feat(ci): implement ci for for workflow

Author: Frederic Spiers

.github/workflows/pull-request.yaml

@@ -144,3 +144,64 @@ jobs:
           else
             echo "No changed CHANGELOGS, skip push"
           fi
+
+  publish-chart:
+    name: Publish Helm Chart
+    needs: [lint-test]
+    runs-on: ubuntu-latest
+    steps:
+      - uses: azure/setup-helm@v4.3.1
+
+      - name: Checkout pull request branch
+        uses: actions/checkout@v5.0.0
+        with:
+          ref: ${{ github.head_ref }}
+          repository: ${{github.event.pull_request.head.repo.full_name}}
+          fetch-depth: 0
+
+      - name: Set up chart-testing-action
+        uses: helm/chart-testing-action@v2.7.0
+
+      - name: Get changed charts
+        id: list-changed
+        run: |
+          changed=$(ct list-changed --target-branch ${{ github.event.repository.default_branch }})
+          if [[ -n "$changed" ]]; then
+            echo "Changed charts:"
+            echo "$changed"
+            echo "changed=$changed" >> $GITHUB_OUTPUT
+          else
+            echo "No chart changes detected"
+          fi
+
+      - name: Publish Helm chart to ttl
+        id: upload
+        if: ${{ steps.list-changed.outputs.changed }}
+        run: |
+          CHANGED_CHARTS="${{ steps.list-changed.outputs.changed }}"
+
+          RELEASED_CHARTS=""
+          for chart_directory in ${CHANGED_CHARTS//,/ }; do
+            CHART_NAME=${chart_directory#charts/}
+
+            cd $chart_directory
+
+            CHART_VERSION='0.1.0-${{ github.run_number }}'
+            APP_VERSION='unstable-${GITHUB_SHA::7}'
+
+            helm dep update .
+            helm lint --strict .
+            helm package . --app-version=${APP_VERSION} --version=${CHART_VERSION}
+
+            # Push to GHCR
+            echo "Pushing Helm chart $CHART_NAME-$CHART_VERSION.tgz to oci://ttl.sh/${{ github.event.repository.name }}/helm"
+            if helm push ./$CHART_NAME-$CHART_VERSION.tgz oci://ttl.sh/${{ github.event.repository.name }}/helm; then
+              echo "Successfully released $CHART_NAME-$CHART_VERSION to ttl.sh"
+            else
+              echo "Failed to push $CHART_NAME-$CHART_VERSION to ttl.sh"
+              exit 1
+            fi
+
+            cd ${{ github.workspace }}
+          done
+          echo "released_charts=$RELEASED_CHARTS" >> "$GITHUB_OUTPUT"

.github/workflows/release.yaml

@@ -5,15 +5,22 @@ on:
     branches:
       - main
 
+permissions:
+  contents: write
+  packages: write
+  attestations: write
+  id-token: write
+
+concurrency:
+  group: ${{ github.workflow }}-${{ github.head_ref || github.run_id }}
+  cancel-in-progress: true
+
 jobs:
-  release:
-    permissions:
-      contents: write
-      packages: write
+  publish-chart:
     runs-on: ubuntu-latest
     steps:
       - name: Checkout
-        uses: actions/checkout@v5.0.0
+        uses: actions/checkout@v5
         with:
           fetch-depth: 0
 
@@ -22,19 +29,13 @@ jobs:
           git config user.name "$GITHUB_ACTOR"
           git config user.email "$GITHUB_ACTOR@users.noreply.github.com"
 
-      - name: Login to Registry
-        uses: docker/login-action@v3
-        with:
-          registry: ${{ vars.REGISTRY }}
-          username: ${{ secrets.REGISTRY_USER }}
-          password: ${{ secrets.REGISTRY_PASSWORD }}
-
-      - name: Login to GHCR
-        uses: docker/login-action@v3
-        with:
-          registry: ghcr.io
-          username: ${{ github.actor }}
-          password: ${{ secrets.GITHUB_TOKEN }}
+      - name: Login to GHCR Helm registry
+        shell: bash
+        run: |
+          echo "${{ secrets.GITHUB_TOKEN }}" | helm registry login \
+            ghcr.io \
+            --username ${{ github.actor }} \
+            --password-stdin
 
