3 Commits

Author SHA1 Message Date
1600658386 .gitea/workflows/release-version.yml aktualisiert 2025-08-15 20:01:39 +00:00
aa99df60b7 chore(readme): fix typo
All checks were successful
changelog / changelog (push) Successful in 12s
check-and-test / check-and-test (push) Successful in 34s
2025-08-14 21:41:39 +00:00
9a7e82ee3b chore(readme): expand the readme to have an intro into the chart (#30)
Currently people are dropped directly into the Repo with no guidance.
I want to add this to ease people in, so they may use the chart more easily.

Co-authored-by: Daan Selen <dselen@systemec.nl>
Reviewed-on: https://gitea.com/gitea/helm-actions/pulls/30
Reviewed-by: ChristopherHX <christopherhx@noreply.gitea.com>
Co-authored-by: Daan Selen <dselen@nerthus.nl>
Co-committed-by: Daan Selen <dselen@nerthus.nl>
2025-08-14 21:40:35 +00:00
2 changed files with 66 additions and 62 deletions

View File

@ -1,70 +1,68 @@
name: generate-chart name: check-secrets
on: on:
push: push:
tags:
- "*"
env:
# renovate: datasource=docker depName=alpine/helm
HELM_VERSION: "3.17.1"
jobs: jobs:
generate-chart-publish: check-secrets:
runs-on: ubuntu-latest runs-on: ubuntu-latest
steps: steps:
- uses: actions/checkout@v4 - uses: actions/checkout@v4
- name: install tools
- name: Check all required secrets
run: | run: |
apt update -y echo "=== Checking availability of required secrets ==="
apt install -y curl ca-certificates curl gnupg
# helm
curl -O https://get.helm.sh/helm-v${{ env.HELM_VERSION }}-linux-amd64.tar.gz
tar -xzf helm-v${{ env.HELM_VERSION }}-linux-amd64.tar.gz
mv linux-amd64/helm /usr/local/bin/
rm -rf linux-amd64 helm-v${{ env.HELM_VERSION }}-linux-amd64.tar.gz
helm version
# docker
install -m 0755 -d /etc/apt/keyrings
curl -fsSL https://download.docker.com/linux/ubuntu/gpg | gpg --dearmor -o /etc/apt/keyrings/docker.gpg
chmod a+r /etc/apt/keyrings/docker.gpg
echo "deb [arch="$(dpkg --print-architecture)" signed-by=/etc/apt/keyrings/docker.gpg] https://download.docker.com/linux/ubuntu "$(. /etc/os-release && echo "$VERSION_CODENAME")" stable" | tee /etc/apt/sources.list.d/docker.list > /dev/null
apt update -y
apt install -y python3 python3-pip apt-transport-https docker-ce-cli
pip install awscli --break-system-packages
- name: Import GPG key # List of all secrets used in the original workflow
id: import_gpg SECRETS=(
uses: https://github.com/crazy-max/ghaction-import-gpg@v6 "GPGSIGN_KEY"
with: "GPGSIGN_PASSPHRASE"
gpg_private_key: ${{ secrets.GPGSIGN_KEY }} "DOCKER_CHARTS_PASSWORD"
passphrase: ${{ secrets.GPGSIGN_PASSPHRASE }} "DOCKER_CHARTS_USERNAME"
fingerprint: CC64B1DB67ABBEECAB24B6455FC346329753F4B0 "AWS_KEY_ID"
"AWS_SECRET_ACCESS_KEY"
"AWS_REGION"
"AWS_S3_BUCKET"
)
# Using helm gpg plugin as 'helm package --sign' has issues with gpg2: https://github.com/helm/helm/issues/2843 MISSING_SECRETS=()
- name: package chart AVAILABLE_SECRETS=()
run: |
echo ${{ secrets.DOCKER_CHARTS_PASSWORD }} | docker login -u ${{ secrets.DOCKER_CHARTS_USERNAME }} --password-stdin
# FIXME: use upstream after https://github.com/technosophos/helm-gpg/issues/1 is solved
helm plugin install https://github.com/pat-s/helm-gpg
helm dependency build
helm package --version "${GITHUB_REF#refs/tags/v}" ./
mkdir actions
mv actions*.tgz actions/
curl -s -L -o actions/index.yaml https://dl.gitea.com/charts/index.yaml
helm repo index actions/ --url https://dl.gitea.com/charts --merge actions/index.yaml
# push to dockerhub
echo ${{ secrets.DOCKER_CHARTS_PASSWORD }} | helm registry login -u ${{ secrets.DOCKER_CHARTS_USERNAME }} registry-1.docker.io --password-stdin
helm push actions/actions-${GITHUB_REF#refs/tags/v}.tgz oci://registry-1.docker.io/giteacharts
helm registry logout registry-1.docker.io
- name: aws credential configure for secret in "${SECRETS[@]}"; do
uses: https://github.com/aws-actions/configure-aws-credentials@v4 # Check if secret is set (not empty)
with: if [ -z "${!secret:-}" ]; then
aws-access-key-id: ${{ secrets.AWS_KEY_ID }} echo "❌ Secret '$secret' is NOT available or empty"
aws-secret-access-key: ${{ secrets.AWS_SECRET_ACCESS_KEY }} MISSING_SECRETS+=("$secret")
aws-region: ${{ secrets.AWS_REGION }} else
echo "✅ Secret '$secret' is available"
AVAILABLE_SECRETS+=("$secret")
fi
done
- name: Copy files to S3 and clear cache echo ""
run: | echo "=== Summary ==="
aws s3 sync actions/ s3://${{ secrets.AWS_S3_BUCKET}}/charts/ echo "Available secrets: ${#AVAILABLE_SECRETS[@]}"
echo "Missing secrets: ${#MISSING_SECRETS[@]}"
if [ ${#MISSING_SECRETS[@]} -gt 0 ]; then
echo ""
echo "Missing secrets:"
for secret in "${MISSING_SECRETS[@]}"; do
echo " - $secret"
done
echo ""
echo "❌ Some secrets are missing. Please configure them in repository settings."
exit 1
else
echo ""
echo "✅ All required secrets are available!"
fi
env:
GPGSIGN_KEY: ${{ secrets.GPGSIGN_KEY }}
GPGSIGN_PASSPHRASE: ${{ secrets.GPGSIGN_PASSPHRASE }}
DOCKER_CHARTS_PASSWORD: ${{ secrets.DOCKER_CHARTS_PASSWORD }}
DOCKER_CHARTS_USERNAME: ${{ secrets.DOCKER_CHARTS_USERNAME }}
AWS_KEY_ID: ${{ secrets.AWS_KEY_ID }}
AWS_SECRET_ACCESS_KEY: ${{ secrets.AWS_SECRET_ACCESS_KEY }}
AWS_REGION: ${{ secrets.AWS_REGION }}
AWS_S3_BUCKET: ${{ secrets.AWS_S3_BUCKET }}

View File

@ -1,4 +1,10 @@
# helm-act # Gitea Actions Helm Chart
This helm chart serves as the way to deploy the Gitea [act-runners](https://gitea.com/gitea/act_runner) alongside a running Gitea instance.
It serves as a standalone chart and does not rely on Gitea to be present in the same environment, however it needs to be able to reach a Gitea instance to function.
The parameters which can be used to customize the deployment are described below, check those out if you want to see if something is supported.
If you want to propose a new feature or mechanism, submit an [issue here](https://gitea.com/gitea/helm-actions/issues).
## Rootless Defaults ## Rootless Defaults