From 310f282ceadff9eb2cf31c0355da470b9a15b58f Mon Sep 17 00:00:00 2001
From: Martin Weise <martin.weise@tuwien.ac.at>
Date: Fri, 17 May 2024 22:29:17 +0200
Subject: [PATCH] Attempt to sign chart, let's see what happens

---
 .gitlab-ci.yml          | 19 +++++++++++--------
 helm/dbrepo/.gitignore  |  3 ++-
 helm/dbrepo/.helmignore |  2 ++
 helm/dbrepo/Chart.yaml  |  2 +-
 helm/dbrepo/Makefile    |  3 ++-
 5 files changed, 18 insertions(+), 11 deletions(-)

diff --git a/.gitlab-ci.yml b/.gitlab-ci.yml
index 7078fbf13c..f2e59741ef 100644
--- a/.gitlab-ci.yml
+++ b/.gitlab-ci.yml
@@ -564,9 +564,9 @@ release-images:
   before_script:
     - "echo ${CI_REGISTRY_PASSWORD} | docker login --username ${CI_REGISTRY_USER} --password-stdin $CI_REGISTRY_URL"
     - "echo ${CI_REGISTRY2_PASSWORD} | docker login --username ${CI_REGISTRY2_USER} --password-stdin $CI_REGISTRY2_URL"
-  script:
     - "ifconfig eth0 mtu 1450 up"
     - "apk add make bash"
+  script:
     - "make release"
 
 release-images-unstable:
@@ -581,11 +581,11 @@ release-images-unstable:
       - master
       - dev
   before_script:
-    - echo "$CI_REGISTRY_PASSWORD" | docker login --username "$CI_REGISTRY_USER" --password-stdin $CI_REGISTRY_URL
-    - echo "$CI_REGISTRY2_PASSWORD" | docker login --username "$CI_REGISTRY2_USER" --password-stdin $CI_REGISTRY2_URL
-  script:
+    - "echo ${CI_REGISTRY_PASSWORD} | docker login --username ${CI_REGISTRY_USER} --password-stdin $CI_REGISTRY_URL"
+    - "echo ${CI_REGISTRY2_PASSWORD} | docker login --username ${CI_REGISTRY2_USER} --password-stdin $CI_REGISTRY2_URL"
     - "ifconfig eth0 mtu 1450 up"
     - "apk add make bash"
+  script:
     - "CI_COMMIT_BRANCH=release-unstable make release-images"
 
 release-chart:
@@ -595,11 +595,14 @@ release-chart:
     refs:
       - /^release-.*/
   before_script:
-    - echo "$CI_REGISTRY2_PASSWORD" | docker login --username "$CI_REGISTRY2_USER" --password-stdin $CI_REGISTRY2_URL
+    - "echo ${CI_REGISTRY2_PASSWORD} | docker login --username ${CI_REGISTRY2_USER} --password-stdin $CI_REGISTRY2_URL"
+    - "echo ${CI_GPG_KEYRING} | base64 -d > ~/keyring.gpg"
+    - "apk add sed helm curl"
+    - "helm plugin install https://github.com/sigstore/helm-sigstore"
   script:
-    - apk add sed helm curl
-    - helm package ./helm/dbrepo --destination ./build
-    - helm push "./build/dbrepo-${CHART_VERSION}.tgz" "oci://${CI_REGISTRY2_URL}/helm"
+    - "helm package --sign --key 'Martin Weise' ./helm/dbrepo --keyring ~/keyring.gpg --destination ./build"
+    - "helm push ./build/dbrepo-${CHART_VERSION}.tgz oci://${CI_REGISTRY2_URL}/helm"
+    - "helm sigstore upload ./build/dbrepo-${CHART_VERSION}.tgz"
 
 release-docs:
   stage: release
diff --git a/helm/dbrepo/.gitignore b/helm/dbrepo/.gitignore
index e7b18ebe6d..613d851d27 100644
--- a/helm/dbrepo/.gitignore
+++ b/helm/dbrepo/.gitignore
@@ -2,4 +2,5 @@
 *.crt
 *.key
 *.srl
-*.csr
\ No newline at end of file
+*.csr
+build/*
\ No newline at end of file
diff --git a/helm/dbrepo/.helmignore b/helm/dbrepo/.helmignore
index a831b54621..62d87df84f 100644
--- a/helm/dbrepo/.helmignore
+++ b/helm/dbrepo/.helmignore
@@ -12,6 +12,8 @@ hack/
 .hg/
 .hgignore
 .svn/
+# Generated
+build/
 # Common backup files
 *.swp
 *.bak
diff --git a/helm/dbrepo/Chart.yaml b/helm/dbrepo/Chart.yaml
index 587a7b3b09..d61aa8701a 100644
--- a/helm/dbrepo/Chart.yaml
+++ b/helm/dbrepo/Chart.yaml
@@ -12,7 +12,7 @@ maintainers:
   - name: Martin Weise
     email: martin.weise@tuwien.ac.at
 home: https://www.ifs.tuwien.ac.at/infrastructures/dbrepo/
-icon: https://gitlab.phaidra.org/fair-data-austria-db-repository/fda-services/-/raw/master/.docs/images/signet_white.png
+icon: https://gitlab.phaidra.org/fair-data-austria-db-repository/fda-services/-/raw/master/dbrepo-ui/public/favicon.png
 dependencies:
   - name: opensearch
     alias: searchdb
diff --git a/helm/dbrepo/Makefile b/helm/dbrepo/Makefile
index 07c03a2806..c1e8e02d8f 100644
--- a/helm/dbrepo/Makefile
+++ b/helm/dbrepo/Makefile
@@ -3,5 +3,6 @@ all:
 
 .PHONY: build
 build: ## Generate Helm values schema JSON
+	helm package --sign --key 'Martin Weise' . --keyring ~/.gnupg/mweise.gpg --destination ./build
 	helm schema -input ./values.yaml
-	readme-generator-for-helm --readme README.md --values values.yaml
\ No newline at end of file
+	readme-generator-for-helm --readme README.md --values values.yaml
-- 
GitLab