       - name: Run chart-releaser
         id: chart-releaser
@@ -44,69 +45,28 @@ jobs:
         env:
           CR_TOKEN: "${{ secrets.GITHUB_TOKEN }}"
 
-      - name: Install cosign
-        uses: sigstore/cosign-installer@v3.9.2
-        if: ${{ steps.chart-releaser.outputs.changed_charts }}
-
-      - id: github-repo-owner-name
-        uses: ASzc/change-string-case-action@v6
-        with:
-          string: ${{ github.repository_owner }}
-
-      - name: Upload charts to OCI registries
+      - name: Upload charts to OCI GHCR
         id: upload
         if: ${{ steps.chart-releaser.outputs.changed_charts }}
-        env:
-          COSIGN_KEY: ${{ secrets.COSIGN_KEY }}
-          COSIGN_PASSWORD: ${{ secrets.COSIGN_PASSWORD }}
-          REGISTRY_USER: ${{ secrets.REGISTRY_USER }}
         run: |
           CHANGED_CHARTS="${{ steps.chart-releaser.outputs.changed_charts }}"
-
-          # Login to primary registry
-          helm registry login --username $REGISTRY_USER --password ${{ secrets.REGISTRY_PASSWORD }} https://${{ vars.REGISTRY }}
-
-          # Login to GHCR
-          helm registry login --username ${{ github.actor }} --password ${{ secrets.GITHUB_TOKEN }} https://ghcr.io
+          REPO_LOWER=$(echo "${{ github.repository }}" | tr '[:upper:]' '[:lower:]')
 
           RELEASED_CHARTS=""
           for chart_directory in ${CHANGED_CHARTS//,/ }; do
             CHART_NAME=${chart_directory#charts/}
 
             cd $chart_directory
 
-            # Extract version and appVersion from Chart.yaml
             CHART_VERSION=$(yq eval '.version' "Chart.yaml")
             APP_VERSION=$(yq eval '.appVersion' "Chart.yaml")
 
-            # Push to primary registry (Docker Hub)
-            echo "Pushing Helm chart $CHART_NAME-$CHART_VERSION.tgz to oci://${{ vars.REGISTRY }}/${{ vars.REPOSITORY }}"
-            if helm push ${{ github.workspace }}/.cr-release-packages/${CHART_NAME}-${CHART_VERSION}.tgz oci://${{ vars.REGISTRY }}/${{ vars.REPOSITORY }} 2>&1 | tee ${CHART_NAME}-output.log; then
-
-              # Extract digest and sign chart
-              DIGEST=$(cat ${CHART_NAME}-output.log | awk -F '[, ]+' '/Digest/{print $NF}')
-              cosign sign -y --key env://COSIGN_KEY ${{ vars.REGISTRY }}/${{ vars.REPOSITORY }}/${CHART_NAME}:${CHART_VERSION}@$DIGEST
-
-              RELEASED_CHARTS="$RELEASED_CHARTS ${CHART_NAME}"
-              echo "Successfully released $CHART_NAME-$CHART_VERSION to primary registry"
-            else
-              echo "Failed to push $CHART_NAME-$CHART_VERSION to primary registry"
-              cat ${CHART_NAME}-output.log
-              exit 1
-            fi
-
             # Push to GHCR
-            echo "Pushing Helm chart $CHART_NAME-$CHART_VERSION.tgz to oci://ghcr.io/${{ steps.github-repo-owner-name.outputs.lowercase }}/helm-charts"
-            if helm push ${{ github.workspace }}/.cr-release-packages/${CHART_NAME}-${CHART_VERSION}.tgz oci://ghcr.io/${{ steps.github-repo-owner-name.outputs.lowercase }}/helm-charts 2>&1 | tee ${CHART_NAME}-ghcr-output.log; then
-
-              # Extract digest and sign GHCR chart
-              GHCR_DIGEST=$(cat ${CHART_NAME}-ghcr-output.log | awk -F '[, ]+' '/Digest/{print $NF}')
-              cosign sign -y --key env://COSIGN_KEY ghcr.io/${{ steps.github-repo-owner-name.outputs.lowercase }}/helm-charts/${CHART_NAME}:${CHART_VERSION}@$GHCR_DIGEST
-
+            echo "Pushing Helm chart $CHART_NAME-$CHART_VERSION.tgz to oci://ghcr.io/${REPO_LOWER}"
+            if helm push ${{ github.workspace }}/.cr-release-packages/${CHART_NAME}-${CHART_VERSION}.tgz oci://ghcr.io/${REPO_LOWER}; then
               echo "Successfully released $CHART_NAME-$CHART_VERSION to GHCR"
             else
               echo "Failed to push $CHART_NAME-$CHART_VERSION to GHCR"
-              cat ${CHART_NAME}-ghcr-output.log
               exit 1
             fi
 

