3 Commits

Author SHA1 Message Date
1600658386 .gitea/workflows/release-version.yml aktualisiert 2025-08-15 20:01:39 +00:00
aa99df60b7 chore(readme): fix typo
All checks were successful
changelog / changelog (push) Successful in 12s
check-and-test / check-and-test (push) Successful in 34s
2025-08-14 21:41:39 +00:00
9a7e82ee3b chore(readme): expand the readme to have an intro into the chart (#30)
Currently people are dropped directly into the Repo with no guidance.
I want to add this to ease people in, so they may use the chart more easily.

Co-authored-by: Daan Selen <dselen@systemec.nl>
Reviewed-on: https://gitea.com/gitea/helm-actions/pulls/30
Reviewed-by: ChristopherHX <christopherhx@noreply.gitea.com>
Co-authored-by: Daan Selen <dselen@nerthus.nl>
Co-committed-by: Daan Selen <dselen@nerthus.nl>
2025-08-14 21:40:35 +00:00
2 changed files with 66 additions and 62 deletions

View File

@ -1,70 +1,68 @@
name: generate-chart name: check-secrets
on: on:
push: push:
tags:
- "*"
env:
# renovate: datasource=docker depName=alpine/helm
HELM_VERSION: "3.17.1"
jobs: jobs:
generate-chart-publish: check-secrets:
runs-on: ubuntu-latest runs-on: ubuntu-latest
steps: steps:
- uses: actions/checkout@v4 - uses: actions/checkout@v4
- name: install tools
- name: Check all required secrets
run: | run: |
apt update -y echo "=== Checking availability of required secrets ==="
apt install -y curl ca-certificates curl gnupg
# helm # List of all secrets used in the original workflow
curl -O https://get.helm.sh/helm-v${{ env.HELM_VERSION }}-linux-amd64.tar.gz SECRETS=(
tar -xzf helm-v${{ env.HELM_VERSION }}-linux-amd64.tar.gz "GPGSIGN_KEY"
mv linux-amd64/helm /usr/local/bin/ "GPGSIGN_PASSPHRASE"
rm -rf linux-amd64 helm-v${{ env.HELM_VERSION }}-linux-amd64.tar.gz "DOCKER_CHARTS_PASSWORD"
helm version "DOCKER_CHARTS_USERNAME"
# docker "AWS_KEY_ID"
install -m 0755 -d /etc/apt/keyrings "AWS_SECRET_ACCESS_KEY"
curl -fsSL https://download.docker.com/linux/ubuntu/gpg | gpg --dearmor -o /etc/apt/keyrings/docker.gpg "AWS_REGION"
chmod a+r /etc/apt/keyrings/docker.gpg "AWS_S3_BUCKET"
echo "deb [arch="$(dpkg --print-architecture)" signed-by=/etc/apt/keyrings/docker.gpg] https://download.docker.com/linux/ubuntu "$(. /etc/os-release && echo "$VERSION_CODENAME")" stable" | tee /etc/apt/sources.list.d/docker.list > /dev/null )
apt update -y
apt install -y python3 python3-pip apt-transport-https docker-ce-cli MISSING_SECRETS=()
pip install awscli --break-system-packages AVAILABLE_SECRETS=()
- name: Import GPG key for secret in "${SECRETS[@]}"; do
id: import_gpg # Check if secret is set (not empty)
uses: https://github.com/crazy-max/ghaction-import-gpg@v6 if [ -z "${!secret:-}" ]; then
with: echo "❌ Secret '$secret' is NOT available or empty"
gpg_private_key: ${{ secrets.GPGSIGN_KEY }} MISSING_SECRETS+=("$secret")
passphrase: ${{ secrets.GPGSIGN_PASSPHRASE }} else
fingerprint: CC64B1DB67ABBEECAB24B6455FC346329753F4B0 echo "✅ Secret '$secret' is available"
AVAILABLE_SECRETS+=("$secret")
# Using helm gpg plugin as 'helm package --sign' has issues with gpg2: https://github.com/helm/helm/issues/2843 fi
- name: package chart done
run: |
echo ${{ secrets.DOCKER_CHARTS_PASSWORD }} | docker login -u ${{ secrets.DOCKER_CHARTS_USERNAME }} --password-stdin echo ""
# FIXME: use upstream after https://github.com/technosophos/helm-gpg/issues/1 is solved echo "=== Summary ==="
helm plugin install https://github.com/pat-s/helm-gpg echo "Available secrets: ${#AVAILABLE_SECRETS[@]}"
helm dependency build echo "Missing secrets: ${#MISSING_SECRETS[@]}"
helm package --version "${GITHUB_REF#refs/tags/v}" ./
mkdir actions if [ ${#MISSING_SECRETS[@]} -gt 0 ]; then
mv actions*.tgz actions/ echo ""
curl -s -L -o actions/index.yaml https://dl.gitea.com/charts/index.yaml echo "Missing secrets:"
helm repo index actions/ --url https://dl.gitea.com/charts --merge actions/index.yaml for secret in "${MISSING_SECRETS[@]}"; do
# push to dockerhub echo " - $secret"
echo ${{ secrets.DOCKER_CHARTS_PASSWORD }} | helm registry login -u ${{ secrets.DOCKER_CHARTS_USERNAME }} registry-1.docker.io --password-stdin done
helm push actions/actions-${GITHUB_REF#refs/tags/v}.tgz oci://registry-1.docker.io/giteacharts echo ""
helm registry logout registry-1.docker.io echo "❌ Some secrets are missing. Please configure them in repository settings."
exit 1
- name: aws credential configure else
uses: https://github.com/aws-actions/configure-aws-credentials@v4 echo ""
with: echo "✅ All required secrets are available!"
aws-access-key-id: ${{ secrets.AWS_KEY_ID }} fi
aws-secret-access-key: ${{ secrets.AWS_SECRET_ACCESS_KEY }} env:
aws-region: ${{ secrets.AWS_REGION }} GPGSIGN_KEY: ${{ secrets.GPGSIGN_KEY }}
GPGSIGN_PASSPHRASE: ${{ secrets.GPGSIGN_PASSPHRASE }}
- name: Copy files to S3 and clear cache DOCKER_CHARTS_PASSWORD: ${{ secrets.DOCKER_CHARTS_PASSWORD }}
run: | DOCKER_CHARTS_USERNAME: ${{ secrets.DOCKER_CHARTS_USERNAME }}
aws s3 sync actions/ s3://${{ secrets.AWS_S3_BUCKET}}/charts/ AWS_KEY_ID: ${{ secrets.AWS_KEY_ID }}
AWS_SECRET_ACCESS_KEY: ${{ secrets.AWS_SECRET_ACCESS_KEY }}
AWS_REGION: ${{ secrets.AWS_REGION }}
AWS_S3_BUCKET: ${{ secrets.AWS_S3_BUCKET }}

View File

@ -1,4 +1,10 @@
# helm-act # Gitea Actions Helm Chart
This helm chart serves as the way to deploy the Gitea [act-runners](https://gitea.com/gitea/act_runner) alongside a running Gitea instance.
It serves as a standalone chart and does not rely on Gitea to be present in the same environment, however it needs to be able to reach a Gitea instance to function.
The parameters which can be used to customize the deployment are described below, check those out if you want to see if something is supported.
If you want to propose a new feature or mechanism, submit an [issue here](https://gitea.com/gitea/helm-actions/issues).
## Rootless Defaults ## Rootless Defaults