sign helm chart

christophdb · christophdb · commit fdbd2cbc161c · 2025-01-24T13:56:59.000+01:00
diff --git a/.github/workflows/release.yaml b/.github/workflows/release.yaml
@@ -43,11 +43,32 @@ jobs:
       - name: Add dependency chart repos
         run: helm repo add bitnami https://charts.bitnami.com/bitnami
 
+      - name: Prepare GPG key
+        run: |
+          gpg_dir=.cr-gpg
+          mkdir "$gpg_dir"
+          # referring keyring to private key of gpg
+          keyring="$gpg_dir/secring.gpg"
+          # storing base64 GPG key into keyring
+          base64 -d <<< "$GPG_KEYRING_BASE64" > "$keyring"
+          passphrase_file="$gpg_dir/passphrase"
+          # storing passphrase data into a file
+          echo "$GPG_PASSPHRASE" > "$passphrase_file"
+          # saving passphrase into github-environment
+          echo "CR_PASSPHRASE_FILE=$passphrase_file" >> "$GITHUB_ENV"
+          # saving private key into github-environemnt
+          echo "CR_KEYRING=$keyring" >> "$GITHUB_ENV"
+        env:
+          GPG_KEYRING_BASE64: "${{ secrets.GPG_KEYRING_BASE64 }}" #Referring secrets of github above
+          GPG_PASSPHRASE: "${{ secrets.GPG_PASSPHRASE }}"
+
       - name: Run chart-releaser
         uses: helm/chart-releaser-action@v1.6.0
         env:
           CR_GENERATE_RELEASE_NOTES: true
           CR_TOKEN: "${{ secrets.GITHUB_TOKEN }}"
+          CR_SIGN: true # set to true to sign images
+          CR_KEY: "${{ secrets.CR_KEY }}" # Name used while creating key
         with:
           charts_dir: .
 
diff --git a/seafile/Chart.yaml b/seafile/Chart.yaml
@@ -15,14 +15,19 @@ type: application
 # This is the chart version. This version number should be incremented each time you make changes
 # to the chart and its templates, including the app version.
 # Versions are expected to follow Semantic Versioning (https://semver.org/)
-version: 0.4.2
+version: 0.4.3
 
 # This is the version number of the application being deployed. This version number should be
 # incremented each time you make changes to the application. Versions are not expected to
 # follow Semantic Versioning. They should reflect the version the application is using.
 # It is recommended to use it with quotes.
 appVersion: "11.0.18"
 
+annotations:
+  artifacthub.io/signKey: |
+    fingerprint: EB897F34A4E514AEAD2B94C3A4C0BC9187350077
+    url: https://keys.openpgp.org/vks/v1/by-fingerprint/EB897F34A4E514AEAD2B94C3A4C0BC9187350077
+
 home: https://seafile.com
 sources:
   - https://github.com/haiwen/seafile
