
| - name: Build migration helm chart | |
| if: ${{ steps.changes.outputs.migration == 'true' }} | |
| run: make build-migration-chart VERSION=${{ env.BUCKETEER_VERSION }} | |
| - name: Login to GHCR OCI using Helm | |
| run: echo "${{ secrets.GITHUB_TOKEN }}" | helm registry login ${{ env.REGISTRY }} --username ${{ github.repository_owner }} --password-stdin | |
| - name: Publish helm chart to GHCR | |
| run: helm push .artifacts/bucketeer-${{ env.BUCKETEER_VERSION }}.tgz oci://${{ env.REGISTRY }}/bucketeer-io/chart | |
| - name: Publish migration helm chart to GHCR | |
| if: ${{ steps.changes.outputs.migration == 'true' }} | |
| run: helm push .artifacts/bucketeer-migration-${{ env.BUCKETEER_VERSION }}.tgz oci://${{ env.REGISTRY }}/bucketeer-io/chart | |
| - name: Authenticate to Google Cloud | |
| id: auth | |
| uses: google-github-actions/auth@71fee32a0bb7e97b4d33d548e7d957010649d8fa # v2.1.3 | |
| with: | |
| token_format: "access_token" | |
| workload_identity_provider: ${{ secrets.GAR_WORKLOAD_IDENTITY_PROVIDER }} | |
| service_account: ${{ secrets.GAR_SA_MAIL_ADDRESS }} | |
| - name: Login to GAR OCI using Helm | |
| run: echo "${{ steps.auth.outputs.access_token }}" | helm registry login ${{ env.GAR_REGISTRY }} --username oauth2accesstoken --password-stdin | |
| - name: Publish helm chart to GAR | |
| run: helm push .artifacts/bucketeer-${{ env.BUCKETEER_VERSION }}.tgz oci://${{ env.GAR_REGISTRY }}/bucketeer-io/bucketeer/chart | |
| - name: Publish migration helm chart to GAR | |
| if: ${{ steps.changes.outputs.migration == 'true' }} | |
| run: helm push .artifacts/bucketeer-migration-${{ env.BUCKETEER_VERSION }}.tgz oci://${{ env.GAR_REGISTRY }}/bucketeer-io/bucketeer/chart |