charts/ghost/CHANGELOG.md

@@ -1,5 +1,27 @@
 # Changelog
 
-## 0.1.0 (2025-09-24)
+## 0.2.1 (2025-10-01)
 
-* [postgres] fix: Change default name for CUSTOM_PASSWORD ([#144](https://github.com/CloudPirates-io/helm-charts/pull/144))
+* [ghost] switch helm-chart icon to a new svg ([#199](https://github.com/CloudPirates-io/helm-charts/pull/199))
+
+## 0.2.0 (2025-10-01)
+
+* make ghost run on openshift (#195) ([93762d4](https://github.com/CloudPirates-io/helm-charts/commit/93762d4)), closes [#195](https://github.com/CloudPirates-io/helm-charts/issues/195)
+* add artifacthub repo ID ([665bf26](https://github.com/CloudPirates-io/helm-charts/commit/665bf26))
+* add ghost ([83ef05d](https://github.com/CloudPirates-io/helm-charts/commit/83ef05d))
+* add ghost logo ([6a4df33](https://github.com/CloudPirates-io/helm-charts/commit/6a4df33))
+* add maintainer information ([7eec72b](https://github.com/CloudPirates-io/helm-charts/commit/7eec72b))
+* fix app version ([688338c](https://github.com/CloudPirates-io/helm-charts/commit/688338c))
+* fix Chart.lock for linting ([40c4159](https://github.com/CloudPirates-io/helm-charts/commit/40c4159))
+* fix configuration and installation ([40a2729](https://github.com/CloudPirates-io/helm-charts/commit/40a2729))
+* fix unittest typo ([cc31439](https://github.com/CloudPirates-io/helm-charts/commit/cc31439))
+* improve configuration settings for more clearity with 'externaldb' ([d539bf8](https://github.com/CloudPirates-io/helm-charts/commit/d539bf8))
+* improve startup, wait for mariadb to be ready ([8baec0a](https://github.com/CloudPirates-io/helm-charts/commit/8baec0a))
+* Update CHANGELOG.md ([dc9fbd8](https://github.com/CloudPirates-io/helm-charts/commit/dc9fbd8))
+* Update CHANGELOG.md ([1bee7fe](https://github.com/CloudPirates-io/helm-charts/commit/1bee7fe))
+* update docs ([333b4e3](https://github.com/CloudPirates-io/helm-charts/commit/333b4e3))
+* update docs ([d503408](https://github.com/CloudPirates-io/helm-charts/commit/d503408))
+* update docs for external database connection ([1fa8f61](https://github.com/CloudPirates-io/helm-charts/commit/1fa8f61))
+* update values schema with missing fields ([3f38991](https://github.com/CloudPirates-io/helm-charts/commit/3f38991))
+* chore: add Newline for the linter ([a667374](https://github.com/CloudPirates-io/helm-charts/commit/a667374))
+* chore: fix linting, remove trailing spaces ([0f2465d](https://github.com/CloudPirates-io/helm-charts/commit/0f2465d))

charts/ghost/Chart.yaml

@@ -2,7 +2,7 @@ apiVersion: v2
 name: ghost
 description: A simple, powerful publishing platform that allows you to share your stories with the world.
 type: application
-version: 0.2.0
+version: 0.2.2
 appVersion: "6.0.9"
 keywords:
   - ghost
@@ -25,4 +25,4 @@ dependencies:
     version: "0.3.x"
     repository: oci://registry-1.docker.io/cloudpirates
     condition: mariadb.enabled
-icon: https://a.storyblok.com/f/143071/512x512/a130ba5305/ghost-logo.svg
+icon: https://a.storyblok.com/f/143071/512x512/3a5c1cb0c5/ghost-logo.png