Attempt to sign chart, let's see what happens

310f282c · Martin Weise · b229b8b4 · 310f282c · 310f282c · 310f282c
Verified Commit 310f282c authored 1 year ago by Martin Weise
--- a/.gitlab-ci.yml
+++ b/.gitlab-ci.yml
@@ -564,9 +564,9 @@ release-images:
  before_script:
    - "echo ${CI_REGISTRY_PASSWORD} | docker login --username ${CI_REGISTRY_USER} --password-stdin $CI_REGISTRY_URL"
    - "echo ${CI_REGISTRY2_PASSWORD} | docker login --username ${CI_REGISTRY2_USER} --password-stdin $CI_REGISTRY2_URL"
-  script:
    - "ifconfig eth0 mtu 1450 up"
    - "apk add make bash"
+  script:
    - "make release"
 release-images-unstable:
@@ -581,11 +581,11 @@ release-images-unstable:
      - master
      - dev
  before_script:
-    - echo "$CI_REGISTRY_PASSWORD" | docker login --username "$CI_REGISTRY_USER" --password-stdin $CI_REGISTRY_URL
+    - "echo ${CI_REGISTRY_PASSWORD} | docker login --username ${CI_REGISTRY_USER} --password-stdin $CI_REGISTRY_URL"
-    - echo "$CI_REGISTRY2_PASSWORD" | docker login --username "$CI_REGISTRY2_USER" --password-stdin $CI_REGISTRY2_URL
+    - "echo ${CI_REGISTRY2_PASSWORD} | docker login --username ${CI_REGISTRY2_USER} --password-stdin $CI_REGISTRY2_URL"
-  script:
    - "ifconfig eth0 mtu 1450 up"
    - "apk add make bash"
+  script:
    - "CI_COMMIT_BRANCH=release-unstable make release-images"
 release-chart:
@@ -595,11 +595,14 @@ release-chart:
    refs:
      - /^release-.*/
  before_script:
-    - echo "$CI_REGISTRY2_PASSWORD" | docker login --username "$CI_REGISTRY2_USER" --password-stdin $CI_REGISTRY2_URL
+    - "echo ${CI_REGISTRY2_PASSWORD} | docker login --username ${CI_REGISTRY2_USER} --password-stdin $CI_REGISTRY2_URL"
+    - "echo ${CI_GPG_KEYRING} | base64 -d > ~/keyring.gpg"
+    - "apk add sed helm curl"
+    - "helm plugin install https://github.com/sigstore/helm-sigstore"
  script:
-    - apk add sed helm curl
+    - "helm package --sign --key 'Martin Weise' ./helm/dbrepo --keyring ~/keyring.gpg --destination ./build"
-    - helm package ./helm/dbrepo --destination ./build
+    - "helm push ./build/dbrepo-${CHART_VERSION}.tgz oci://${CI_REGISTRY2_URL}/helm"
-    - helm push "./build/dbrepo-${CHART_VERSION}.tgz" "oci://${CI_REGISTRY2_URL}/helm"
+    - "helm sigstore upload ./build/dbrepo-${CHART_VERSION}.tgz"
 release-docs:
  stage: release

--- a/helm/dbrepo/.gitignore
+++ b/helm/dbrepo/.gitignore
@@ -3,3 +3,4 @@
 *.key
 *.srl
 *.csr
+build/*
\ No newline at end of file
--- a/helm/dbrepo/.helmignore
+++ b/helm/dbrepo/.helmignore
@@ -12,6 +12,8 @@ hack/
 .hg/
 .hgignore
 .svn/
+# Generated
+build/
 # Common backup files
 *.swp
 *.bak

--- a/helm/dbrepo/Chart.yaml
+++ b/helm/dbrepo/Chart.yaml
@@ -12,7 +12,7 @@ maintainers:
  - name: Martin Weise
    email: martin.weise@tuwien.ac.at
 home: https://www.ifs.tuwien.ac.at/infrastructures/dbrepo/
-icon: https://gitlab.phaidra.org/fair-data-austria-db-repository/fda-services/-/raw/master/.docs/images/signet_white.png
+icon: https://gitlab.phaidra.org/fair-data-austria-db-repository/fda-services/-/raw/master/dbrepo-ui/public/favicon.png
 dependencies:
  - name: opensearch
    alias: searchdb

--- a/helm/dbrepo/Makefile
+++ b/helm/dbrepo/Makefile
@@ -3,5 +3,6 @@ all:
 .PHONY: build
 build: ## Generate Helm values schema JSON
+	helm package --sign --key 'Martin Weise' . --keyring ~/.gnupg/mweise.gpg --destination ./build
 	helm schema -input ./values.yaml
 	readme-generator-for-helm --readme README.md --values values.yaml